diff options
| author | Joseph Hunkeler <jhunkeler@gmail.com> | 2015-03-05 12:53:09 -0500 |
|---|---|---|
| committer | Joseph Hunkeler <jhunkeler@gmail.com> | 2015-03-05 12:53:09 -0500 |
| commit | 832b4b34ff8ce84a13751883c0822c16c152fe48 (patch) | |
| tree | edb4d7050c37ade55bc543de80e76e58c4486908 /doc/FIXING_SELINUX_ISSUES | |
| parent | 8f848043369b49e861942ce132181fed2c53c2d3 (diff) | |
| download | calfuse-832b4b34ff8ce84a13751883c0822c16c152fe48.tar.gz | |
Massive rework
Diffstat (limited to 'doc/FIXING_SELINUX_ISSUES')
| -rw-r--r-- | doc/FIXING_SELINUX_ISSUES | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/doc/FIXING_SELINUX_ISSUES b/doc/FIXING_SELINUX_ISSUES new file mode 100644 index 0000000..548077b --- /dev/null +++ b/doc/FIXING_SELINUX_ISSUES @@ -0,0 +1,84 @@ + +------------------------------------------------------------------------------- + Fixing issues due to SELinux +------------------------------------------------------------------------------- + +While installing CalFUSE 3.2.0 on Scientific Linux V 5.0 the following +SELinux issues came up. SELinux points to these web pages for a more +detailed explanation of the issues: +http://people.redhat.com/drepper/selinux-mem.html and +http://people.redhat.com/drepper/textrelocs.html + +A suggestion from the http://people.redhat.com/drepper/textrelocs.html +web page is to compile the c libraries with -fpic or -fPIC. + +The first SELinux issue maybe related to this being a new install of Scientific Linux and +not truly related to CalFUSE. + + +Summary +------- + +SELinux is preventing access to files with the label, file_t. + +Detailed Description + +SELinux permission checks on files labeled file_t are being +denied. file_t is the context the SELinux kernel gives to files that do not have a label. +This indicates a serious labeling problem. No files on an SELinux box should ever be +labeled file_t. If you have just +added a new disk drive to the system you can relabel it using the restorecon command. +Otherwise you should relabel the entire files system. + +Allowing Access + +You can execute the following command as root to relabel your computer +system: + +touch /.autorelabel; reboot + +Note that this will reboot your computer system. + + +Summary +------- + +SELinux is preventing /calfuse/v3.2/bin/cf_hist_init from loading +/calfuse/v3.2/lib/libcf.so, +/calfuse/v3.2/lib/libsla.so, and +/calfuse/v3.2/lib/libcfitsio-2.470.so +which require text relocation. + + +Detailed Description + +The /calfuse/v3.2/bin/cf_hist_init application attempted to load +/calfuse/v3.2/lib/libcf.so, +/calfuse/v3.2/lib/libsla.so, and +/calfuse/v3.2/lib/libcfitsio-2.470.so +which require text relocation. This is a potential security problem. Most libraries do +not need this permission. Libraries are sometimes coded incorrectly and request this +permission. The SELinux Memory Protection Tests web page explains how to remove this +requirement. You can configure SELinux temporarily to allow +/calfuse/v3.2/lib/libcf.so, +/calfuse/v3.2/lib/libsla.so, and +/calfuse/v3.2/lib/libcfitsio-2.470.so +to use relocation as a workaround, until the libraries are fixed. +Please file a bug report against this package. + +Allowing Access + +If you trust +/calfuse/v3.2/lib/libcf.so, +/calfuse/v3.2/lib/libsla.so, and +/calfuse/v3.2/lib/libcfitsio-2.470.so +to run correctly, you can change the file context to textrel_shlib_t. + +The following commands will allow this access: + +chcon -t textrel_shlib_t /calfuse/v3.2/lib/libcf.so +chcon -t textrel_shlib_t /calfuse/v3.2/lib/libsla.so +chcon -t textrel_shlib_t /calfuse/v3.2/lib/libcfitsio-2.470.so + + +- Michael E. Van Steenberg |