I installed kernel 2.6.11-rc3-RT-V0.7.38-01 (compiled it from source) I did make oldconfig and enabled PREEMT_DESKTOP ,CONFIG_MK7 and ntfs support. After booting the kernel mysql don't start: It shows: Timeout error occurred trying to start MySQL Daemon. dmesg says: audit(1107676996.424:0): avc: denied { execmem } for pid=4806 comm=mysqld scontext=root:system_r:mysqld_t tcontext=root:system_r:mysqld_t tclass=process it works when I disabled selinux for mysqld. I am running the targeted policy.
dragoran schrieb:
I installed kernel 2.6.11-rc3-RT-V0.7.38-01 (compiled it from source) I did make oldconfig and enabled PREEMT_DESKTOP ,CONFIG_MK7 and ntfs support. After booting the kernel mysql don't start: It shows: Timeout error occurred trying to start MySQL Daemon. dmesg says: audit(1107676996.424:0): avc: denied { execmem } for pid=4806 comm=mysqld scontext=root:system_r:mysqld_t tcontext=root:system_r:mysqld_t tclass=process it works when I disabled selinux for mysqld. I am running the targeted policy.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
no solution?
On Sat, 12 Feb 2005 17:06:09 +0100, dragoran dragoran@feuerpokemon.de wrote:
dragoran schrieb:
I installed kernel 2.6.11-rc3-RT-V0.7.38-01 (compiled it from source) I did make oldconfig and enabled PREEMT_DESKTOP ,CONFIG_MK7 and ntfs support. After booting the kernel mysql don't start: It shows: Timeout error occurred trying to start MySQL Daemon. dmesg says: audit(1107676996.424:0): avc: denied { execmem } for pid=4806 comm=mysqld scontext=root:system_r:mysqld_t tcontext=root:system_r:mysqld_t tclass=process it works when I disabled selinux for mysqld. I am running the targeted policy.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
no solution?
Have you rerun the policy on the system? Also how far different is the selinux patch in the kernle you made from the standard Fedora one? Sorry for no better answers
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
Stephen J. Smoogen schrieb:
On Sat, 12 Feb 2005 17:06:09 +0100, dragoran dragoran@feuerpokemon.de wrote:
dragoran schrieb:
I installed kernel 2.6.11-rc3-RT-V0.7.38-01 (compiled it from source) I did make oldconfig and enabled PREEMT_DESKTOP ,CONFIG_MK7 and ntfs support. After booting the kernel mysql don't start: It shows: Timeout error occurred trying to start MySQL Daemon. dmesg says: audit(1107676996.424:0): avc: denied { execmem } for pid=4806 comm=mysqld scontext=root:system_r:mysqld_t tcontext=root:system_r:mysqld_t tclass=process it works when I disabled selinux for mysqld. I am running the targeted policy.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
no solution?
Have you rerun the policy on the system? Also how far different is the selinux patch in the kernle you made from the standard Fedora one? Sorry for no better answers
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
how do I rerun the policy? dunno how much differnt the patch it I don't applied any selinux patches...its the vanilla kernel+the realtimepreemt patch...
dragoran schrieb:
Stephen J. Smoogen schrieb:
On Sat, 12 Feb 2005 17:06:09 +0100, dragoran dragoran@feuerpokemon.de wrote:
dragoran schrieb:
I installed kernel 2.6.11-rc3-RT-V0.7.38-01 (compiled it from source) I did make oldconfig and enabled PREEMT_DESKTOP ,CONFIG_MK7 and ntfs support. After booting the kernel mysql don't start: It shows: Timeout error occurred trying to start MySQL Daemon. dmesg says: audit(1107676996.424:0): avc: denied { execmem } for pid=4806 comm=mysqld scontext=root:system_r:mysqld_t tcontext=root:system_r:mysqld_t tclass=process it works when I disabled selinux for mysqld. I am running the targeted policy.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
no solution?
