I have found this: http://akkadia.org/drepper/textrelocs.html, which basically boils down to a suggestion to use eu-findtextrel
to see what text relocations do exist. Recompiling affected libraries with -fPIC
then fixes the problem.
SELinux: cannot restore segment prot after reloc: Permission denied
-
30-06-2022 - |
Domanda
We are testing our application in SELinux environment. Now, we are getting the following error:
dlopen failed to load libFoo.so -libFoo.so: cannot restore segment prot after reloc: Permission denied
As far as I understand from my searches, this is related to relocations in .text
section in the shared library. As far as I can see, we are already using -fPIC
for all of our shared libraries. Though there are possibly some static libraries also linked into those shared libraries.
How can I find out what relocations/symbols are causing this error to pop up? What should I look for in nm
or objdump -rR
output for the shared library?
Or am I fishing for wrong information and the problem lies somewhere else than the produced relocations in the shared library?
Soluzione
Altri suggerimenti
I thought this was good advice because it did not set SELinux to permissive mode.
You can also from here.
chcon -t texrel_shlib_t <lib>
So for instance
chcon -t texrel_shlib_t libmylib.so
But, this is still getting around SELinux so -fPIC is the way to do it. I had some problems because I incorrectly put -fPIC in in the linker flags. -fPIC is a compiler option!