-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
I've worked a bit with SELinux, the problem is from the policy, it is necessary to insert libtls-1.50.so to the type texrel_shlib_t it seems... The problem is that this type is not part of the standard policy. What distribution do you use ? Can you send the file defining this type (should be in /etc/security somewhere) ? So the way to force anyone to do it depends ... on the distribution. I guess Fedora has a way to add new entries to the policy with rpms...I don't know more about though. Moreover, adding entries to the policy is not really easy and needs to have all the policy sources and recompile everything and reload it (special role). The developers are working on a more modular way to do it but I think it is not ready yet :( GrdScarabe Jonne Zutt wrote: > And I made my version now work by running > chcon -c -v -u system_u -r object_r -t texrel_shlib_t > /path/to/libtls-1.50.so > > as user, not as root ... > > Maybe someone who understands selinux can shed his/her light on this. > What does texrel_shlib_t mean? > > Jonne. > >> Well, so I decided to make aMSN use TLS 1.50 ... >> >> I tried Sander's rpm with rpm2targz but it didn't work, failed on some .so >> I didn't have. I tried compiling one on my pc, sent it to Jonne, didn't >> work. We decided to make it link statically, and after hours of sweating, >> Jonne found the way to do it: >> >> ./configure --with-ssl-dir=/usr >> make >> gcc -pipe -shared -o libtls1.50.so tls.o tlsIO.o tlsBIO.o tlsX509.o >> fixstrtod.o -Wl,-Bstatic -lssl -lcrypto -Wl,-Bdynamic >> >> This produced a non-working .so on him and a working .so on me : >> >> bash-3.00$ cd tls1.50/ >> bash-3.00$ ldd libtls-1.50.so >> linux-gate.so.1 => (0xffffe000) >> libc.so.6 => /lib/tls/libc.so.6 (0xb7d19000) >> /lib/ld-linux.so.2 (0x80000000) >> >> Just like the .so from 1.4 . I sent him my .so and now SELinux gives him >> an error: >> >> Cannot restore segment prot after reloc: Permission denied >> >> The solution is to run chcon on the .so as root, but I can't find an easy >> way to force everyone who is using SELinux to do so. >> >> ANY IDEAS????? >> >> If you want, I have uploaded what I have so far on >> >> http://www.autom.teithe.gr/~vivia/tls-1.5.0-linux-x86.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEa0clPmfsnt4Id3wRAvsXAJ930X+Cmfp8KVhM2QaG5kwhp31esACfYSkG d5PeTOQHQr5WOEeLz+QrFd4= =mIoB -----END PGP SIGNATURE----- ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Amsn-devel mailing list Amsn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amsn-devel
