On applications>system tools/SELinux Troubleshooter, this explanation of
my problem is given.
Code:
--------------------
Summary:
SELinux is preventing squeezecenter-s from loading
/usr/share/squeezecenter/CPAN/arch/5.10/i386-linux-thread-multi/auto/DBD/mysql/mysql.so
which requires text relocation.
Detailed Description:
The squeezecenter-s application attempted to load
/usr/share/squeezecenter/CPAN/arch/5.10/i386-linux-thread-multi/auto/DBD/mysql/mysql.so
which requires text relocation. This is a potential security problem. Most
libraries do not need this permission. Libraries are sometimes coded
incorrectly
and request this permission. The SELinux Memory Protection Tests
(http://people.redhat.com/drepper/selinux-mem.html) web page explains how to
remove this requirement. You can configure SELinux temporarily to allow
/usr/share/squeezecenter/CPAN/arch/5.10/i386-linux-thread-multi/auto/DBD/mysql/mysql.so
to use relocation as a workaround, until the library is fixed. Please file a
bug
report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this
package.
Allowing Access:
If you trust
/usr/share/squeezecenter/CPAN/arch/5.10/i386-linux-thread-multi/auto/DBD/mysql/mysql.so
to run correctly, you can change the file context to textrel_shlib_t. "chcon
-t
textrel_shlib_t
'/usr/share/squeezecenter/CPAN/arch/5.10/i386-linux-thread-multi/auto/DBD/mysql/mysql.so'"
You must also change the default file context files on the system in order to
preserve them even on a full relabel. "semanage fcontext -a -t textrel_shlib_t
'/usr/share/squeezecenter/CPAN/arch/5.10/i386-linux-thread-multi/auto/DBD/mysql/mysql.so'"
Fix Command:
chcon -t textrel_shlib_t
'/usr/share/squeezecenter/CPAN/arch/5.10/i386-linux-thread-multi/auto/DBD/mysql/mysql.so'
Additional Information:
Source Context system_u:system_r:initrc_t:s0
Target Context system_u:object_r:lib_t:s0
Target Objects /usr/share/squeezecenter/CPAN/arch/5.10/i386
-linux-thread-multi/auto/DBD/mysql/mysql.so [ file
]
Source squeezecenter-s
Source Path /usr/bin/perl
Port <Unknown>
Host MSIWIND.MSHOME
Source RPM Packages perl-5.10.0-53.fc10
Target RPM Packages squeezecenter-7.3.2-1
Policy RPM selinux-policy-3.5.13-44.fc10
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name allow_execmod
Host Name MSIWIND.MSHOME
Platform Linux MSIWIND.MSHOME 2.6.27.12-170.2.5.fc10.i686
#1 SMP Wed Jan 21 02:09:37 EST 2009 i686 i686
Alert Count 2
First Seen Sun 15 Feb 2009 02:55:01 PM EST
Last Seen Sun 15 Feb 2009 02:55:15 PM EST
Local ID 01cbf2bb-6bf6-478d-8f0d-3ec30abaca8c
Line Numbers
Raw Audit Messages
node=MSIWIND.MSHOME type=AVC msg=audit(1234727715.99:51): avc: denied {
execmod } for pid=4148 comm="squeezecenter-s"
path="/usr/share/squeezecenter/CPAN/arch/5.10/i386-linux-thread-multi/auto/DBD/mysql/mysql.so"
dev=dm-0 ino=530107 scontext=system_u:system_r:initrc_t:s0
tcontext=system_u:object_r:lib_t:s0 tclass=file
node=MSIWIND.MSHOME type=SYSCALL msg=audit(1234727715.99:51): arch=40000003
syscall=125 success=no exit=-13 a0=750000 a1=19a000 a2=5 a3=bfae2500 items=0
ppid=4123 pid=4148 auid=4294967295 uid=494 gid=491 euid=494 suid=494 fsuid=494
egid=491 sgid=491 fsgid=491 tty=(none) ses=4294967295 comm="squeezecenter-s"
exe="/usr/bin/perl" subj=system_u:system_r:initrc_t:s0 key=(null)
--------------------
Do you suggest I do the fix given above? If so, guidance on precisely
how ot implement it would be appreciated.
--
rmariger
------------------------------------------------------------------------
rmariger's Profile: http://forums.slimdevices.com/member.php?userid=1160
View this thread: http://forums.slimdevices.com/showthread.php?t=60137
_______________________________________________
unix mailing list
[email protected]
http://lists.slimdevices.com/mailman/listinfo/unix
