[DSE-Dev] SELinux prevents service from loading shared libraries -- no corresponding audit messages
Christopher-A. Kopel
kopel at student.tugraz.at
Mon Jun 11 22:11:27 BST 2018
Hi once again,
Since I haven't received any answer to my problem I assume that no one
within this list could think of any reason for it. In the meantime I
figured out what was going on, so for the case that anyone might face
the same trouble, here is the solution:
The point was that whenever a shared library is to be loaded, the loader
searches some certain directories, which are defined at different
locations (Not only the environment variable LD_LIBRARY_PATH but some
other variables and some config files as well, depending on the
platform). The amazing thing is that as soon as the "search" access is
not permitted by the SELinux policy for any of these directories, the
loader aborts everything, even if the access to the directory that
actually contains the necessary library would be permitted. Furthermore,
when in permissive mode, these access denials are not logged to the
audit.log, which I don't quite understand. -- Anyway, to get the thing
running, you have to allow "search" access to all directories searched
by the loader.
Cheers,
Chris
More information about the SELinux-devel
mailing list