From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <systemtap-return-13627-listarch-systemtap=sources.redhat.com@sourceware.org>
Received: (qmail 5132 invoked by alias); 17 Sep 2009 10:27:30 -0000
Received: (qmail 4898 invoked by uid 48); 17 Sep 2009 10:27:12 -0000
Date: Thu, 17 Sep 2009 10:27:00 -0000
Message-ID: <20090917102712.4897.qmail@sourceware.org>
From: "mjw at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: systemtap@sources.redhat.com
In-Reply-To: <20090903122458.10595.mjw@redhat.com>
References: <20090903122458.10595.mjw@redhat.com>
Reply-To: sourceware-bugzilla@sourceware.org
Subject: [Bug uprobes/10595] uprobe probes causes selinux failures
X-Bugzilla-Reason: AssignedTo
Mailing-List: contact systemtap-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <systemtap.sourceware.org>
List-Subscribe: <mailto:systemtap-subscribe@sourceware.org>
List-Post: <mailto:systemtap@sourceware.org>
List-Help: <mailto:systemtap-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: systemtap-owner@sourceware.org
X-SW-Source: 2009-q3/txt/msg00778.txt.bz2


------- Additional Comments From mjw at redhat dot com  2009-09-17 10:27 -------
For now I only fixed this for uprobe2 and only for kernels 2.6.28+

commit a82ac1f413712a375d5e14ef7641ce0abf7a6543
Author: Mark Wielaard <mjw@redhat.com>
Date:   Thu Sep 17 12:20:07 2009 +0200

    PR10595 Work around uprobe2 causing selinux failures for kernel 2.6.28+.
    
    We allocate a "fake" unlinked shmem file because anonymous
    memory might not be granted execute permission when the selinux
    security hooks have their way. Only do this for 2.6.28 or higher
    since shmem_file_setup() isn't exported before that.
    
    * runtime/uprobes2/uprobes.c (uprobe_setup_ssol_vma): Use shmem_file_setup
      to setup the ssol vma area when using 2.6.28+.

This incorporates the suggestions from Jim and Frank above.

For upstream the version checks are obviously not necessary, but I ran out of
time doing those plus the testing.

I'll keep the bug open till I also submitted a version for the upstream uprobes
code. And till we decided whether it makes sense to find some other workaround
for < 2.6.28 kernels and/or uprobes1 (I don't think we should really care, such
old systems often have much more relaxed selinux policies).

-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=10595

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.