From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-hardened+bounces-594-garchives=archives.gentoo.org@gentoo.org>)
	id 1Fhr8e-00008c-O5
	for garchives@archives.gentoo.org; Sun, 21 May 2006 16:50:45 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.6/8.13.6) with SMTP id k4LGkUB9008318;
	Sun, 21 May 2006 16:46:30 GMT
Received: from nerdig.org (codejunky.org [217.160.206.82])
	by robin.gentoo.org (8.13.6/8.13.6) with ESMTP id k4LGkSmq016560
	for <gentoo-hardened@lists.gentoo.org>; Sun, 21 May 2006 16:46:29 GMT
Received: (qmail 27118 invoked from network); 21 May 2006 18:46:30 +0200
Received: from c208084.adsl.hansenet.de (HELO ?192.168.0.20?) (jan@codejunky.org@213.39.208.84)
  by codejunky.org with AES256-SHA encrypted SMTP; 21 May 2006 18:46:30 +0200
Message-ID: <44709949.8090205@codejunky.org>
Date: Sun, 21 May 2006 18:46:01 +0200
From: Jan Meier <jan@codejunky.org>
User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)
X-Accept-Language: en-us, en
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] SELinux problem -> avc: denied {execmem}
References: <200605211541.00448.jan@codejunky.org> <20060521160032.GA28927@peter.sunspire.org>
In-Reply-To: <20060521160032.GA28927@peter.sunspire.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 212e01ea-9aa7-4173-941d-a1dc854b7f56
X-Archives-Hash: 0f15a551f4690a0c338d06c4cd5344fe

Petre Rodan wrote:
> your binares might lack the GNU_STACK header, i.e. they were built with an old toolchain.
> use readelf --headers to find out if it's the case.
Executing: readelf -headers /bin/mount  | grep GNU_STACK shows 
"GNU_STACK      0x000000 0x00000000 0x00000000 0x00000 0x00000 RW  0x4"

> you might want to upgrade to the latest stable gcc and recompile all binaries with that header missing.
My gcc is version 3.4.5

>>When I execute `setenforce 1` I get a "Killed" after each command I execute, 
>>does this have something to do with the denied messages?
> you should enforce only when your policy is ok for your purposes.
I am new to SELinux and currently reading the O'Reilly SELinux book to 
gather more informations :)

Any suggestions to my problem?

Regards Jan
-- 
gentoo-hardened@gentoo.org mailing list