FC3: selinux-policy-targeted-1.17.30-3.15 seems to have broken gpg...

Jason L Tibbitts III tibbs at math.uh.edu
Fri Jul 1 16:00:28 UTC 2005 

>>>>> "MWC" == Michael W Carney <michael.es.carney at sbcglobal.net> writes:

MWC> Jul 1 07:40:13 lucy-01 kernel: audit(1120228813.336:0): avc:
MWC> denied { execmod } for pid=5567 comm=gpg path=/usr/bin/gpg
MWC> dev=sdb5 ino=67343 scontext=user_u:system_r:unconfined_t
MWC> tcontext=system_u:object_r:bin_t tclass=file

I'm seeing the same thing.  If I do

chcon system_u:object_r:shlib_t /usr/bin/gpg

then things work again, but that's probably the wrong thing to do.

Here's an strace of a failing call:

> strace gpg
execve("/usr/bin/gpg", ["gpg"], [/* 44 vars */]) = 0
uname({sys="Linux", node="ld83.math.uh.edu", ...}) = 0
brk(0)                                  = 0x9798000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=88038, ...}) = 0
old_mmap(NULL, 88038, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f53000
close(3)                                = 0
open("/usr/lib/libz.so.1", O_RDONLY)    = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260\245"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=63528, ...}) = 0
old_mmap(NULL, 65028, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb8a000
old_mmap(0xb99000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe000) = 0xb99000
close(3)                                = 0
open("/usr/lib/libbz2.so.1", O_RDONLY)  = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\3000\205"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=71724, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f52000
old_mmap(NULL, 69220, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x1c7000
old_mmap(0x1d7000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x10000) = 0x1d7000
close(3)                                = 0
open("/lib/libdl.so.2", O_RDONLY)       = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260+@\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=16816, ...}) = 0
old_mmap(NULL, 12388, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xef8000
old_mmap(0xefa000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0xefa000
close(3)                                = 0
open("/lib/tls/libc.so.6", O_RDONLY)    = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20_,\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1521500, ...}) = 0
old_mmap(NULL, 1219740, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x1d8000
mprotect(0x2fb000, 27804, PROT_NONE)    = 0
old_mmap(0x2fc000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x123000) = 0x2fc000
old_mmap(0x300000, 7324, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x300000
close(3)                                = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f51000
mprotect(0x2fc000, 8192, PROT_READ)     = 0
mprotect(0xefa000, 4096, PROT_READ)     = 0
mprotect(0x4d7000, 663552, PROT_READ|PROT_WRITE) = 0
mprotect(0x4d7000, 663552, PROT_READ|PROT_EXEC) = -1 EACCES (Permission denied)
writev(2, [{"gpg", 3}, {": ", 2}, {"error while loading shared libra"..., 36}, {": ", 2}, {"", 0}, {"", 0}, {"cannot restore segment prot afte"..., 39}, {": ", 2}, {"Permission denied", 17}, {"\n", 1}], 10gpg: error while loading shared libraries: cannot restore segment prot after reloc: Permission denied
) = 102
exit_group(127)

More information about the selinux mailing list