| 1 |
Hello, |
| 2 |
|
| 3 |
Sinds my latest update I need to add execmod permissions for every |
| 4 |
executable binary other wise it says: |
| 5 |
error while loading shared libraries: cannot restore segment prot after |
| 6 |
reloc: Permission denied |
| 7 |
And if I jus add a execmod permission on the same types as the exec |
| 8 |
permission say |
| 9 |
allow su_t su_exec_t:file execmod; |
| 10 |
It works. This counts for almost all my executables; init, vi, su, sudo, |
| 11 |
locate, etc. |
| 12 |
|
| 13 |
What could cause this? |
| 14 |
I think it should be a shared libary which need execmod. But I am unable |
| 15 |
to find it. |
| 16 |
|
| 17 |
It's a hardened pic selinux system, using pam_krb5 and nss_ldap. |
| 18 |
|
| 19 |
Portage 2.0.54 (selinux/2005.1/x86, gcc-3.4.5, glibc-2.3.5-r3, |
| 20 |
2.6.14-hardened-r6 i686) |
| 21 |
================================================================= |
| 22 |
System uname: 2.6.14-hardened-r6 i686 Celeron (Coppermine) |
| 23 |
Gentoo Base System version 1.6.14 |
| 24 |
dev-lang/python: 2.3.5-r2, 2.4.2 |
| 25 |
sys-apps/sandbox: 1.2.12 |
| 26 |
sys-devel/autoconf: 2.13, 2.59-r7 |
| 27 |
sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 |
| 28 |
sys-devel/binutils: 2.16.1 |
| 29 |
sys-devel/libtool: 1.5.22 |
| 30 |
virtual/os-headers: 2.6.11-r2 |
| 31 |
ACCEPT_KEYWORDS="x86" |
| 32 |
AUTOCLEAN="yes" |
| 33 |
CBUILD="i686-pc-linux-gnu" |
| 34 |
CFLAGS="-march=pentium3 -O3 -pipe -fomit-frame-pointer" |
| 35 |
CHOST="i686-pc-linux-gnu" |
| 36 |
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config |
| 37 |
/usr/share/config /var/bind /var/qmail/control" |
| 38 |
CONFIG_PROTECT_MASK="/etc/eselect/compiler /etc/gconf /etc/terminfo |
| 39 |
/etc/env.d" |
| 40 |
CXXFLAGS="-march=pentium3 -O3 -pipe -fomit-frame-pointer" |
| 41 |
DISTDIR="/usr/portage/distfiles" |
| 42 |
FEATURES="autoconfig distcc distlocks loadpolicy sandbox selinux sfperms |
| 43 |
strict" |
| 44 |
GENTOO_MIRRORS="http://ftp.snt.utwente.nl/pub/os/linux/gentoo/" |
| 45 |
LINGUAS="nl en" |
| 46 |
MAKEOPTS="-j2" |
| 47 |
PKGDIR="/usr/portage/packages" |
| 48 |
PORTAGE_TMPDIR="/var/tmp" |
| 49 |
PORTDIR="/usr/portage" |
| 50 |
SYNC="rsync://rsync.gentoo.org/gentoo-portage" |
| 51 |
USE="apache2 bash-completion berkdb bzip2 bzlib caps crypt expat ftp gd |
| 52 |
gdbm gif gpm hardened imap ipv6 java jikes jpeg kerberos ldap logrotate |
| 53 |
maildir mime mmx ncurses nls pam pcre perl pic pie png posix postgres |
| 54 |
python readline sasl selinux sockets ssl symlink sysfs tcpd threads udev |
| 55 |
usb vhosts x86 zlib linguas_nl linguas_en userland_GNU kernel_linux |
| 56 |
elibc_glibc" |
| 57 |
Unset: ASFLAGS, CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, |
| 58 |
PORTDIR_OVERLAY |
| 59 |
-- |
| 60 |
gentoo-hardened@g.o mailing list |
Archives