Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Petre Rodan <kaiowas@g.o>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] SELinux problem -> avc: denied {execmem}
Date: Sun, 21 May 2006 16:05:31
Message-Id: 20060521160032.GA28927@peter.sunspire.org
In Reply to: [gentoo-hardened] SELinux problem -> avc: denied {execmem} by Jan Meier
1 Hi,
2
3 On Sun, May 21, 2006 at 04:40:57PM +0200, Jan Meier wrote:
4 > Hello,
5 >
6 > I am running SELinux and at boot time I get the following avc: denied
7 > messages:
8 >
9 > May 21 16:01:40 jeeves audit(1148220069.887:0): avc: denied { execmem } for
10 > pid=1 comm=init scontext=system_u:system_r:kernel_t
11 > tcontext=system_u:system_r:kernel_t tclass=process
12 > May 21 16:01:40 jeeves audit(1148220069.905:0): avc: denied { execmem } for
13 > pid=1 comm=init scontext=system_u:system_r:init_t
14 > tcontext=system_u:system_r:init_t tclass=process
15 > May 21 16:01:40 jeeves audit(1148220070.475:0): avc: denied { execmem } for
16 > pid=896 comm=rc scontext=system_u:system_r:initrc_t
17 > tcontext=system_u:system_r:initrc_t tclass=process
18 > May 21 16:01:40 jeeves audit(1148220070.920:0): avc: denied { execmem } for
19 > pid=904 comm=mount scontext=system_u:system_r:mount_t
20 > tcontext=system_u:system_r:mount_t tclass=process
21 > May 21 16:01:40 jeeves audit(1148220071.457:0): avc: denied { execmem } for
22 > pid=934 comm=swapon scontext=system_u:system_r:fsadm_t
23 > tcontext=system_u:system_r:fsadm_t tclass=process
24 > May 21 16:01:40 jeeves audit(1148220072.480:0): avc: denied { execmem } for
25 > pid=974 comm=modules-update scontext=system_u:system_r:update_modules_t
26 > tcontext=system_u:system_r:update_modules_t tclass=process
27
28 your binares might lack the GNU_STACK header, i.e. they were built with an old toolchain.
29 use readelf --headers to find out if it's the case.
30
31 you might want to upgrade to the latest stable gcc and recompile all binaries with that header missing.
32
33 > When I execute `setenforce 1` I get a "Killed" after each command I execute,
34 > does this have something to do with the denied messages?
35
36 you should enforce only when your policy is ok for your purposes.
37
38 cheers,
39 peter
40
41 --
42 petre rodan
43 <kaiowas@g.o>
44 Developer,
45 Hardened Gentoo Linux

Replies

Subject Author
Re: [gentoo-hardened] SELinux problem -> avc: denied {execmem} Jan Meier <jan@×××××××××.org>
Report Message
Find on MARC Find on Google Groups