[Ace-users] [tao-bugs] ACE/TAO libraries: Selinux errors from use of text relocations in generated libraries

mgreenberg mgreenberg at objectsciences.com
Fri Sep 14 11:03:43 CDT 2007 

 TAO VERSION: 1.5.9
  ACE VERSION: 5.5.9

  HOST MACHINE and OPERATING SYSTEM:
      X86, FC5 FC6

  TARGET MACHINE and OPERATING SYSTEM, if different from HOST:
  COMPILER NAME AND VERSION (AND PATCHLEVEL): gcc 4.1

  THE $ACE_ROOT/ace/config.h FILE [if you use a link to a platform-
  specific file, simply state which one]: config-linux.h   THE 
$ACE_ROOT/include/makeinclude/platform_macros.GNU FILE [if you
  use a link to a platform-specific file, simply state which one
  (unless this isn't used in this case, e.g., with Microsoft Visual
  C++)]: platform_linux.GNU

  CONTENTS OF $ACE_ROOT/bin/MakeProjectCreator/config/default.features
  (used by MPC when you generate your own makefiles):

  AREA/CLASS/EXAMPLE AFFECTED:
  Various libraries are generated with text relocations, which prevent 
execution
  when run on a system with selinux=enforcing.

  DOES THE PROBLEM AFFECT:
      COMPILATION? No
      LINKING? No
      EXECUTION?  Yes.  tao_idl fails, and various applications linked 
against ACE and TAO        may fail to load.
      OTHER (please specify)?

  SYNOPSIS:
  Various ACE libraries are generated that require text relocations.  
See url
  http://people.redhat.com/drepper/textrelocs.html
  for some discussion and tools to analyze the use of text relocations.  
Because the
  libraries require text relocations, systems with ENFORCING selinux 
will no allow the
  libraries to load.


  DESCRIPTION:
  Running the utility eu-findtextrel (FC5) like this against the ace/tao 
libraries yields,

----------
bash-3.1$ eu-findtextrel /data1/mgreenberg/install/TENA/lib/*so  2>&1 | 
grep -v 'no text relocations'

lib/libACE-fc5-gcc41-d-1.5.9a.so:
/usr/local/TAO/1.5.9a/fc5-gcc41-d/ace/Logging_Strategy.cpp not compiled
with -fpic/-fPIC

TENA/lib/libTAO-fc5-gcc41-d-1.5.9a.so:
/usr/local/TAO/1.5.9a/fc5-gcc41-d/TAO/tao/ORB_Core.cpp not compiled
with -fpic/-fPIC

lib/libTAO-fc5-gcc41-d-1.5.9a.so:
lib/libTAO_IDL_BE-fc5-gcc41-d-1.5.9a.so:
be/be_visitor_arg_traits.cpp not compiled with -fpic/-fPIC

lib/libTAO_IDL_BE-fc5-gcc41-d-1.5.9a.so:
/usr/lib/gcc/i386-redhat-linux/4.1.1/../../../../include/c++/4.1.1/bits/basic_string.h 

not compiled with -fpic/-fPIC

lib/libTAO_PortableServer-fc5-gcc41-d-1.5.9a.so:
PortableServer/Active_Object_Map.cpp not compiled with -fpic/-fPIC
----------

  When the resultant ace/TAO build is run on a system with selinux set 
to ENFORCING, various
  errors occur, e.g.
  tao_idl: error while loading shared libraries: 
lib/libACE-fc5-gcc41-d-1.5.9a.so:
      cannot restore segment prot after reloc: permission denied


  REPEAT BY:

  SAMPLE FIX/WORKAROUND:
      According to the referenced page, text relocations are almost 
always an error and easily fixed.         Presumably adding -fPIC to the 
appropriate build scripts should fix this.  The workaround is to
      enable text relocations for each library using 'chcon 
textrel_shlib_t libName'

  NOTE:  We've somewhat messed around with our build of ace and TAO, as 
evidenced by strange
  library names.  But I don't believe that this is something introduced 
by those changes.

More information about the Ace-users mailing list