Have you rerun the policy on the system? Also how far different is the selinux patch in the kernle you made from the standard Fedora one? Sorry for no better answers
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
how do I rerun the policy? dunno how much differnt the patch it I don't applied any selinux patches...its the vanilla kernel+the realtimepreemt patch...
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
I try to rebuild the kernel with this patch removed: http://marc.theaimsgroup.com/?l=linux-kernel&m=110200324503263&w=2 and see if it works....
dragoran schrieb:
dragoran schrieb:
Stephen J. Smoogen schrieb:
On Sat, 12 Feb 2005 17:06:09 +0100, dragoran dragoran@feuerpokemon.de wrote:
dragoran schrieb:
I installed kernel 2.6.11-rc3-RT-V0.7.38-01 (compiled it from source) I did make oldconfig and enabled PREEMT_DESKTOP ,CONFIG_MK7 and ntfs support. After booting the kernel mysql don't start: It shows: Timeout error occurred trying to start MySQL Daemon. dmesg says: audit(1107676996.424:0): avc: denied { execmem } for pid=4806 comm=mysqld scontext=root:system_r:mysqld_t tcontext=root:system_r:mysqld_t tclass=process it works when I disabled selinux for mysqld. I am running the targeted policy.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
no solution?
Have you rerun the policy on the system? Also how far different is the selinux patch in the kernle you made from the standard Fedora one? Sorry for no better answers
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
how do I rerun the policy? dunno how much differnt the patch it I don't applied any selinux patches...its the vanilla kernel+the realtimepreemt patch...
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
I try to rebuild the kernel with this patch removed: http://marc.theaimsgroup.com/?l=linux-kernel&m=110200324503263&w=2 and see if it works....
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
don't build ....
On Sat, 2005-02-12 at 11:06, dragoran wrote:
Timeout error occurred trying to start MySQL Daemon. dmesg says: audit(1107676996.424:0): avc: denied { execmem } for pid=4806 comm=mysqld scontext=root:system_r:mysqld_t tcontext=root:system_r:mysqld_t tclass=process it works when I disabled selinux for mysqld. I am running the targeted policy.
rpm -q mysql-server rpm -V mysql-server execstack -q /usr/libexec/mysqld
Stephen Smalley wrote:
On Sat, 2005-02-12 at 11:06, dragoran wrote:
Timeout error occurred trying to start MySQL Daemon. dmesg says: audit(1107676996.424:0): avc: denied { execmem } for pid=4806 comm=mysqld scontext=root:system_r:mysqld_t tcontext=root:system_r:mysqld_t tclass=process it works when I disabled selinux for mysqld. I am running the targeted policy.
rpm -q mysql-server rpm -V mysql-server execstack -q /usr/libexec/mysqld
[dragoran@chello062178124144 ~]$ rpm -q mysql-server mysql-server-3.23.58-14 [dragoran@chello062178124144 ~]$ rpm -V mysql-server [dragoran@chello062178124144 ~]$ execstack -q /usr/libexec/mysqld - /usr/libexec/mysqld [dragoran@chello062178124144 ~]$
On Mon, 2005-02-14 at 12:24, dragoran wrote:
[dragoran@chello062178124144 ~]$ rpm -q mysql-server mysql-server-3.23.58-14 [dragoran@chello062178124144 ~]$ rpm -V mysql-server [dragoran@chello062178124144 ~]$ execstack -q /usr/libexec/mysqld
- /usr/libexec/mysqld
[dragoran@chello062178124144 ~]$
Hmm...I have the same version here, same results as above, yet it does not trigger an execmem check on the current kernel.
for f in `ldd /usr/libexec/mysqld | awk '{print $3}'`; do if [ -f $f ]; then if readelf -d $f | grep -q TEXTREL ; then echo $f; fi; fi; done
Stephen Smalley schrieb:
On Mon, 2005-02-14 at 12:24, dragoran wrote:
[dragoran@chello062178124144 ~]$ rpm -q mysql-server mysql-server-3.23.58-14 [dragoran@chello062178124144 ~]$ rpm -V mysql-server [dragoran@chello062178124144 ~]$ execstack -q /usr/libexec/mysqld
- /usr/libexec/mysqld
[dragoran@chello062178124144 ~]$
Hmm...I have the same version here, same results as above, yet it does not trigger an execmem check on the current kernel.
