Ticket #7503: mythbug_001

File mythbug_001, 3.4 KB (added by anonymous, 14 years ago)
Line 
1Summary:
2
3SELinux is preventing /usr/bin/mythtv-setup from loading
4/usr/lib/libmythswscale-0.22.so.0.22.0 which requires text relocation.
5
6Detailed Description:
7
8The mythtv-setup application attempted to load
9/usr/lib/libmythswscale-0.22.so.0.22.0 which requires text relocation.
10This is
11a
12potential security problem. Most libraries do not need this permission.
13Libraries are sometimes coded incorrectly and request this permission.
14The
15SELinux Memory Protection Tests
16(http://people.redhat.com/drepper/selinux-mem.html) web page explains
17how to
18remove this requirement. You can configure SELinux temporarily to allow
19/usr/lib/libmythswscale-0.22.so.0.22.0 to use relocation as a
20workaround, until
21the library is fixed. Please file a bug report.
22
23Allowing Access:
24
25If you trust /usr/lib/libmythswscale-0.22.so.0.22.0 to run correctly,
26you can
27change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t
28'/usr/lib/libmythswscale-0.22.so.0.22.0'" You must also change the
29default file
30context files on the system in order to preserve them even on a full
31relabel.
32"semanage fcontext -a -t textrel_shlib_t
33'/usr/lib/libmythswscale-0.22.so.0.22.0'"
34
35Fix Command:
36
37chcon -t textrel_shlib_t '/usr/lib/libmythswscale-0.22.so.0.22.0'
38
39Additional Information:
40
41Source Context               
42unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
43                              023
44Target Context                system_u:object_r:lib_t:s0
45Target Objects                /usr/lib/libmythswscale-0.22.so.0.22.0 [
46file ]
47Source                        mythtv-setup
48Source Path                   /usr/bin/mythtv-setup
49Port                          <Unknown>
50Host                          (removed)
51Source RPM Packages           mythtv-setup-0.22-0.5.rc1.fc12
52Target RPM Packages           libmyth-0.22-0.5.rc1.fc12
53Policy RPM                    selinux-policy-3.6.32-37.fc12
54Selinux Enabled               True
55Policy Type                   targeted
56MLS Enabled                   True
57Enforcing Mode                Enforcing
58Plugin Name                   allow_execmod
59Host Name                     (removed)
60Platform                      Linux (removed) 2.6.31.5-96.fc12.i686 #1
61                              SMP Fri Oct 23 19:53:24 EDT 2009 i686 i686
62Alert Count                   1
63First Seen                    Tue 03 Nov 2009 07:28:30 PM EST
64Last Seen                     Tue 03 Nov 2009 07:28:30 PM EST
65Local ID                      ad9b6d19-96c5-49cd-84f9-1869601b45cb
66Line Numbers                 
67
68Raw Audit Messages           
69
70node=(removed) type=AVC msg=audit(1257294510.891:23836): avc:  denied  {
71execmod } for  pid=9537 comm="mythtv-setup"
72path="/usr/lib/libmythswscale-0.22.so.0.22.0" dev=sda4 ino=55891
73scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
74tcontext=system_u:object_r:lib_t:s0 tclass=file
75
76node=(removed) type=SYSCALL msg=audit(1257294510.891:23836):
77arch=40000003
78syscall=125 success=no exit=-13 a0=b30000 a1=38000 a2=5 a3=bfed39c0
79items=0
80ppid=1 pid=9537 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
81egid=500
82sgid=500 fsgid=500 tty=(none) ses=1 comm="mythtv-setup"
83exe="/usr/bin/mythtv-setup"
84subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
85
86
87
88Hash String generated from
89selinux-policy-3.6.32-37.fc12,allow_execmod,mythtv-setup,unconfined_t,lib_t,file,execmod
90audit2allow suggests:
91
92#============= unconfined_t ==============
93allow unconfined_t lib_t:file execmod;