Re: "denied" error message
On Wed, 2007-07-25 at 16:03 -0400, Bill Tangren wrote:
Bill Tangren wrote:
> I have the following error message showing up in my audit logs. This is
> on an SELinux-enabled web server (running RHEL ES 4, fully patched).
> This is actually an selinux error, so if this not the correct place to
> ask this question, please let me know.
>
Never mind. I got at least a partial answer by googling NSA's selinux mailing
list archive. I quote from one of those pages:
"Typically, that audit message suggests that kernel is translating PROT_READ
requests by that binary to PROT_READ|PROT_EXECUTE in order to provide
compatibility with "legacy" binaries that presumed read-implies-exec
logic."
This is an old program that is calling shared libraries. It isn't hurting the
program, but it is filling up my audit logs. I guess I'll leave it alone.
Thanks anyway.
Options:
- Rebuild the program with current compiler toolchain.
- Try to mark the program as not requiring an executable stack,
cp /location/of/bin/aa_pap8 /location/of/bin/aa_pap8.orig
execstack -c /location/of/bin/aa_pap8
- Modify your policy to dontaudit the permission or to allow it, as
required.
--
Stephen Smalley
National Security Agency