for f in `ldd /usr/libexec/mysqld | awk '{print $3}'`; do if [ -f $f ]; then if readelf -d $f | grep -q TEXTREL ; then echo $f; fi; fi; done
this command prints nothing ;)
On Mon, 2005-02-14 at 12:50, dragoran wrote:
this command prints nothing ;)
/etc/init.d/mysqld stop strace -o mysqld.out -f -ff /etc/init.d/mysqld start &
Then send me the mysqld.out* files.
On Mon, 2005-02-14 at 13:20, dragoran wrote:
here are the mysql.out files (tar.bz2 archiv)
Ok. Notice the mprotect.*PROT_EXEC|PROT_GROWSDOWN call in mysqld.out.5275. Occurs after an open() of /lib/libgcc_s.so.1.
rpm -q -f /lib/libgcc_s.so.1 execstack -q /lib/libgcc_s.so.1
Stephen Smalley wrote:
On Mon, 2005-02-14 at 13:20, dragoran wrote:
here are the mysql.out files (tar.bz2 archiv)
Ok. Notice the mprotect.*PROT_EXEC|PROT_GROWSDOWN call in mysqld.out.5275. Occurs after an open() of /lib/libgcc_s.so.1.
rpm -q -f /lib/libgcc_s.so.1 execstack -q /lib/libgcc_s.so.1
[dragoran@chello062178124144 ~]$ rpm -q -f /lib/libgcc_s.so.1 libgcc-3.4.2-6.fc3 [dragoran@chello062178124144 ~]$ execstack -q /lib/libgcc_s.so.1 X /lib/libgcc_s.so.1 [dragoran@chello062178124144 ~]$
On Mon, 2005-02-14 at 13:49, dragoran wrote:
[dragoran@chello062178124144 ~]$ rpm -q -f /lib/libgcc_s.so.1 libgcc-3.4.2-6.fc3 [dragoran@chello062178124144 ~]$ execstack -q /lib/libgcc_s.so.1 X /lib/libgcc_s.so.1 [dragoran@chello062178124144 ~]$
Hmmm...same version here, but no executable stack. What is your architecture? What does 'rpm -V libgcc' show? Can you do an 'execstack -c /lib/libgcc_s.so.1'?
Stephen Smalley wrote:
On Mon, 2005-02-14 at 13:49, dragoran wrote:
[dragoran@chello062178124144 ~]$ rpm -q -f /lib/libgcc_s.so.1 libgcc-3.4.2-6.fc3 [dragoran@chello062178124144 ~]$ execstack -q /lib/libgcc_s.so.1 X /lib/libgcc_s.so.1 [dragoran@chello062178124144 ~]$
Hmmm...same version here, but no executable stack. What is your architecture? What does 'rpm -V libgcc' show? Can you do an 'execstack -c /lib/libgcc_s.so.1'?
My arch is i686 (athlon). rpm -V libgcc shows: SM5....T. /lib/libgcc_s-3.4.2-20041018.so.1
execstack -c /lib/libgcc_s.so.1 shows nothing.
On Mon, 2005-02-14 at 14:10, dragoran wrote:
My arch is i686 (athlon). rpm -V libgcc shows: SM5....T. /lib/libgcc_s-3.4.2-20041018.so.1
This means that it doesn't match the rpm database in various respects, i.e. S = size differs, M = mode differs, 5 = MD5 sum differs, T = mtime differs. Seems a little worrisome to me.
execstack -c /lib/libgcc_s.so.1 shows nothing.
Run execstack -q again on it to see if it did indeed clear the executable marker. But I'd be more worried about the rpm -V output at this point.
