[DSE-Dev] SELinux prevents service from loading shared libraries -- no corresponding audit messages

Christopher-A. Kopel kopel at student.tugraz.at
Mon Jun 11 22:11:27 BST 2018

Hi once again,

Since I haven't received any answer to my problem I assume that no one 
within this list could think of any reason for it. In the meantime I 
figured out what was going on, so for the case that anyone might face 
the same trouble, here is the solution:

The point was that whenever a shared library is to be loaded, the loader 
searches some certain directories, which are defined at different 
locations (Not only the environment variable LD_LIBRARY_PATH but some 
other variables and some config files as well, depending on the 
platform). The amazing thing is that as soon as the "search" access is 
not permitted by the SELinux policy for any of these directories, the 
loader aborts everything, even if the access to the directory that 
actually contains the necessary library would be permitted. Furthermore, 
when in permissive mode, these access denials are not logged to the 
audit.log, which I don't quite understand. -- Anyway, to get the thing 
running, you have to allow "search" access to all directories searched 
by the loader.



More information about the SELinux-devel mailing list