strict policy problem
Stephen Smalley
sds at tycho.nsa.gov
Mon Oct 3 13:57:10 UTC 2005
On Sun, 2005-10-02 at 03:19 -0400, Ivan Gyurdiev wrote:
> Hi Richard, the problem is easily worked around by marking the following
> libraries texrel_shlib_t, as they contain Text Relocations. However, I
> think a better goal would be to eliminate those text relocations where
> possible, along with the rest of the libraries marked in distros.fc.
>
> Steven, can you clarify what needs to be done to get fix those
> applications...
> I am currently not very clear on what the problem is, since I'm not
> familiar with the linking process.
>
> /usr/lib/firefox-1.5/libgfxpsshar.so
> /usr/lib/firefox-1.5/libgkgfx.so
> /usr/lib/firefox-1.5/libxpcom_compat.so
> /usr/lib/firefox-1.5/libgtkembedmoz.so
> /usr/lib/firefox-1.5/libxpcom_core.so
> /usr/lib/firefox-1.5/libgtkxtbin.so
> /usr/lib/firefox-1.5/libxpcom.so
> /usr/lib/firefox-1.5/libjsj.so
> /usr/lib/firefox-1.5/libsoftokn3.so
> /usr/lib/firefox-1.5/libxpistub.so
I think that one would have to go look at the actual code and build
process for those objects to determine why they are being marked as
requiring textrel and what needs to be done to fix them. Were they
built with -fpic? Do they include hand-written assembly? Ulrich, is
there a FAQ anywhere already to which we can refer people to help them
track down the cause of text relocations and fix them (not just working
around them in policy)?
--
Stephen Smalley
National Security Agency
More information about the selinux
mailing list