Selinux issues in user-compiled code
Daniel J Walsh
dwalsh at redhat.com
Thu Nov 20 19:49:08 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jason L Tibbitts III wrote:
> A while back I made the decision to enable selinux on all of my user
> desktops. It hasn't really been all that painful; generally the
> issues I have are with proprietary software, essentially all of which
> it seems has one issue or another.
>
> This morning I received the following question from a user:
>
> -----
> Can you explain why I often get a linker error:
>
> "cannot restore segment prot after reloc: Permission denied"
>
> running code I've built in my home directory.But then if I rerun once
> or twice it will execute properly. It's not always the same library
> that the linker complains about....
> -----
>
> Unfortunately I don't really know how to answer. I can handle selinux
> at a system level, because if I know some program has an issue I can
> just change a file context and things work. But I've no idea how to
> deal with code that users might compile, or where to point them for
> info in writing code that doesn't have these issues.
>
> - J<
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
This means you have an execmod or execmem problem in your code. You
might have a library that was build incorrectly missing -PIC ?
http://people.redhat.com/~drepper/selinux-mem.html
http://danwalsh.livejournal.com/6117.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkklvzQACgkQrlYvE4MpobO95wCgld4420fozCsyegcojTcYZiK+
Gj8AoNLYrDQPYpxdprJuHgryIwXrNKSE
=fx+2
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list