Process Running as unconfined_t yet SELinux Prevents Application Execution
Issue
- Process running as
unconfined_t
yet SELinux still prevents its execution. - Encountering
Permission denied
when running extraneous libraries unless allow_execmod is enabled in SElinux. - SElinux does not deny permission when using custom shared objects over NFS.
- SElinux reports
dlopen
failure withcannot restore segment prot after reloc
message. - Under RHEL 6, SElinux does not deny permission for extraneous libraries by default as it does under RHEL 5.
The execmod
control within SElinux under RHEL 5 prohibits the execution of writable memory in efforts to help prevent malicious exploitation. SElinux utilizes this protection to block the execution of writable memory, regardless of if a process is confined.
Environment
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 5
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.