Stephen Smalley wrote:
On Mon, 2005-02-14 at 14:10, dragoran wrote:
My arch is i686 (athlon). rpm -V libgcc shows: SM5....T. /lib/libgcc_s-3.4.2-20041018.so.1
This means that it doesn't match the rpm database in various respects, i.e. S = size differs, M = mode differs, 5 = MD5 sum differs, T = mtime differs. Seems a little worrisome to me.
execstack -c /lib/libgcc_s.so.1 shows nothing.
Run execstack -q again on it to see if it did indeed clear the executable marker. But I'd be more worried about the rpm -V output at this point.
[dragoran@chello062178124144 ~]$ execstack -q /lib/libgcc_s-3.4.2-20041018.so.1 X /lib/libgcc_s-3.4.2-20041018.so.1 [dragoran@chello062178124144 ~]$ execstack -q /lib/libgcc_s.so.1 - /lib/libgcc_s.so.1 [dragoran@chello062178124144 ~]$
On Mon, 2005-02-14 at 14:23, dragoran wrote:
[dragoran@chello062178124144 ~]$ execstack -q /lib/libgcc_s-3.4.2-20041018.so.1 X /lib/libgcc_s-3.4.2-20041018.so.1 [dragoran@chello062178124144 ~]$ execstack -q /lib/libgcc_s.so.1
- /lib/libgcc_s.so.1
[dragoran@chello062178124144 ~]$
/lib/libgcc_s.so.1 is a symlink to /lib/libgcc_s-3.4.2-20041018.so.1 on a FC3 system here. And neither requires executable stack.
Have you rebuilt it from source?
Stephen Smalley wrote:
On Mon, 2005-02-14 at 14:23, dragoran wrote:
[dragoran@chello062178124144 ~]$ execstack -q /lib/libgcc_s-3.4.2-20041018.so.1 X /lib/libgcc_s-3.4.2-20041018.so.1 [dragoran@chello062178124144 ~]$ execstack -q /lib/libgcc_s.so.1
- /lib/libgcc_s.so.1
[dragoran@chello062178124144 ~]$
/lib/libgcc_s.so.1 is a symlink to /lib/libgcc_s-3.4.2-20041018.so.1 on a FC3 system here. And neither requires executable stack.
Have you rebuilt it from source?
no
On Tue, 2005-02-15 at 00:47, dragoran wrote:
Stephen Smalley wrote:
Have you rebuilt it from source?
no
Then it is time for forensics I think, i.e. you've been rooted or suffered some kind of corruption, and then it is time to re-install.
Stephen Smalley wrote:
On Tue, 2005-02-15 at 00:47, dragoran wrote:
Stephen Smalley wrote:
Have you rebuilt it from source?
no
Then it is time for forensics I think, i.e. you've been rooted or suffered some kind of corruption, and then it is time to re-install.
thanks I downloaded the libgcc rpm and did rpm -Uhv --force libgcc-3.4.2-6.fc3.i386.rpm and it seems to work now. [root@chello062178124144 Downloads]# rpm -V libgcc [root@chello062178124144 Downloads]# execstack -q /lib/libgcc_s-3.4.2-20041018.so.1 - /lib/libgcc_s-3.4.2-20041018.so.1 [root@chello062178124144 Downloads]#
On Mon, 2005-02-14 at 12:40, Stephen Smalley wrote:
Hmm...I have the same version here, same results as above, yet it does not trigger an execmem check on the current kernel.
for f in `ldd /usr/libexec/mysqld | awk '{print $3}'`; do if [ -f $f ]; then if readelf -d $f | grep -q TEXTREL ; then echo $f; fi; fi; done
Sorry, wrong test. How about: for f in `ldd /usr/libexec/mysqld | awk '{print $3}'`; do if [ -f $f ]; then if readelf -l $f | grep -q RWE ; then echo $f; fi; fi; done
selinux@lists.fedoraproject.org
-
dragoran -
Stephen John Smoogen -
Stephen Smalley