#356 ffcall SELlinux violation on Fedora Core 5

build problems
closed-fixed
ffcall (13)
5
2017-11-08
2006-07-30
No

Clisp version 2.39 fails to build on Fedora Core 5
with SELinux enabled.

The output from the compilation is:
/bin/sh ./libtool --mode=link gcc -x none test2.o
trampoline.lo -o test2
gcc -x none test2.o trampoline.o -o test2
./test1
trampoline: cannot make memory executable
make[2]: *** [check] Aborted
make[2]: Leaving directory
`/home/gemi/Projects/fedora/extras/clisp/FC-5/clisp-2.39/build/callback/trampoline_r'
make[1]: *** [check-subdirs] Error 2
make[1]: Leaving directory
`/home/gemi/Projects/fedora/extras/clisp/FC-5/clisp-2.39/build/callback'
./configure: despite --with-dynamic-ffi, FFCALL could
not be built

The output in audit.log is:
type=AVC msg=audit(1154277453.270:515): avc: denied {
execheap } for pid=6764 comm="test1"
scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process

Thus there is a violation of the heap execution
policy of SELinux.

This appeared in clisp 2.39, no problem with previous
versions.

Discussion

  • Sam Steingold

    Sam Steingold - 2008-01-22
    • status: open --> closed-out-of-date
     
  • Bruno Haible

    Bruno Haible - 2017-02-02
    • status: closed-out-of-date --> closed-fixed
     
  • Bruno Haible

    Bruno Haible - 2017-11-08
     
  • Bruno Haible

    Bruno Haible - 2017-11-08

    Code that avoids this "cannot make memory executable" error was added in libffcall-2.0.

     

Log in to post a comment.