avc: denied, aMSN

Ivan Gyurdiev ivg2 at cornell.edu
Tue Apr 12 00:51:05 UTC 2005


On Tue, 2005-04-12 at 02:27 +0200, Sander Hoentjen wrote:
> Hi,
> 
> I get the following error in my log:
> 
> audit(1113264360.332:0): avc:  denied  { execmod } for  pid=3261
> comm=wish
> path=/home/tjikkun/programs/amsn-extras/plugins/tls1.4/libtls1.4.so
> dev=hda2 ino=243257 scontext=user_u:system_r:unconfined_t
> tcontext=user_u:object_r:user_home_t tclass=file
> 
> It happens when I try to use aMSN which in turn wants to use this lib. I
> am a developer of aMSN and I would really like to know what is the best
> way to fix it. I guess I could change my policy or something(?), but
> when we distribute aMSN I would like to have it working
> "out-of-the-box". Any ideas on how to make this happen?

See if the library requires text relocations:
readelf -d <your library> |grep TEXTREL 

If so, try to fix that. I'm not sure how - maybe compile with -fPIC?

If it can't be fixed, it can be marked texrel_shlib_t to make it work,
but the user would have to enable the allow_execmod boolean. I'm not
sure if targeted policy has it enabled by default.

-- 
Ivan Gyurdiev <ivg2 at cornell.edu>
Cornell University




More information about the fedora-selinux-list mailing list