[gentoo-hardened] SELinux:after latest update every binary needs the execmod permission to execute

Thu, 13 Apr 2006 03:04:22 -0700 

Hello,
Sinds my latest update I need to add execmod permissions for every executable binary other wise it says: error while loading shared libraries: cannot restore segment prot after reloc: Permission denied And if I jus add a execmod permission on the same types as the exec permission say 
allow su_t su_exec_t:file execmod;
It works. This counts for almost all my executables; init, vi, su, sudo, locate, etc. 

What could cause this?

I think it should be a shared libary which need execmod. But I am unable 
to find it.


It's a hardened pic selinux system, using pam_krb5 and nss_ldap.


Portage 2.0.54 (selinux/2005.1/x86, gcc-3.4.5, glibc-2.3.5-r3, 
2.6.14-hardened-r6 i686)

=================================================================
System uname: 2.6.14-hardened-r6 i686 Celeron (Coppermine)
Gentoo Base System version 1.6.14
dev-lang/python:     2.3.5-r2, 2.4.2
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium3 -O3 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"

CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config 
/usr/share/config /var/bind /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/eselect/compiler /etc/gconf /etc/terminfo 
/etc/env.d"

CXXFLAGS="-march=pentium3 -O3 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"

FEATURES="autoconfig distcc distlocks loadpolicy sandbox selinux sfperms 
strict"

GENTOO_MIRRORS="http://ftp.snt.utwente.nl/pub/os/linux/gentoo/";
LINGUAS="nl en"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"

USE="apache2 bash-completion berkdb bzip2 bzlib caps crypt expat ftp gd 
gdbm gif gpm hardened imap ipv6 java jikes jpeg kerberos ldap logrotate 
maildir mime mmx ncurses nls pam pcre perl pic pie png posix postgres 
python readline sasl selinux sockets ssl symlink sysfs tcpd threads udev 
usb vhosts x86 zlib linguas_nl linguas_en userland_GNU kernel_linux 
elibc_glibc"
Unset:  ASFLAGS, CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, 
PORTDIR_OVERLAY

--
[email protected] mailing list























					Reply via email to