From mboxrd@z Thu Jan 1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
by nuthatch.gentoo.org with esmtp (Exim 4.50)
id 1ETKYZ-0005NV-Ec
for garchives@archives.gentoo.org; Sat, 22 Oct 2005 14:41:11 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
by robin.gentoo.org (8.13.5/8.13.5) with SMTP id j9MEaBR6012909;
Sat, 22 Oct 2005 14:36:11 GMT
Received: from qproxy.gmail.com (qproxy.gmail.com [72.14.204.198])
by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id j9MEa99E012474
for <gentoo-hardened@lists.gentoo.org>; Sat, 22 Oct 2005 14:36:10 GMT
Received: by qproxy.gmail.com with SMTP id q12so270qbq
for <gentoo-hardened@lists.gentoo.org>; Sat, 22 Oct 2005 07:39:02 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=beta; d=gmail.com;
h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
b=Pz/5tq2iuXMv8LPNn5UkrYNYT+pe/RaNoBiLPiutZ+Zy9dpAba3Eoguz6GQBeZEcOkpG4gWfJ2EJ0xk0uYouXlsIE6JLeexIkayrbx0mUdRl5hHHjmSZi7WL4YC+KnZKazXgaLXNd2FCtNWGf4LMWN6n/mlB1ZE1hR1F31lH8o0=
Received: by 10.65.242.2 with SMTP id u2mr2411970qbr;
Sat, 22 Oct 2005 07:39:02 -0700 (PDT)
Received: by 10.64.195.18 with HTTP; Sat, 22 Oct 2005 07:39:02 -0700 (PDT)
Message-ID: <fc38b710510220739n1a56eccag7f6d430a74730ed0@mail.gmail.com>
Date: Sat, 22 Oct 2005 16:39:02 +0200
From: Dave Strydom <strydom.dave@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] mysql 4.1 requires shlib_t:file execmod?
In-Reply-To: <1129990510.31615.53.camel@localhost.localdomain>
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_3554_31797528.1129991942886"
References: <1129990510.31615.53.camel@localhost.localdomain>
X-Archives-Salt: 6b0b45eb-60e4-4d58-93d2-97e6fbbc00b4
X-Archives-Hash: 23677437017319c910d8a2f8c5d37eba
------=_Part_3554_31797528.1129991942886
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
try run this:
revdep-rebuild --soname libmysqlclient.so.12
On 10/22/05, Antoine Martin <antoine@nagafix.co.uk> wrote:
>
> Hi,
>
> I've upgraded a (gentoo x86 selinux) system from MySQL 4.0 to 4.1, and
> since then some of the software that uses mysql-libs refuse to run
> without 'shlib_t:file execmod'.
>
> ie: when starting postfix (built and rebuilt with mysql support):
> postfix: error while loading shared
> libraries: /usr/lib/libmysqlclient.so.14: cannot restore segment prot
> after reloc: Permission denied
>
> And here is the audit message:
> [ 3159.289877] audit(1130082418.254:1085): avc: denied { execmod } for
> pid=3D7905 comm=3D"postfix" name=3D"libmysqlclient.so.14.0.0" dev=3Dmd3
> ino=3D84506 scontext=3Droot:sysadm_r:postfix_postdrop_t
> tcontext=3Dsystem_u:object_r:shlib_t tclass=3Dfile
>
> But other software does not needed it (mysql client, pdns, etc) even
> though they are linked to the same library file...
> What gives?
>
> Thanks
> Antoine
>
> --
> gentoo-hardened@gentoo.org mailing list
>
>
------=_Part_3554_31797528.1129991942886
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
try run this:<br>
<br>
revdep-rebuild --soname libmysqlclient.so.12<br><br><div><span class=3D"gma=
il_quote">On 10/22/05, <b class=3D"gmail_sendername">Antoine Martin</b> <=
;<a href=3D"mailto:antoine@nagafix.co.uk">antoine@nagafix.co.uk</a>> wro=
te:
</span><blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rg=
b(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hi,<br><br=
>I've upgraded a (gentoo x86 selinux) system from MySQL 4.0 to 4.1, and<br>
since then some of the software that uses mysql-libs refuse to run<br>witho=
ut 'shlib_t:file execmod'.<br><br>ie: when starting postfix (built and rebu=
ilt with mysql support):<br>postfix: error while loading shared<br>librarie=
s: /usr/lib/libmysqlclient.so.14: cannot restore segment prot
<br>after reloc: Permission denied<br><br>And here is the audit message:<br=
>[ 3159.289877] audit(1130082418.254:1085): avc: denied &nb=
sp;{ execmod } for<br>pid=3D7905 comm=3D"postfix" name=3D"li=
bmysqlclient.so.14.0.0
" dev=3Dmd3<br>ino=3D84506 scontext=3Droot:sysadm_r:postfix_postdrop_t=
<br>tcontext=3Dsystem_u:object_r:shlib_t tclass=3Dfile<br><br>But other sof=
tware does not needed it (mysql client, pdns, etc) even<br>though they are =
linked to the same library file...
<br>What gives?<br><br>Thanks<br>Antoine<br><br>--<br><a href=3D"mailto:gen=
too-hardened@gentoo.org">gentoo-hardened@gentoo.org</a> mailing list<br><br=
></blockquote></div><br>
------=_Part_3554_31797528.1129991942886--
--
gentoo-hardened@gentoo.org mailing list