I just finished installing FC5 on a machine along with samba, and for whatever reason I'm getting execstack errors when trying to start it (just using service smb start):
kernel: audit(1151522284.161:13552): avc: denied { execstack } for pid=28158 comm="smbd" scontext=user_u:system_r:smbd_t:s0 tcontext=user_u:system_r:smbd_t:s0 tclass=process
although execstack reports otherwise:
# execstack -q /usr/sbin/smbd - /usr/sbin/smbd
setup: samba-3.0.22-1.fc5 selinux-policy-targeted-2.2.43-4.fc5 kernel 2.6.17-1.2139_FC5
Any hints/pointers as to whats going on here would be greatly appreciated.
-Tim
Tim Fenn wrote:
Any hints/pointers as to whats going on here would be greatly appreciated.
It doesn't have to be the binary itself, it could be any of its dependencies as well. And not only static dependencies.
You can first look at all the DSOs listed when you run
ldd smbd
If this doesn't show anything it's a dynamic dependency. In this case turn off enforncement temporarily, starts smbd, and then look in
/proc/PID/maps
for DSOs you haven't tested yet.
On Wed, Jun 28, 2006 at 12:32:05PM -0700, Ulrich Drepper wrote:
Tim Fenn wrote:
Any hints/pointers as to whats going on here would be greatly appreciated.
It doesn't have to be the binary itself, it could be any of its dependencies as well. And not only static dependencies.
You can first look at all the DSOs listed when you run
ldd smbd
Ah, didn't realize I needed to check the dependencies as well. Turns out its a third party repo libgcrypt rpm - I'll contact the maintainer.
Thanks!
-Tim
selinux@lists.fedoraproject.org
-
Tim Fenn -
Ulrich Drepper