Ticket #3 (closed defect: fixed)
SELinux is preventing sip_im_session from loading
| Reported by: | MichielLeenaars | Owned by: | support@ag-projects.com |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | Audio | Version: | 0.3.0 |
| Keywords: | Cc: |
Description
Samenvatting:
SELinux is preventing sip_im_session from loading /usr/lib/python2.5/site-packages/sipclient-0.3.0-py2.5-linux-i686.egg/pypjua/_pjsip.so which requires text relocation.
Gedetailleerde omschrijving:
The sip_im_session application attempted to load /usr/lib/python2.5/site-packages/sipclient-0.3.0-py2.5-linux-i686.egg/pypjua/_pjsip.so which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests ( http://people.redhat.com/drepper/selinux-mem.html) web page explains how to remove this requirement. You can configure SELinux temporarily to allow /usr/lib/python2.5/site-packages/sipclient-0.3.0-py2.5-linux-i686.egg/pypjua/_pjsip.so to use relocation as a workaround, until the library is fixed. Please file a bug report ( http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
Allowing Access:
If you trust /usr/lib/python2.5/site-packages/sipclient-0.3.0-py2.5-linux-i686.egg/pypjua/_pjsip.so to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t '/usr/lib/python2.5/site-packages/sipclient-0.3.0-py2.5-linux-i686.egg/pypjua/_pjsip.so'" You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t textrel_shlib_t '/usr/lib/python2.5/site-packages/sipclient-0.3.0-py2.5-linux-i686.egg/pypjua/_pjsip.so'"
Fix Command:
chcon -t textrel_shlib_t '/usr/lib/python2.5/site-packages/sipclient-0.3.0-py2.5-linux-i686.egg/pypjua/_pjsip.so'
Additionele informatie:
Source Context unconfined_u:unconfined_r:unconfined_t:s0 Target Context unconfined_u:object_r:lib_t:s0 Target Objects /usr/lib/python2.5/site-packages/sipclient-0.3.0-p
y2.5-linux-i686.egg/pypjua/_pjsip.so [ file ]
Bron sip_im_session Source Path /usr/bin/python Poort <Onbekend> Host fd.taste Source RPM Packages python-2.5.2-1.fc10 Target RPM Packages Policy RPM selinux-policy-3.5.13-18.fc10 SELinux aangezet True Policy Type targeted MLS aangezet True Enforcing Mode Enforcing Pluginnaam allow_execmod Hostnaam fd.taste Platform Linux fd.taste 2.6.27.5-117.fc10.i686 #1 SMP Tue
Nov 18 12:19:59 EST 2008 i686 i686
Aantal waarschuwingen 2 Eerst gezien op za 29 nov 2008 03:36:12 CET Laatst gezien op za 29 nov 2008 03:36:24 CET Local ID b9ebb718-3798-423f-ad8a-496778e2aef1 Regelnummers
Raw Audit Messages
node=fd.taste type=AVC msg=audit(1227926184.725:41): avc: denied { execmod } for pid=11163 comm="sip_im_session" path="/usr/lib/python2.5/site-packages/sipclient-0.3.0-py2.5-linux-i686.egg/pypjua/_pjsip.so" dev=sda12 ino=374953 scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:lib_t:s0 tclass=file
node=fd.taste type=SYSCALL msg=audit(1227926184.725:41): arch=40000003 syscall=125 success=no exit=-13 a0=762000 a1=165000 a2=5 a3=bfb29270 items=0 ppid=11025 pid=11163 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts5 ses=1 comm="sip_im_session" exe="/usr/bin/python" subj=unconfined_u:unconfined_r:unconfined_t:s0 key=(null)
