dbfdg
3
nma�������������������@���sd���d�d�l�Z�e�j�d�d�d��Z�e�j�Z�d�d�l�T�d�d�l�m�Z���d�d�l�Z�d�d�l�Z�d�d��Z�d d
�Z G�d�d��d�e��Z
d�S�)
����Nz�setroubleshoot-pluginsT)�Z�fallback)��*)��Pluginc������������
���C���sD���|�d���d�k�r�d�S�y�t�j�d�d�|�g�d�d��j��}�W�n
������d�S�|�d���d�k�S�) Nr�����/F execstackz�-qT)��universal_newlines�X)�
subprocess�check_output�split)��path�x�r
���4/usr/share/setroubleshoot/plugins/allow_execstack.py�is_execstack����s������������������r����c����������������C���s���g�}�y�t�j�d�|�g�d�d��j��}�W�n
������|�S�x&|�D�]�}�t�|��r0|�|�k�r0|�j�|����q0W�yPt�d�|���d��}�x<|�j��D�]0}�x*|�j��D�]�}�t�|��rz|�|�k�rz|�j�|����qzW�qlW�W�n���t�k
r������Y�n�X�|�S�)�NZ�lddT)�r����z
/proc/%s/maps�r)�r����r ���r
���r�����append�open readlines�IOError)�Z�exe�pidZ
execstacklist�pathsr�����fdZ�recr
���r
���r�����find_execstack'���s"���������������
���������������������r����c����������������@���sh���e�Z�d�Z�e�d��Z�e�d��Z�e�d��Z�d�Z�e�d��Z�e�d��Z e�d��Z
d�d �Z�d
d��Z�d�d
�Z
d�d��Z�d�d��Z�d�S�)��pluginzV
SELinux is preventing $SOURCE_PATH from making the program stack executable.
a#���
The $SOURCE application attempted to make its stack
executable. This is a potential security problem. This should
never ever be necessary. Stack memory is not executable on most
OSes these days and this will not change. Executable stack memory
is one of the biggest security problems. An execstack error might
in fact be most likely raised by malicious code. Applications are
sometimes coded incorrectly and request this permission. The
SELinux Memory Protection Tests
web page explains how to remove this requirement. If $SOURCE does not
work and you need it to work, you can configure SELinux
temporarily to allow this access until the application is fixed. Please
file a bug report.
a6���
Sometimes a library is accidentally marked with the execstack flag,
if you find a library with this flag you can clear it with the
execstack -c LIBRARY_PATH. Then retry your application. If the
app continues to not work, you can turn the flag back on with
execstack -s LIBRARY_PATH.
�zfIf you do not think $SOURCE_PATH should need to map stack memory that is both writable and executable.zByou need to report a bug.
This is a potentially dangerous access.z:Contact your security administrator and report this issue.c������������ ���C���s0���y�|�d���}�|�s�|�j�S�t�d��|���S�������|�j�S�d�S�)�Nr����z4If you believe that
%s
should not require execstack)��if_text�_)��self�avc�argsr����r
���r
���r�����get_if_text]���s������������������z�plugin.get_if_textc������������ ���C���s0���y�|�d���}�|�s�|�j�S�t�d��|���S�������|�j�S�d�S�)�Nr����zyou should clear the execstack flag and see if $SOURCE_PATH works correctly.
Report this as a bug on %s.
You can clear the exestack flag by executing:)� then_textr����)�r����r����r����r����r
���r
���r����
get_then_textg���s������������������z�plugin.get_then_textc������������ ���C���s0���y�|�d���}�|�s�|�j�S�t�d��|���S�������|�j�S�d�S�)�Nr����z�execstack -c %s)��do_textr����)�r����r����r����r����r
���r
���r�����get_do_textp���s������������������z�plugin.get_do_textc����������������C���s����t�j�|�t����d�S�)�N)�r�����__init__�__name__)�r����r
���r
���r����r%���z���s������z�plugin.__init__c����������������C���sr���|�j�d�d�d�d�d�g��rj|�j�d�g��rjg�}�x*t�|�j�|�j��D�]�}�|�j�|�j�|�|�f�����q4W�t�|��d�k�r`|�S�|�j�d��S�d�S�d�S�) NZ�unconfined_tZ�staff_tZ�user_tZ�guest_tZ�xguest_tr����r����)�NN)�Z�matches_source_typesZ�has_any_access_inr����Z�spathr����r����Z�report�len)�r����r����Z�reports�ir
���r
���r�����analyze}���s��������������������
�z�plugin.analyzeN)�r&���
__module__�__qualname__r����Z�summaryZ�problem_descriptionZ�fix_descriptionZ�fix_cmdr����r!���r#���r ���r"���r$���r%���r)���r
���r
���r
���r����r����;���s�����������
���������������
� �
��r����)��gettextZ�translationr����Z�setroubleshoot.utilZ�setroubleshoot.Pluginr����r�����sysr����r����r����r
���r
���r
���r���������s�������������������
��