On Mon, 2 May 2011 00:49:33 +0100 (BST)
Patrick Dupre wrote:

> The file ttt.so is generate by myself in user mode and I cannot access it.
> This strange !!
> how can I get rid of this problem ?

I've seen something like this before. I believe you have to
add some flags when linking to mark the object file as
promising not to execute on the stack. The default linker
options don't do this, so selinux assumes the worst.

I'm afraid I don't remember the details of how you add those
flags though.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

On 05/02/2011 01:49 AM, Patrick Dupre wrote:
> cannot restore segment prot after reloc

From a little googling I understand this should fix the error:

chcon -t texrel_shlib_t
/home/pdupre/Spectroscopy/test/blib/arch/auto/ttt/ttt.so

Iirc the actual fix has something to do with compiler flags and not
touching the stack (or something like that).

Regards,
Patrick
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

On Sun, 1 May 2011 19:58:36 -0400
Tom Horsley wrote:

> On Mon, 2 May 2011 00:49:33 +0100 (BST)
> Patrick Dupre wrote:
>
> > The file ttt.so is generate by myself in user mode and I cannot access it.
> > This strange !!
> > how can I get rid of this problem ?
>
> I've seen something like this before. I believe you have to
> add some flags when linking to mark the object file as
> promising not to execute on the stack. The default linker
> options don't do this, so selinux assumes the worst.
>
> I'm afraid I don't remember the details of how you add those
> flags though.

Found a good page on this. I bet you have some assembly code
as part of your library, and the source is missing the magic
voo-doo to promise never to execute the stack, so they
taint the whole object file.

Here's a good reference (a gentoo page, but not really
gentoo specific):

http://www.gentoo.org/proj/en/hardened/gnu-stack.xml
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

On Sunday, May 01, 2011 20:00:51 Patrick Lists wrote:
> On 05/02/2011 01:49 AM, Patrick Dupre wrote:
> > cannot restore segment prot after reloc
>
> From a little googling I understand this should fix the error:
>
> chcon -t texrel_shlib_t
> /home/pdupre/Spectroscopy/test/blib/arch/auto/ttt/ttt.so
>
> Iirc the actual fix has something to do with compiler flags and not
> touching the stack (or something like that).

Your work-around will get it done, but...

Dont't do that. Make a position independent library so relocation is
not needed.

Compile with -fpic and you won't require relocation.

By the way, this has nothing to do with execution on the stack.

--
Garry Williams
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

On Sun, 1 May 2011, Garry T. Williams wrote:


On Sunday, May 01, 2011 20:00:51 Patrick Lists wrote:

On 05/02/2011 01:49 AM, Patrick Dupre wrote:

cannot restore segment prot after reloc


From a little googling I understand this should fix the error:

chcon -t texrel_shlib_t
/home/pdupre/Spectroscopy/test/blib/arch/auto/ttt/ttt.so

Iirc the actual fix has something to do with compiler flags and not
touching the stack (or something like that).


Your work-around will get it done, but...

Dont't do that. Make a position independent library so relocation is
not needed.

Compile with -fpic and you won't require relocation.

THis does not help.
It seems that it is an issue with libstdc++-3-libc6.2-2-2.10.0.so
But I cannot recompile the code. the source is not available
compat-libstdc++-296-2.96-143.src.rpm / compat-gcc-296-2.96-143.src.rpm

It should be on download.fedora.redhat.com which is done.

--
---
================================================== ========================
Patrick DUPRÉ | |
Department of Chemistry | | Phone: (44)-(0)-1904-434384
The University of York | | Fax: (44)-(0)-1904-432516
Heslington | |
York YO10 5DD United Kingdom | | email: patrick.dupre@york.ac.uk
================================================== ========================--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Hi all,

What is the current state of SELinux in debian? The page about it in the
Wiki seems a bit out of date.

Thanks


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 50042B76.6010800@gmsl.co.uk">http://lists.debian.org/50042B76.6010800@gmsl.co.uk