dbfdg
3
nma�������������������@���sT���d�d�l�Z�d�d�l�T�d�d�l�Z�e�j�d�d�d��Z�e�j�Z�d�d�l�T�d�d�l�m�Z���G�d�d��d�e��Z�d�S�) ����N)��*z�setroubleshoot-pluginsT)�Z�fallback)��Pluginc����������������@���s���e�Z�d�Z�e�d��Z�e�d��Z�e�d��Z�d�Z�e�d��Z�d�Z d�Z
d�Z�d Z�d
Z
d�Z�d�Z�d
d��Z�d�d��Z�d�d��Z�d�d��Z�d�d��Z�d�d��Z�d�d��Z�d�S�)��pluginzf
SELinux is preventing $SOURCE_PATH from loading $TARGET_PATH which requires text relocation.
aC���
The $SOURCE application attempted to load $TARGET_PATH which
requires text relocation. This is a potential security problem.
Most libraries do not need this permission. Libraries are
sometimes coded incorrectly and request this permission. The
SELinux Memory Protection Tests
web page explains how to remove this requirement. You can configure
SELinux temporarily to allow $TARGET_PATH to use relocation as a
workaround, until the library is fixed. Please file a bug report.
a���
The $SOURCE application attempted to load $TARGET_PATH which
requires text relocation. This is a potential security problem.
Most libraries should not need this permission. The
SELinux Memory Protection Tests
web page explains this check. This tool examined the library and it looks
like it was built correctly. So setroubleshoot can not determine if this
application is compromised or not. This could be a serious issue. Your
system may very well be compromised.
Contact your security administrator and report this issue.
z:Contact your security administrator and report this issue.aR���
If you trust $TARGET_PATH to run correctly, you can change the
file context to textrel_shlib_t. "chcon -t textrel_shlib_t
'$TARGET_PATH'"
You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t textrel_shlib_t '$FIX_TARGET_PATH'"
z6If this issue occurred during normal system operation.zThis alert could be a serious issue and your system could be compromised. Setroubleshoot examined '$FIX_TARGET_PATH' to make sure it was built correctly, but can not determine if this application has been compromised.z9Contact your security administrator and report this issuezOIf you trust $TARGET_PATH to run correctly and want to allow $SOURCE to load itzFYou need to change the label on '$FIX_TARGET_PATH' to textrel_shlib_t.z# chcon -t textrel_shlib_t '$FIX_TARGET_PATH'
If you want this to survive a relabel, execute
# semanage fcontext -a -t textrel_shlib_t '$FIX_TARGET_PATH';restorecon -v '$FIX_TARGET_PATH'
zo/usr/sbin/semanage fcontext -a -t textrel_shlib_t '$FIX_TARGET_PATH';/usr/sbin/restorecon -v '$FIX_TARGET_PATH'c����������������C���s����t�|��d�k�r�d�|�_�d�|�_�d�S�)�Nr����FT)��len�fixableZ
report_bug)��self�args�r ���2/usr/share/setroubleshoot/plugins/allow_execmod.py init_argsV���s����������z�plugin.init_argsc����������������C���s����t�|��d�k�r�|�j�S�|�j�S�)�Nr����)�r�����unsafe_problem_description�problem_description)�r�����avcr����r ���r ���r
����get_problem_description[���s����������z�plugin.get_problem_descriptionc����������������C���s����t�|��d�k�r�|�j�S�|�j�S�)�Nr����)�r�����unsafe_if_text�if_text)�r����r����r����r ���r ���r
����get_if_text`���s����������z�plugin.get_if_textc����������������C���s����t�|��d�k�r�|�j�S�|�j�S�)�Nr����)�r�����unsafe_then_text then_text)�r����r����r����r ���r ���r
���
get_then_texte���s����������z�plugin.get_then_textc����������������C���s����t�|��d�k�r�|�j�S�|�j�S�)�Nr����)�r�����unsafe_do_text�do_text)�r����r����r����r ���r ���r
����get_do_textj���s����������z�plugin.get_do_textc����������������C���s*���t�j�|�t����d�|�_�t�d��|�_�|�j�d����d�S�)�NTz�Change label on the library.
���)�r�����__init__�__name__r�����_Z�button_textZ�set_priority)�r����r ���r ���r
���r����o���s����������
�z�plugin.__init__c����������������C���s���d�d�l�}�|�j�d�g��ry6|�j�d�d�|�j�g�|�j�d��}�|�j�d�d�d�g�|�j�|�j�d �}�W�n
������d�S�|�j�j����|�j����|�j����|�j�d
k�r|�j d�g��S�t
j�|�j�j�d��t
�d
��}�|�j�d
�d���d�k�r|�j �S�d�S�)�Nr����Z�execmodz
eu-readelfz�-d)��stdoutZ�fgrepz�-qZ�TEXTREL)��stdinr��������Z�unsafe�"�:����Z�lib_t)�
subprocessZ�has_any_access_in�PopenZ�tpath�PIPEr�����close�wait
returncodeZ�report�selinuxZ�matchpathcon�strip�S_IFREG�split)�r����r����r#���Z�p1Z�p2Z�mconr ���r ���r
����analyzeu���s �������������������
�����
���������z�plugin.analyzeN)�r����
__module__�__qualname__r����Z�summaryr
���r����Z�unsafe_fix_descriptionZ�fix_descriptionr����r����r����r����r����r����Z�fix_cmdr����r����r����r����r����r����r-���r ���r ���r ���r
���r��������s.���������� ���
����������������������������������r����) r)����stat�gettextZ�translationr����Z�setroubleshoot.utilZ�setroubleshoot.Pluginr����r����r ���r ���r ���r
��������s������������������