public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug dynamic-link/31230] New: PLT rewrite failed without SELinux
@ 2024-01-11 1:58 hjl.tools at gmail dot com
2024-01-11 9:41 ` [Bug dynamic-link/31230] " sam at gentoo dot org
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: hjl.tools at gmail dot com @ 2024-01-11 1:58 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31230
Bug ID: 31230
Summary: PLT rewrite failed without SELinux
Product: glibc
Version: 2.39
Status: NEW
Severity: normal
Priority: P2
Component: dynamic-link
Assignee: unassigned at sourceware dot org
Reporter: hjl.tools at gmail dot com
Target Milestone: ---
I backported PLT rewrite to my glibc and added
export GLIBC_TUNABLES=glibc.cpu.plt_rewrite=2
to my shell. Now I got
Jan 10 17:23:28 gnu-cfl-3 pipewire[2420]: /usr/bin/pipewire: error while
loading shared libraries: /lib64/libc.so.6: failed to change PLT back to
read-only
Jan 10 17:23:28 gnu-cfl-3 wireplumber[2711]: /usr/bin/wireplumber: error while
loading shared libraries: /lib64/libc.so.6: failed to change PLT back to
read-only
Jan 10 17:23:29 gnu-cfl-3 pipewire-pulse[3019]: /usr/bin/pipewire-pulse: error
while loading shared libraries: /lib64/libc.so.6: failed to change PLT back to
read-only
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug dynamic-link/31230] PLT rewrite failed without SELinux
2024-01-11 1:58 [Bug dynamic-link/31230] New: PLT rewrite failed without SELinux hjl.tools at gmail dot com
@ 2024-01-11 9:41 ` sam at gentoo dot org
2024-01-11 14:15 ` hjl.tools at gmail dot com
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: sam at gentoo dot org @ 2024-01-11 9:41 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31230
Sam James <sam at gentoo dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sam at gentoo dot org
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug dynamic-link/31230] PLT rewrite failed without SELinux
2024-01-11 1:58 [Bug dynamic-link/31230] New: PLT rewrite failed without SELinux hjl.tools at gmail dot com
2024-01-11 9:41 ` [Bug dynamic-link/31230] " sam at gentoo dot org
@ 2024-01-11 14:15 ` hjl.tools at gmail dot com
2024-01-15 14:59 ` cvs-commit at gcc dot gnu.org
2024-01-15 15:12 ` hjl.tools at gmail dot com
3 siblings, 0 replies; 5+ messages in thread
From: hjl.tools at gmail dot com @ 2024-01-11 14:15 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31230
--- Comment #1 from H.J. Lu <hjl.tools at gmail dot com> ---
/usr/lib/systemd/user/pipewire.service has
[Service]
LockPersonality=yes
MemoryDenyWriteExecute=yes
...
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug dynamic-link/31230] PLT rewrite failed without SELinux
2024-01-11 1:58 [Bug dynamic-link/31230] New: PLT rewrite failed without SELinux hjl.tools at gmail dot com
2024-01-11 9:41 ` [Bug dynamic-link/31230] " sam at gentoo dot org
2024-01-11 14:15 ` hjl.tools at gmail dot com
@ 2024-01-15 14:59 ` cvs-commit at gcc dot gnu.org
2024-01-15 15:12 ` hjl.tools at gmail dot com
3 siblings, 0 replies; 5+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2024-01-15 14:59 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31230
--- Comment #2 from Sourceware Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by H.J. Lu <hjl@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=457bd9cf2e27550dd66b2d8f3c5a8dbd0dfb398f
commit 457bd9cf2e27550dd66b2d8f3c5a8dbd0dfb398f
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Fri Jan 12 10:19:41 2024 -0800
x86-64: Check if mprotect works before rewriting PLT
Systemd execution environment configuration may prohibit changing a memory
mapping to become executable:
MemoryDenyWriteExecute=
Takes a boolean argument. If set, attempts to create memory mappings
that are writable and executable at the same time, or to change existing
memory mappings to become executable, or mapping shared memory segments
as executable, are prohibited.
When it is set, systemd service stops working if PLT rewrite is enabled.
Check if mprotect works before rewriting PLT. This fixes BZ #31230.
This also works with SELinux when deny_execmem is on.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug dynamic-link/31230] PLT rewrite failed without SELinux
2024-01-11 1:58 [Bug dynamic-link/31230] New: PLT rewrite failed without SELinux hjl.tools at gmail dot com
` (2 preceding siblings ...)
2024-01-15 14:59 ` cvs-commit at gcc dot gnu.org
@ 2024-01-15 15:12 ` hjl.tools at gmail dot com
3 siblings, 0 replies; 5+ messages in thread
From: hjl.tools at gmail dot com @ 2024-01-15 15:12 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=31230
H.J. Lu <hjl.tools at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
Target Milestone|--- |2.39
--- Comment #3 from H.J. Lu <hjl.tools at gmail dot com> ---
Fixed for 2.39.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-01-15 15:12 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-01-11 1:58 [Bug dynamic-link/31230] New: PLT rewrite failed without SELinux hjl.tools at gmail dot com
2024-01-11 9:41 ` [Bug dynamic-link/31230] " sam at gentoo dot org
2024-01-11 14:15 ` hjl.tools at gmail dot com
2024-01-15 14:59 ` cvs-commit at gcc dot gnu.org
2024-01-15 15:12 ` hjl.tools at gmail dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).