[rdiff-backup-users] [Fwd: Re: selinux and rdiff-backup]

rdiff-backup-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[rdiff-backup-users] [Fwd: Re: selinux and rdiff-backup]

From:	Farkas Levente
Subject:	[rdiff-backup-users] [Fwd: Re: selinux and rdiff-backup]
Date:	Wed, 16 Jul 2008 16:58:59 +0200
User-agent:	Thunderbird 2.0.0.14 (X11/20080501)

hi,

after a discussion with daniel i forward his mail to here. the mainquestion the /usr/lib/python2.4/site-packages/rdiff_backup/_librsync.sofile which requires textrel_shlib_t (why?) and cause problem in case ofselinux (bad default file content and memory protection problems).so why we need this? other *.so files under/usr/lib/python2.?/site-packages/ has only lib_t security context type.why rdiff-backup need textrel_shlib_t?

it'd be nice to fix in the next release.
yours.

-------- Original Message --------
Subject: Re: selinux and rdiff-backup
Date: Wed, 16 Jul 2008 10:03:38 -0400
From: Daniel J Walsh <address@hidden>
To: Farkas Levente <address@hidden>
References: <address@hidden> <address@hidden>
<address@hidden>

Farkas Levente wrote:

Daniel J Walsh wrote:

Farkas Levente wrote:

hi,
rdiff-backup use it's own rsync lib, but as it's reside here
/usr/lib/python2.4/site-packages/rdiff_backup/_librsync.so
restorecon always reset it's context
system_u:object_r:textrel_shlib_t:s0->system_u:object_r:lib_t:s0
so it's be useful to add to the rhel5 and fedora selinux policy (at
least in your selinux repo). on the other hand how can i prevent
restorecon to always restore this context (after i fix it manually)?
yours.


# semanage fcontext -a -t textrel_shlib_t
/usr/lib/python2.4/site-packages/rdiff_backup/_librsync.so
restorecon ...


thanks.

Have you reported this as a bug to rdiff-backup?


no is it an rdiff-backup bug? it an old known problem this page
http://www.sharedmemory.net/mywiki/RdiffbackupSelinux
last edited 2007-06-22.
i assume it's selinux problem. but if you like i can create a bugreport
for any of them. should i have to do?

They built the shared library incorrectly which is causing SELinux to
think the library needs execmod privs.

You can attach a link to for the bug

http://people.redhat.com/~drepper/selinux-mem.html


--
  Levente                               "Si vis pacem para bellum!"

[Prev in Thread]

Current Thread

[Next in Thread]

[rdiff-backup-users] [Fwd: Re: selinux and rdiff-backup], Farkas Levente <=
- Re: [rdiff-backup-users] [Fwd: Re: selinux and rdiff-backup], Andrew Ferguson, 2008/07/19
  - Re: [rdiff-backup-users] [Fwd: Re: selinux and rdiff-backup], Farkas Levente, 2008/07/24

Prev by Date: Re: [rdiff-backup-users] removing a single file from a backup
Next by Date: Re: [rdiff-backup-users] removing a single file from a backup
Previous by thread: [rdiff-backup-users] removing a single file from a backup
Next by thread: Re: [rdiff-backup-users] [Fwd: Re: selinux and rdiff-backup]
Index(es):
- Date
- Thread