[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: "denied" error message



On Wed, 2007-07-25 at 16:03 -0400, Bill Tangren wrote:
> Bill Tangren wrote:
> > I have the following error message showing up in my audit logs. This is 
> > on an SELinux-enabled web server (running RHEL ES 4, fully patched). 
> > This is actually an selinux error, so if this not the correct place to 
> > ask this question, please let me know.
> > 
> 
> Never mind. I got at least a partial answer by googling NSA's selinux mailing 
> list archive. I quote from one of those pages:
> 
> "Typically, that audit message suggests that kernel is translating PROT_READ 
> requests by that binary to PROT_READ|PROT_EXECUTE in order to provide 
> compatibility with "legacy" binaries that presumed read-implies-exec logic."
> 
> This is an old program that is calling shared libraries. It isn't hurting the 
> program, but it is filling up my audit logs. I guess I'll leave it alone.
> 
> Thanks anyway.
> 

Options:
- Rebuild the program with current compiler toolchain.
- Try to mark the program as not requiring an executable stack,
	cp /location/of/bin/aa_pap8 /location/of/bin/aa_pap8.orig
	execstack -c /location/of/bin/aa_pap8
- Modify your policy to dontaudit the permission or to allow it, as
required.

-- 
Stephen Smalley
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]