On Tue, 2005-06-28 at 22:27 +1000, Russell Coker wrote:
> > Jun 28 18:56:00 ben8600 kernel: audit(1119948960.209:0): avc: denied
> > { execmod } for pid=13420 comm=mingetty path=/lib/tls/libc-2.3.5.so
> > dev=hda11 ino=20455 scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:lib_t tclass=file
>
> That's an example of a .so file which is mis-labeled.
Not necessarily. Prior to -3.13, shlib_t was a typealias for lib_t in
the targeted policy, so it would be normal for audit messages to display
lib_t here for a .so. Real question is why is an execmod check being
triggered on /lib/tls/libc-2.3.5.so, as it should only occur on attempts
to make executable a previously modified private file mapping, typically
text relocation.
--
Stephen Smalley
National Security Agency
