On Tue, Nov 23, 2010 at 2:22 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
>>> I am experiencing the following problem with SELinux on F14:
>>>
>>> Nov 23 12:49:33 localhost kernel: [ 4881.260409] type=1400
>>> audit(1290516573.348:31748): avc: denied { execstack } for
>>> pid=14597 comm="myprogram"
>>> scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>>> tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>>> tclass=process
>>>
>>> How can I circumvent that?
>>
>> The application is trying to execute code on its stack - which usually
>> means it is either buggy or being exploited.
>>
>> What is "myprogram" ?
> Stop running bad programs. :*
>
> If the app is written using a tool like java/mono or something like
> this, it may be required.
>
> You have two choices you can either label it execmem_exec_t.
>
> # semanage fcontext -a -t execmem_exec_t PATHTOMYPROGRAM
> # restorecon PATHTOMYPROGRAM
>
> Or you can turn the check off altogether by executing
>
> # setsebool -P allow_execstack 1
Thanks, Daniel. Let me add some more information:
/home/psmith/programs/myprogram: error while loading shared libraries:
/home/psmith/gurobi400/linux64/lib/libgurobi.so.4.0.0: cannot enable
executable stack as shared object requires: Permission denied
Paul
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
