From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.50) id 1ETLbX-0001Ua-Tj for garchives@archives.gentoo.org; Sat, 22 Oct 2005 15:48:20 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id j9MFgoqW011911; Sat, 22 Oct 2005 15:42:50 GMT Received: from mail.nagafix.co.uk (mail.nagafix.co.uk [194.145.196.85]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id j9MFgn3o017234 for ; Sat, 22 Oct 2005 15:42:50 GMT Received: by mail.nagafix.co.uk (Postfix, from userid 65534) id 2AF2FB70CD; Sat, 22 Oct 2005 22:50:46 +0100 (BST) Received: from localhost (localhost [127.0.0.1]) by mail.nagafix.co.uk (Postfix) with ESMTP id 1DD6845A64; Sat, 22 Oct 2005 22:50:43 +0100 (BST) Received: from mail.nagafix.co.uk ([127.0.0.1]) by localhost (viper.nagafix.co.uk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 30259-20; Sat, 22 Oct 2005 22:50:40 +0100 (BST) Received: from [192.168.0.2] (host-87-74-41-228.bulldogdsl.com [87.74.41.228]) by mail.nagafix.co.uk (Postfix) with ESMTP id 04B6C45A62; Sat, 22 Oct 2005 22:50:39 +0100 (BST) Subject: Re: [gentoo-hardened] mysql 4.1 requires shlib_t:file execmod? From: Antoine Martin To: gentoo-hardened@lists.gentoo.org Cc: SELinux In-Reply-To: <435A6E83.15754.A4A6C273@pageexec.freemail.hu> References: <435A6E83.15754.A4A6C273@pageexec.freemail.hu> Content-Type: text/plain Organization: Nagafix Ltd Date: Sat, 22 Oct 2005 16:45:39 +0100 Message-Id: <1129995939.31615.56.camel@localhost.localdomain> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 (2.2.3-2.fc4) Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at viper.nagafix.co.uk X-Spam-Checker-Version: SpamAssassin 3.0.4-gr0 (2005-06-05) on viper.nagafix.co.uk X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=AWL,DATE_IN_PAST_06_12 autolearn=no version=3.0.4-gr0 X-Archives-Salt: 16967e4e-1c0a-4269-8830-8dbc0728767c X-Archives-Hash: 5507b9690b3d1b169184527f579a3304 On Sat, 2005-10-22 at 16:53 +0200, pageexec@freemail.hu wrote: > On 22 Oct 2005 at 15:15, Antoine Martin wrote: > > I've upgraded a (gentoo x86 selinux) system from MySQL 4.0 to 4.1, and > > since then some of the software that uses mysql-libs refuse to run > > without 'shlib_t:file execmod'. > > > > ie: when starting postfix (built and rebuilt with mysql support): > > postfix: error while loading shared > > libraries: /usr/lib/libmysqlclient.so.14: cannot restore segment prot > > after reloc: Permission denied > > the reason might be text relocations, even though they should have > been fixed already upstream. see long story at > > http://bugs.gentoo.org/show_bug.cgi?id=42968 > http://bugs.mysql.com/bug.php?id=11642 >>From the two threads above it looks like the fix should have gone in 4.1.14 (which is what I am running now) > > what does scanelf -T /usr/lib/libmysqlclient.so.14 report? > if it's not text relocs, then post an strace please. Is scanelf a PaX tool? Antoine -- gentoo-hardened@gentoo.org mailing list