Making Fedora a contributer friendly environment (Re: Selinux and package guidelines)

Karl MacMillan kmacmill at
Wed May 9 14:18:46 UTC 2007

On Wed, 2007-05-09 at 15:55 +0200, Till Maas wrote:
> On Mi Mai 9 2007, Jakub Jelinek wrote:
> > DT_TEXTREL shared libraries are (almost always) a packaging bug which
> > should be fixed, not worked around by setting SELinux contexts.
> > In most cases that just means compiling all the objects that are linked
> > into the shared library with -fpic resp. -fPIC (for very large shared
> > libraries).
> In my case it is virtualbox, a x86 emulator. It uses code like it is described 
> in so I guess it is not 
> (only) the -fpic stuff.

It's not and for applications like this you aren't likely to avoid
executing writable memory. You should set the context correctly to allow
executable memory (chcon -t unconfined_execmem_exec_t). Eventually we
should avoid hard-coding contexts in the rpms but there is currently no
better solution.

>  Btw. what are very larged shared libraries? And 
> should "-fpic" only be used when one encounters selinux problems?

Preventing relocations is not just an "selinux problem" - it is a good
idea in general and prevents certain kinds of exploits.


More information about the fedora-devel-list mailing list