On Jul 16, 2008, at 10:58 AM, Farkas Levente wrote:
hi,
after a discussion with daniel i forward his mail to here. the main
question the
/usr/lib/python2.4/site-packages/rdiff_backup/_librsync.so file which
requires textrel_shlib_t (why?) and cause problem in case of selinux
(bad default file content and memory protection problems).
so why we need this? other *.so files under
/usr/lib/python2.?/site-packages/ has only lib_t security context
type. why rdiff-backup need textrel_shlib_t?
This is not an rdiff-backup bug. I have been able to reproduce it on a
test system.
The problem is due to librsync. I believe on your computer, but perhaps
on Daniel's computer. Did you build librsync yourself? Or install it
from RPM?
Here is the problem: by default, librsync only builds a *static* library
(librsync.a), not a dynamic library (librsync.so.1.0.2). Thus, when you
build rdiff-backup on such a system, the dynamic _librsync.so library is
forced to rely upon the static librsync library, which it loads by doing
the text relocation. SELinux disallows this relocation under the default
policy, leading to the trouble that you observed.
The solution to this is simple: simply recompile librsync and add the
"--enable-shared" option to ./configure. See the output of "./configure
--help" when building librsync for more info. After you recompile
librsync, then rebuild rdiff-backup and the new _librsync.so library
will not require any SELinux commands.
If you installed librsync from RPM, complain to whoever provided the RPM.
So, why is librsync's configure script so bone-headed? Probably because
it hasn't had a release in nearly four years. :-/