[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[rdiff-backup-users] [Fwd: Re: selinux and rdiff-backup]
From: |
Farkas Levente |
Subject: |
[rdiff-backup-users] [Fwd: Re: selinux and rdiff-backup] |
Date: |
Wed, 16 Jul 2008 16:58:59 +0200 |
User-agent: |
Thunderbird 2.0.0.14 (X11/20080501) |
hi,
after a discussion with daniel i forward his mail to here. the main
question the /usr/lib/python2.4/site-packages/rdiff_backup/_librsync.so
file which requires textrel_shlib_t (why?) and cause problem in case of
selinux (bad default file content and memory protection problems).
so why we need this? other *.so files under
/usr/lib/python2.?/site-packages/ has only lib_t security context type.
why rdiff-backup need textrel_shlib_t?
it'd be nice to fix in the next release.
yours.
-------- Original Message --------
Subject: Re: selinux and rdiff-backup
Date: Wed, 16 Jul 2008 10:03:38 -0400
From: Daniel J Walsh <address@hidden>
To: Farkas Levente <address@hidden>
References: <address@hidden> <address@hidden>
<address@hidden>
Farkas Levente wrote:
Daniel J Walsh wrote:
Farkas Levente wrote:
hi,
rdiff-backup use it's own rsync lib, but as it's reside here
/usr/lib/python2.4/site-packages/rdiff_backup/_librsync.so
restorecon always reset it's context
system_u:object_r:textrel_shlib_t:s0->system_u:object_r:lib_t:s0
so it's be useful to add to the rhel5 and fedora selinux policy (at
least in your selinux repo). on the other hand how can i prevent
restorecon to always restore this context (after i fix it manually)?
yours.
# semanage fcontext -a -t textrel_shlib_t
/usr/lib/python2.4/site-packages/rdiff_backup/_librsync.so
restorecon ...
thanks.
Have you reported this as a bug to rdiff-backup?
no is it an rdiff-backup bug? it an old known problem this page
http://www.sharedmemory.net/mywiki/RdiffbackupSelinux
last edited 2007-06-22.
i assume it's selinux problem. but if you like i can create a bugreport
for any of them. should i have to do?
They built the shared library incorrectly which is causing SELinux to
think the library needs execmod privs.
You can attach a link to for the bug
http://people.redhat.com/~drepper/selinux-mem.html
--
Levente "Si vis pacem para bellum!"
- [rdiff-backup-users] [Fwd: Re: selinux and rdiff-backup],
Farkas Levente <=