selinux-faq/en_US selinux-faq.xml,1.12,1.13
Chad Sellers (csellers)
fedora-docs-commits at redhat.com
Fri Apr 28 17:36:47 UTC 2006
Author: csellers
Update of /cvs/docs/selinux-faq/en_US
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9476
Modified Files:
selinux-faq.xml
Log Message:
modified memory protection FAQ to make clearer and address making permanent changes, addresses bz#190181
Index: selinux-faq.xml
===================================================================
RCS file: /cvs/docs/selinux-faq/en_US/selinux-faq.xml,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- selinux-faq.xml 28 Apr 2006 16:57:25 -0000 1.12
+++ selinux-faq.xml 28 Apr 2006 17:36:44 -0000 1.13
@@ -2309,16 +2309,42 @@
For more information on these restrictions, see <ulink
url="http://people.redhat.com/drepper/selinux-mem.html"/>.
</para>
+ <para>
+ These show up in
+ <filename>/var/log/messages</filename> (or
+ <filename>/var/log/audit/audit.log</filename> if using the audit
+ daemon) as avc denials.
+ These can also show up when running programs with errors like
+ </para>
+<screen>
+<computeroutput>error while loading shared libraries: /usr/lib/libavutil.so.49:
+cannot restore segment prot after reloc: Permission denied</computeroutput>
+</screen>
+ <para>
+ which indicates that the library is trying to perform a text
+ relocation and failing. Text relocations are bad,
+ but can be allowed via the first hint below. Below are the
+ &SEL; memory permissions that are denied, as well as hints at
+ how to address these denials.
+ </para>
<variablelist>
<varlistentry>
<term><computeroutput>execmod</computeroutput></term>
<listitem>
<para>
- This is usually based on a library label. You can change
- the context on the library with the
- <command>chcon -t textrel_shlib_t
- <replaceable>LIBRARY</replaceable></command>. Now your
- application can run. Please report this as a bugzilla.
+ This is usually based on a library label. You can
+ permanently change the context on the library with the
+ following commands
+ </para>
+<screen>
+<computeroutput># /usr/sbin/semanage fcontext -a -t textrel_shlib_t '/usr/lib/libavutil.so.49.0.0'
+# /sbin/restorecon -v /usr/lib/libavutil.so.49.0.0</computeroutput>
+</screen>
+ <para>
+ with the particular library at fault in place of
+ <filename>/usr/lib/libavutil.so.49.0.0</filename>.
+ Now your application should be able to run. Please
+ report this as a bugzilla.
</para>
</listitem>
</varlistentry>
More information about the Fedora-docs-commits
mailing list