[PlanetCCRMA] SElinux message libffado
Martin Tarenskeen
m.tarenskeen at zonnet.nl
Thu Feb 25 23:29:16 PST 2010
Hi,
I never really understand how SELinux works, so I just trust the default
settings of my distro.
When I start qjackctl I'm getting this SElinux warning report. I don't
know what's the right place to report such things, so I just post it here:
Samenvatting:
SELinux is preventing /usr/bin/jackd from loading
/usr/lib/libffado.so.2.0.0
which requires text relocation.
Gedetailleerde omschrijving:
The jackd application attempted to load /usr/lib/libffado.so.2.0.0 which
requires text relocation. This is a potential security problem. Most
libraries
do not need this permission. Libraries are sometimes coded incorrectly and
request this permission. The SELinux Memory Protection Tests
(http://people.redhat.com/drepper/selinux-mem.html) web page explains how
to
remove this requirement. You can configure SELinux temporarily to allow
/usr/lib/libffado.so.2.0.0 to use relocation as a workaround, until the
library
is fixed. Please file a bug report.
Teogang toestaan:
If you trust /usr/lib/libffado.so.2.0.0 to run correctly, you can change
the
file context to textrel_shlib_t. "chcon -t textrel_shlib_t
'/usr/lib/libffado.so.2.0.0'" You must also change the default file
context
files on the system in order to preserve them even on a full relabel.
"semanage
fcontext -a -t textrel_shlib_t '/usr/lib/libffado.so.2.0.0'"
Commando repareren:
chcon -t textrel_shlib_t '/usr/lib/libffado.so.2.0.0'
Additionele informatie:
Bron context
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
023
Doel context system_u:object_r:lib_t:s0
Doel objecten /usr/lib/libffado.so.2.0.0 [ file ]
Bron jackd
Bron pad /usr/bin/jackd
Poort <Onbekend>
Host D600
Bron RPM pakketten jack-audio-connection-kit-1.9.4-1.fc12.ccrma
Doel RPM pakketten libffado-2.0.0-1.fc12.ccrma
Gedragslijn RPM selinux-policy-3.6.32-89.fc12
SELinux aangezet True
Gedragslijn type targeted
Enforcing modus Enforcing
Pluginnaam allow_execmod
Hostnaam D600
Platform Linux D600
2.6.31.12-1.rt20.1.fc12.ccrma.i686.rt
#1 SMP PREEMPT RT Thu Jan 21 22:42:06 EST
2010
i686 i686
Aantal waarschuwingen 4
Eerst gezien op vr 26 feb 2010 08:18:36 CET
Laatst gezien op vr 26 feb 2010 08:22:30 CET
Locale ID d56672c7-2e24-40ee-8a07-8587265498a1
Regelnummers
Onbewerkte audit boodschappen
node=D600 type=AVC msg=audit(1267168950.363:25727): avc: denied {
execmod } for pid=13968 comm="jackd" path="/usr/lib/libffado.so.2.0.0"
dev=dm-0 ino=67591
scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tcontext=system_u:object_r:lib_t:s0 tclass=file
node=D600 type=SYSCALL msg=audit(1267168950.363:25727): arch=40000003
syscall=125 success=no exit=-13 a0=b76ad000 a1=170000 a2=5 a3=bfad88e0
items=0 ppid=13241 pid=13968 auid=500 uid=500 gid=500 euid=500 suid=500
fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts0 ses=1 comm="jackd"
exe="/usr/bin/jackd"
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
--
Martin
More information about the PlanetCCRMA
mailing list