| ²é¿´: 328 | »Ø¸´: 0 | |||
shuo2008½ð³æ (ÕýʽдÊÖ)
|
[½»Á÷]
¡¾ÇóÖú¡¿Ìí¼ÓÊÚȨʱ³öÏֵľ¯¸æ£¡
|
|
ÕâÊÇʲôÔÒòÄØ£¿Õâ¸úÊÚȨÎļþ¾³£Ê§Ð§ÓÐûÓйØϵ£¿ ´íÎóÈçÏ£º ÕªÒª: SELinux is preventing lp_admin_gui from loading /home/ms5/Accelrys/LicensePack/linux/lib/libls_license_g323.so which requires text relocation. ÏêϸµÄÃèÊö: [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] The lp_admin_gui application attempted to load /home/ms5/Accelrys/LicensePack/linux/lib/libls_license_g323.so which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests (http://people.redhat.com/drepper/selinux-mem.html) web page explains how to remove this requirement. You can configure SELinux temporarily to allow /home/ms5/Accelrys/LicensePack/linux/lib/libls_license_g323.so to use relocation as a workaround, until the library is fixed. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. ÕýÔÚÔÊÐí·ÃÎÊ: If you trust /home/ms5/Accelrys/LicensePack/linux/lib/libls_license_g323.so to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t '/home/ms5/Accelrys/LicensePack/linux/lib/libls_license_g323.so'" You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t textrel_shlib_t '/home/ms5/Accelrys/LicensePack/linux/lib/libls_license_g323.so'" ÒÔÏÂÃüÁÔÊÐíÕâ¸öȨÏÞ: chcon -t textrel_shlib_t '/home/ms5/Accelrys/LicensePack/linux/lib/libls_license_g323.so' ¸½¼ÓµÄÐÅÏ¢: Ô´ÉÏÏÂÎÄ user_u:system_r:unconfined_t Ä¿±êÉÏÏÂÎÄ user_u  bject_r:user_home_tÄ¿±ê¶ÔÏó /home/ms5/Accelrys/LicensePack/linux/lib/libls_lic ense_g323.so [ file ] Source lp_admin_gui Source Path /home/ms5/Accelrys/LicensePack/linux/bin/rt_bin/lp _admin_gui Port <δ֪µÄ> Host localhost.localdomain Source RPM Packages Target RPM Packages ²ßÂÔ RPM selinux-policy-2.4.6-255.el5 Selinux ¼¤»î True ²ßÂÔÀàÐÍ targeted MLS ¼¤»î True Ç¿ÖÆģʽ Permissive ²å¼þÃû³Æ allow_execmod Ö÷»úÃû localhost.localdomain ƽ̨ Linux localhost.localdomain 2.6.18-164.el5xen #1 SMP Thu Sep 3 04:03:03 EDT 2009 x86_64 x86_64 ¾¯¸æ¼ÇÊý 7 First Seen 2010Äê08ÔÂ26ÈÕ ÐÇÆÚËÄ 19ʱ05·Ö40Ãë Last Seen 2010Äê11ÔÂ16ÈÕ ÐÇÆÚ¶þ 12ʱ06·Ö54Ãë Local ID 7d387ecc-6d06-42b1-a4db-55bd534bf4ac ÐÐÊý Ôʼ Audit ÏûÏ¢ host=localhost.localdomain type=AVC msg=audit(1289880414.697:165): avc: denied { execmod } for pid=9699 comm="lp_admin_gui" path="/home/ms5/Accelrys/LicensePack/linux/lib/libls_license_g323.so" dev=dm-0 ino=112755416 scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u bject_r:user_home_t:s0 tclass=filehost=localhost.localdomain type=SYSCALL msg=audit(1289880414.697:165): arch=40000003 syscall=125 success=yes exit=0 a0=f7d2c000 a1=1ea000 a2=5 a3=ffbd07f0 items=0 ppid=9596 pid=9699 auid=502 uid=502 gid=100 euid=502 suid=502 fsuid=502 egid=100 sgid=100 fsgid=100 tty=pts1 ses=23 comm="lp_admin_gui" exe="/home/ms5/Accelrys/LicensePack/linux/bin/rt_bin/lp_admin_gui" subj=user_u:system_r:unconfined_t:s0 key=(null) |
»Ø¸´´ËÂ¥» ²ÂÄãϲ»¶
²ÄÁÏ¿ÆѧÓ빤³Ì320Çóµ÷¼Á£¬080500
ÒѾÓÐ4È˻ظ´
-
0703µ÷¼Á£¬Ò»Ö¾Ô¸Ìì½ò´óѧ319·Ö
ÒѾÓÐ17È˻ظ´
-
Ò»Ö¾Ô¸211£¬0703»¯Ñ§305·ÖÇóµ÷¼Á
ÒѾÓÐ5È˻ظ´
-
0703»¯Ñ§µ÷¼Á 348·Ö
ÒѾÓÐ6È˻ظ´
-
273Çóµ÷¼Á
ÒѾÓÐ11È˻ظ´
-
308Çóµ÷¼Á
ÒѾÓÐ5È˻ظ´
-
²ÄÁÏÓ뻯¹¤363ÇóÍƼö
ÒѾÓÐ11È˻ظ´
-
²ÄÁϵ÷¼Á
ÒѾÓÐ12È˻ظ´
-
ÉúÎïѧµ÷¼Á ¿Éµ÷¼Áµ½ÉúÎïÓëÒ½Ò©
ÒѾÓÐ3È˻ظ´
-
304Çóµ÷¼Á
ÒѾÓÐ11È˻ظ´
