[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gentoo-hardened] mysql 4.1 requires shlib_t:file execmod?
On Sunday 23 October 2005 03:31, Antoine Martin <antoine@xxxxxxxxxxxxx> wrote:
> On Sat, 2005-10-22 at 19:24 +0200, pageexec@xxxxxxxxxxx wrote:
> > On 22 Oct 2005 at 17:37, Antoine Martin wrote:
> > > scanelf -T /usr/lib/libmysqlclient.so.14
> > > shows nothing at all.
> > > (I also tried adding a -R, even -a shows nothing!)
> >
> > ok, so it's not textrels, can you post an strace output then?
>
> Ah, I thought I could, but strace won't run in enforcing mode (which is
> needed to make it break) strace: ptrace(PTRACE_TRACEME, ...): Permission
> denied
It's easy to modify policy to allow this:
can_ptrace(sysadm_t, mysqld_t)
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
This mailing list archive is a service of Copilot Consulting.