|
|
Re: [GHC] #738: ghc can't load files with selinux Enforcing: msg#00008lang.haskell.glasgow.bugs
#738: ghc can't load files with selinux Enforcing -----------------------------------------+---------------------------------- Reporter: jon.fairbairn@xxxxxxxxxxxx | Owner: Type: bug | Status: new Priority: normal | Milestone: Component: Runtime System | Version: 6.4.1 Severity: major | Resolution: Keywords: | Os: Linux Difficulty: Unknown | Architecture: x86_64 (amd64) -----------------------------------------+---------------------------------- Comment (by simonmar): More comments from Jon: > Is this at all related to #703? No idea. >> I have no idea what SELinux "enforcing" mode does. It enforces the policies... I think permissive mode just logs things, but enforcing mode actually stops them. >> It looks like SELinux doesn't like us using mprotect() to >> make dynamically-allocated memory executable. This is >> required for things like 'foreign import "wrapper"', >> because we have to generate dynamic code. The audit log entry in Enforcing mode is this: {{{ type=AVC msg=audit(1144148747.937:6073): avc: denied { execheap } for pid=18253 comm="ghc-6.4.1" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process }}} whereas in Permissive mode I find this: {{{ type=AVC msg=audit(1144148449.336:5974): avc: denied { execheap } for pid=18056 comm="ghc-6.4.1" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process }}} ie the same, except that ghci loads the file OK. >> Can anyone shed any more light here? Not much; I can't say I understand SELinux, but I think the answer is probably in here: [http://people.redhat.com/drepper/selinux-mem.html] >> It's possible we could mmap() instead, I suppose. It looks like you have to do that, and even so will need to take steps to avaid getting an execmem denial. -- Ticket URL: <http://hackage.haskell.org/trac/ghc/ticket/738> GHC <http://www.haskell.org/ghc/> The Glasgow Haskell Compiler_______________________________________________ Glasgow-haskell-bugs mailing list Glasgow-haskell-bugs@xxxxxxxxxxx http://www.haskell.org/mailman/listinfo/glasgow-haskell-bugs
|
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: ghci bug on initialization, Simon Marlow |
|---|---|
| Next by Date: | Re: [GHC] #738: ghc can't load files with selinux Enforcing, GHC |
| Previous by Thread: | Re: [GHC] #738: ghc can't load files with selinux Enforcing, GHC |
| Next by Thread: | Re: [GHC] #738: ghc can't load files with selinux Enforcing, GHC |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |