[DSE-Dev] Bug#758464: Bug#758464: selinux-policy-default: Impossible to use libvirt(d) if enforcing
Andreas Florath
andre at flonatel.org
Mon Aug 18 19:26:04 UTC 2014
Hello!
I had a closer look at the libvirt-bin package:
libvirt_driver_storage.so depends on librados.so, which is known
to use execstack:
https://lintian.debian.org/tags/shlib-with-executable-stack.html
root at nestor:~# ldd /usr/lib/libvirt/connection-driver/libvirt_driver_storage.so | grep rados
librados.so.2 => /usr/lib/x86_64-linux-gnu/librados.so.2 (0x00007f4dd575d000)
root at nestor:~# execstack -q /usr/lib/x86_64-linux-gnu/librados.so.2
X /usr/lib/x86_64-linux-gnu/librados.so.2
IMHO setting the execstack flag to "allow virtd_t self:process" is not a good idea.
Maybe one possibility is, to create a type for those 'special' libraries,
allow execstack for this type and add an appropriate transition?
Kind regards
Andre
More information about the SELinux-devel
mailing list