Re: [gentoo-hardened] SELinux problem -> avc: denied {execmem}

public inbox for gentoo-hardened@lists.gentoo.org
 help / color / mirror / Atom feed

From: Ned Ludd <solar@gentoo.org>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] SELinux problem -> avc: denied {execmem}
Date: Mon, 22 May 2006 18:40:41 -0400	[thread overview]
Message-ID: <1148337641.6851.26.camel@localhost> (raw)
In-Reply-To: <44723080.14580.10D3D84@pageexec.freemail.hu>

On Mon, 2006-05-22 at 21:43 +0200, pageexec@freemail.hu wrote:
> On 22 May 2006 at 19:32, Jan Meier wrote:
> > > do you have a new gentoo setup there or did you migrate an old install?
> > The gentoo installation is two month old, I migrated to SELinux. 
> > It is a PPC, could this be a problem?
> 
> i'm wondering if it's the ppc .plt issue that PaX runs against as well
> (it's rwx and runtime generated -> not good). a year ago or so Red Hat
> people added secureplt support to binutils/ld, (hardened) gentoo should
> probably take a look.
> 
> http://gcc.gnu.org/ml/gcc-patches/2005-05/msg01134.html
> http://sources.redhat.com/ml/binutils/2005-05/msg00391.html

Last we spoke about this I thought you said it was reverted.

Btw. I'm running a ppc box with pretty great success with most of the 
supported PaX features enabled. (only bugs thus far have been with SPP 
and a few pkgs (glibc/busybox/gcc) but I'm sure that wont shock you :)

Linux luna 2.6.14-hardened #1 Tue Nov 15 21:55:38 UTC 2005 ppc
7447/7457, altivec supported GNU/Linux

128bb000-128c1000 r-xp 00000000 03:03 1703959    /bin/cat
128cb000-128cc000 r--p 00010000 03:03 1703959    /bin/cat
128cc000-128cd000 rw-p 00011000 03:03 1703959    /bin/cat
128cd000-128fb000 rw-p 128cd000 00:00 0          [heap]
32cc6000-32cde000 r-xp 00000000 03:03 205825     /lib/ld-2.3.5.so
32cde000-32cdf000 rw-p 32cde000 00:00 0 
32ce6000-32ce7000 r--p 00020000 03:03 205825     /lib/ld-2.3.5.so
32ce7000-32ce8000 rw-p 00021000 03:03 205825     /lib/ld-2.3.5.so
32ce8000-32ce9000 rw-p 32ce8000 00:00 0 
32cea000-32cee000 r-xp 00000000 03:03 205787     /lib/libaudit.so
32cee000-32cfa000 ---p 00004000 03:03 205787     /lib/libaudit.so
32cfa000-32cfb000 r--p 00010000 03:03 205787     /lib/libaudit.so
32cfb000-32cfc000 rw-p 00011000 03:03 205787     /lib/libaudit.so
32d06000-32e29000 r-xp 00000000 03:03 205828     /lib/libc-2.3.5.so
32e29000-32e36000 ---p 00123000 03:03 205828     /lib/libc-2.3.5.so
32e36000-32e38000 r--p 00130000 03:03 205828     /lib/libc-2.3.5.so
32e38000-32e3c000 rw-p 00132000 03:03 205828     /lib/libc-2.3.5.so
32e3c000-32e3e000 rw-p 32e3c000 00:00 0 
32e3e000-32e40000 r-xp 00000000 03:03 205830     /lib/libdl-2.3.5.so
32e40000-32e4e000 ---p 00002000 03:03 205830     /lib/libdl-2.3.5.so
32e4e000-32e4f000 r--p 00010000 03:03 205830     /lib/libdl-2.3.5.so
32e4f000-32e50000 rw-p 00011000 03:03 205830     /lib/libdl-2.3.5.so
7904f000-79065000 rw-p 7904f000 00:00 0          [stack]


-- 
Ned Ludd <solar@gentoo.org>
Gentoo Linux

-- 
gentoo-hardened@gentoo.org mailing list

next prev parent reply	other threads:[~2006-05-22 22:44 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-05-21 13:40 [gentoo-hardened] SELinux problem -> avc: denied {execmem} Jan Meier
2006-05-21 13:59 ` kakou
2006-05-21 16:00 ` Petre Rodan
2006-05-21 16:46   ` Jan Meier
2006-05-21 18:31     ` Petre Rodan
2006-05-21 20:40       ` Jan Meier
2006-05-22  6:04         ` Petre Rodan
2006-05-22  8:59           ` pageexec
2006-05-22  9:30             ` Petre Rodan
2006-05-22 14:43             ` Chris PeBenito
2006-05-22 17:32           ` Jan Meier
2006-05-22 19:43             ` pageexec
2006-05-22 22:40               ` Ned Ludd [this message]
2006-05-27 22:11               ` Peter S. Mazinger
2006-05-23 17:08             ` Jan Meier

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1148337641.6851.26.camel@localhost \
    --to=solar@gentoo.org \
    --cc=gentoo-hardened@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox