From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.50)
	id 1ETMKs-0005gZ-AW
	for garchives@archives.gentoo.org; Sat, 22 Oct 2005 16:35:10 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.5/8.13.5) with SMTP id j9MGU7EH019191;
	Sat, 22 Oct 2005 16:30:07 GMT
Received: from mail.nagafix.co.uk (mail.nagafix.co.uk [194.145.196.85])
	by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id j9MGU6HI012428
	for <gentoo-hardened@lists.gentoo.org>; Sat, 22 Oct 2005 16:30:06 GMT
Received: by mail.nagafix.co.uk (Postfix, from userid 65534)
	id 5FB0645A72; Sat, 22 Oct 2005 23:38:03 +0100 (BST)
Received: from localhost (localhost [127.0.0.1])
	by mail.nagafix.co.uk (Postfix) with ESMTP id 5C07345A72
	for <gentoo-hardened@lists.gentoo.org>; Sat, 22 Oct 2005 23:38:02 +0100 (BST)
Received: from mail.nagafix.co.uk ([127.0.0.1])
 by localhost (viper.nagafix.co.uk [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 25568-02 for <gentoo-hardened@lists.gentoo.org>;
 Sat, 22 Oct 2005 23:38:00 +0100 (BST)
Received: from [192.168.0.2] (host-87-74-41-228.bulldogdsl.com [87.74.41.228])
	by mail.nagafix.co.uk (Postfix) with ESMTP id 0F1D045A6D
	for <gentoo-hardened@lists.gentoo.org>; Sat, 22 Oct 2005 23:38:00 +0100 (BST)
Subject: Re: [gentoo-hardened] mysql 4.1 requires shlib_t:file execmod?
From: Antoine Martin <antoine@nagafix.co.uk>
To: gentoo-hardened@lists.gentoo.org
In-Reply-To: <fc38b710510220739n1a56eccag7f6d430a74730ed0@mail.gmail.com>
References: <1129990510.31615.53.camel@localhost.localdomain>
	 <fc38b710510220739n1a56eccag7f6d430a74730ed0@mail.gmail.com>
Content-Type: text/plain
Organization: Nagafix Ltd
Date: Sat, 22 Oct 2005 17:33:00 +0100
Message-Id: <1129998780.31615.65.camel@localhost.localdomain>
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
Mime-Version: 1.0
X-Mailer: Evolution 2.2.3 (2.2.3-2.fc4) 
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at viper.nagafix.co.uk
X-Spam-Checker-Version: SpamAssassin 3.0.4-gr0 (2005-06-05) on 
	viper.nagafix.co.uk
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=5.0 tests=AWL,DATE_IN_PAST_06_12 
	autolearn=no version=3.0.4-gr0
X-Archives-Salt: 3cb43cb1-1269-4ec9-9e23-387aa07618f7
X-Archives-Hash: bfb98fd3fc28392fc7858d580630c642

On Sat, 2005-10-22 at 16:39 +0200, Dave Strydom wrote:
> try run this:
> 
> revdep-rebuild --soname libmysqlclient.so.12
^libmysqlclient.so.12^libmysqlclient.so.14, right?

This does a:
emerge --oneshot --nodeps  =dev-db/mysql-4.1.14
=dev-perl/DBD-mysql-2.9007 =mail-mta/postfix-2.1.5-r2
=net-dns/pdns-2.9.18

Which failed during the installation phase of postfix, with the same
message as before..
Then I switched to non-enforcing mode, rebuilt as above and now it's ok.
No idea why...

Antoine


> 
> On 10/22/05, Antoine Martin <antoine@nagafix.co.uk> wrote:
>         Hi,
>         
>         I've upgraded a (gentoo x86 selinux) system from MySQL 4.0 to
>         4.1, and
>         since then some of the software that uses mysql-libs refuse to
>         run
>         without 'shlib_t:file execmod'.
>         
>         ie: when starting postfix (built and rebuilt with mysql
>         support):
>         postfix: error while loading shared
>         libraries: /usr/lib/libmysqlclient.so.14: cannot restore
>         segment prot 
>         after reloc: Permission denied
>         
>         And here is the audit message:
>         [ 3159.289877] audit(1130082418.254:1085):
>         avc:  denied  { execmod } for
>         pid=7905 comm="postfix" name="libmysqlclient.so.14.0.0 "
>         dev=md3
>         ino=84506 scontext=root:sysadm_r:postfix_postdrop_t
>         tcontext=system_u:object_r:shlib_t tclass=file
>         
>         But other software does not needed it (mysql client, pdns,
>         etc) even
>         though they are linked to the same library file... 
>         What gives?
>         
>         Thanks
>         Antoine
>         
>         --
>         gentoo-hardened@gentoo.org mailing list
>         
> 

-- 
gentoo-hardened@gentoo.org mailing list