[PlanetCCRMA] Fedora Core 7 SELinux

James Hearon j_hearon@hotmail.com
Fri Jun 15 10:32:01 2007 

Hi,
Tried Fedora Core 7, Kernel for i386, planet apps.  Getting some new error 
re: SELinux and lib text relocation I don't quite understand.
thanks.

Summary
    SELinux is preventing /usr/bin/hydrogen from loading
    /usr/lib/ladspa/sc4m_1916.so which requires text relocation.

Detailed Description
    The /usr/bin/hydrogen application attempted to load
    /usr/lib/ladspa/sc4m_1916.so which requires text relocation.  This is a
    potential security problem. Most libraries do not need this permission.
    Libraries are sometimes coded incorrectly and request this permission.  
The
    http://people.redhat.com/drepper/selinux-mem.html web page explains how 
to
    remove this requirement.  You can configure SELinux temporarily to allow
    /usr/lib/ladspa/sc4m_1916.so to use relocation as a workaround, until 
the
    library is fixed. Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.

Allowing Access
    If you trust /usr/lib/ladspa/sc4m_1916.so to run correctly, you can 
change
    the file context to textrel_shlib_t. "chcon -t textrel_shlib_t
    /usr/lib/ladspa/sc4m_1916.so"

    The following command will allow this access:
    chcon -t textrel_shlib_t /usr/lib/ladspa/sc4m_1916.so

Additional Information

Source Context                user_u:system_r:unconfined_t
Target Context                system_u:object_r:lib_t
Target Objects                /usr/lib/ladspa/sc4m_1916.so [ file ]
Affected RPM Packages         hydrogen-0.9.3-1.fc7.ccrma 
[application]ladspa-
                              swh-plugins-0.4.15-8.fc7 [target]
Policy RPM                    selinux-policy-2.6.4-12.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.allow_execmod
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.21-0182.rt14.1.fc7.ccrmart #1 SMP PREEMPT 
RT
                              Thu Jun 14 17:03:51 EDT 2007 i686 i686
Alert Count                   3
First Seen                    Fri 15 Jun 2007 07:13:16 AM HST
Last Seen                     Fri 15 Jun 2007 07:21:18 AM HST
Local ID                      942a2a23-2121-4d01-8fee-ce0ca65783ff
Line Numbers

Raw Audit Messages

avc: denied { execmod } for comm="hydrogen" dev=dm-0 egid=500 euid=500
exe="/usr/bin/hydrogen" exit=-13 fsgid=500 fsuid=500 gid=500 items=0
name="sc4m_1916.so" path="/usr/lib/ladspa/sc4m_1916.so" pid=3901
scontext=user_u:system_r:unconfined_t:s0 sgid=500
subj=user_u:system_r:unconfined_t:s0 suid=500 tclass=file
tcontext=system_u:object_r:lib_t:s0 tty=(none) uid=500

_________________________________________________________________
Who's that on the Red Carpet? Play & win glamorous prizes. 
http://club.live.com/red_carpet_reveal.aspx?icid=REDCARPET_hotmailtextlink3