[Ace-users] Re: [tao-bugs] ACE/TAO libraries: Selinux errors from
use of text relocations in generated libraries
jwillemsen at remedy.nl
Fri Sep 14 11:33:02 CDT 2007
Thanks for using the PRF form. The -fPIC is passed as generic option, we
don't exclude specific files. Can you try x.6 which you can obtain from
http://download.dre.vanderbilt.edu. Do safe the full build log, that way you
can check if -fPIC is passed
2650 AC Berkel en Rodenrijs
www.theaceorb.nl / www.remedy.nl
*** Integrated compile and test statistics see
*** Commercial service and support for ACE/TAO/CIAO ***
*** See http://www.theaceorb.nl/en/support.html ***
"mgreenberg" <mgreenberg at objectsciences.com> wrote in message
news:<mailman.2240.1189785910.5286.tao-bugs at mail.cse.wustl.edu>...
> TAO VERSION: 1.5.9
> ACE VERSION: 5.5.9
> HOST MACHINE and OPERATING SYSTEM:
> X86, FC5 FC6
> TARGET MACHINE and OPERATING SYSTEM, if different from HOST:
> COMPILER NAME AND VERSION (AND PATCHLEVEL): gcc 4.1
> THE $ACE_ROOT/ace/config.h FILE [if you use a link to a platform-
> specific file, simply state which one]: config-linux.h THE
> $ACE_ROOT/include/makeinclude/platform_macros.GNU FILE [if you
> use a link to a platform-specific file, simply state which one
> (unless this isn't used in this case, e.g., with Microsoft Visual
> C++)]: platform_linux.GNU
> CONTENTS OF $ACE_ROOT/bin/MakeProjectCreator/config/default.features
> (used by MPC when you generate your own makefiles):
> AREA/CLASS/EXAMPLE AFFECTED:
> Various libraries are generated with text relocations, which prevent
> when run on a system with selinux=enforcing.
> DOES THE PROBLEM AFFECT:
> COMPILATION? No
> LINKING? No
> EXECUTION? Yes. tao_idl fails, and various applications linked
> against ACE and TAO may fail to load.
> OTHER (please specify)?
> Various ACE libraries are generated that require text relocations.
> See url
> for some discussion and tools to analyze the use of text relocations.
> Because the
> libraries require text relocations, systems with ENFORCING selinux
> will no allow the
> libraries to load.
> Running the utility eu-findtextrel (FC5) like this against the ace/tao
> libraries yields,
> bash-3.1$ eu-findtextrel /data1/mgreenberg/install/TENA/lib/*so 2>&1 |
> grep -v 'no text relocations'
> /usr/local/TAO/1.5.9a/fc5-gcc41-d/ace/Logging_Strategy.cpp not compiled
> with -fpic/-fPIC
> /usr/local/TAO/1.5.9a/fc5-gcc41-d/TAO/tao/ORB_Core.cpp not compiled
> with -fpic/-fPIC
> be/be_visitor_arg_traits.cpp not compiled with -fpic/-fPIC
> not compiled with -fpic/-fPIC
> PortableServer/Active_Object_Map.cpp not compiled with -fpic/-fPIC
> When the resultant ace/TAO build is run on a system with selinux set
> to ENFORCING, various
> errors occur, e.g.
> tao_idl: error while loading shared libraries:
> cannot restore segment prot after reloc: permission denied
> REPEAT BY:
> SAMPLE FIX/WORKAROUND:
> According to the referenced page, text relocations are almost
> always an error and easily fixed. Presumably adding -fPIC to the
> appropriate build scripts should fix this. The workaround is to
> enable text relocations for each library using 'chcon
> textrel_shlib_t libName'
> NOTE: We've somewhat messed around with our build of ace and TAO, as
> evidenced by strange
> library names. But I don't believe that this is something introduced
> by those changes.
More information about the Ace-users