[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gentoo-hardened] mysql 4.1 requires shlib_t:file execmod?

To: gentoo-hardened@xxxxxxxxxxxxxxxx
Subject: Re: [gentoo-hardened] mysql 4.1 requires shlib_t:file execmod?
From: Antoine Martin <antoine@xxxxxxxxxxxxx>
Date: Sun, 23 Oct 2005 20:06:39 +0100
Cc: SELinux <selinux@xxxxxxxxxxxxx>
In-reply-to: <1130004616.8908.38.camel@alto>
Organization: Nagafix Ltd
References: <435A6E83.15754.A4A6C273@xxxxxxxxxxxxxxxxxxxx> <435A7CA9.4596.A4DE07A0@xxxxxxxxxxxxxxxxxxxx> <1129999068.31615.69.camel@xxxxxxxxxxxxxxxxxxxxx> <1130002276.8908.28.camel@alto> <1130002902.5415.5.camel@xxxxxxxxxxxxxxxxxxxxx> <1130004616.8908.38.camel@alto>
Sender: owner-selinux@xxxxxxxxxxxxx

> > > #1
> > > qlist mysql | scanelf -qtf -
> > TEXTREL  /usr/lib/mysql/libmysqlclient.so
> > TEXTREL  /usr/lib/mysql/libmysqlclient_r.so
> > TEXTREL  /usr/lib/libmysqlclient.so
> > TEXTREL  /usr/lib/libmysqlclient.so.14.0.0
> > TEXTREL  /usr/lib/libmysqlclient_r.so
> > TEXTREL  /usr/lib/libmysqlclient_r.so.14.0.0
> 
> Looks like you do infact have textrels in your mysql. 
> I've seen this happen before when linked with a miscompiled
> libcrypto.so 
I've rebuilt openssl, but this hasn't helped...

> > > #2 
> > > scanelf -a /usr/lib/libmysqlclient.so.14
> > Nothing here
> 
> If nothing here then chances are your running scanelf while trying to
> enforce and no such policy exists for scanelf.
I must have done it wrong (it works even in enforcing mode now):

 TYPE    PAX   STK/REL/PTL TEXTREL RPATH BIND FILE
ET_DYN ---xe- RW- --- RW- TEXTREL   -
LAZY /usr/lib/libmysqlclient.so.14

> > > 
> > > #3 
 TYPE    PAX   STK/REL/PTL TEXTREL RPATH BIND FILE
ET_DYN ---xe- RW- R-- RW-    -      -   LAZY /lib/libcrypt.so.1
ET_DYN ---xe- RW- R-- RW-    -      -   LAZY /lib/libnsl.so.1
ET_DYN ---xe- RW- R-- RW-    -      -   LAZY /lib/libm.so.6
ET_DYN ---xe- RW- --- RW-    -      -   LAZY /lib/libz.so.1
ET_DYN ---xe- RW- R-- RW-    -      -   NOW /lib/libc.so.6



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

References:
- Re: [gentoo-hardened] mysql 4.1 requires shlib_t:file execmod?
  - From: Antoine Martin
- Re: [gentoo-hardened] mysql 4.1 requires shlib_t:file execmod?
  - From: Antoine Martin

Prev by Date: Re: MLS context?
Next by Date: Re: [gentoo-hardened] mysql 4.1 requires shlib_t:file execmod?
Previous by thread: Re: [gentoo-hardened] mysql 4.1 requires shlib_t:file execmod?
Next by thread: [ SEPOL 6 ] Fix all the bugs
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.