3

nm�a��@sTdd
lZddl
Tdd
lZejddd�ZejZddlTddlmZ
Gdd�de�Zd
S)	�N)
�
*zsetroubleshoot-pluginsT)
Zfallback)
�Pluginc@s�eZ
dZed
�
Zed�
Zed�
ZdZed�
ZdZ	dZ
dZd	Zd
Z
dZdZd
d�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd�ZdS)�pluginzf
    SELinux is preventing $SOURCE_PATH from loading $TARGET_PATH which requires text relocation.
    aC
    The $SOURCE application attempted to load $TARGET_PATH which
    requires text relocation.  This is a potential security problem.
    Most libraries do not need this permission. Libraries are
    sometimes coded incorrectly and request this permission.  The
    <a href="http://people.redhat.com/drepper/selinux-mem.html">SELinux Memory Protection Tests</a>
    web page explains how to remove this requirement.  You can configure
    SELinux temporarily to allow $TARGET_PATH to use relocation as a
    workaround, until the library is fixed. Please file a bug report.
    a�
    The $SOURCE application attempted to load $TARGET_PATH which
    requires text relocation.  This is a potential security problem.
    Most libraries should not need this permission.   The
    <a href="http://people.redhat.com/drepper/selinux-mem.html">
    SELinux Memory Protection Tests</a>
    web page explains this check.  This tool examined the library and it looks
    like it was built correctly. So setroubleshoot can not determine if this
    application is compromised or not.  This could be a serious issue. Your
    system may very well be compromised.

    Contact your security administrator and report this issue.

    z:Contact your security administrator and report this issue.aR

    If you trust $TARGET_PATH to run correctly, you can change the
    file context to textrel_shlib_t. "chcon -t textrel_shlib_t
    '$TARGET_PATH'"
    You must also change the default file context files on the system in order to preserve them even on a full relabel.  "semanage fcontext -a -t textrel_shlib_t '$FIX_TARGET_PATH'"

    z6If this issue occurred during normal system operation.z�This alert could be a serious issue and your system could be compromised. Setroubleshoot examined '$FIX_TARGET_PATH' to make sure it was built correctly, but can not determine if this application has been compromised.z9Contact your security administrator and report this issuezOIf you trust $TARGET_PATH to run correctly and want to allow $SOURCE to load itzFYou need to change the label on '$FIX_TARGET_PATH' to textrel_shlib_t.z�# chcon -t textrel_shlib_t '$FIX_TARGET_PATH'
If you want this to survive a relabel, execute
# semanage fcontext -a -t textrel_shlib_t '$FIX_TARGET_PATH';restorecon -v '$FIX_TARGET_PATH'
zo/usr/sbin/semanage fcontext -a -t textrel_shlib_t '$FIX_TARGET_PATH';/usr/sbin/restorecon -v '$FIX_TARGET_PATH'cCst|
�
d
krd|_
d|_dS)Nr
FT)�len�fixableZ
report_bug)�self�args�r	�2/usr/share/setroubleshoot/plugins/allow_execmod.py�	init_argsVs


zplugin.init_argscCst|�
d
kr|j
S|jS)Nr
)r�unsafe_problem_description�problem_description)r�avcrr	r	r
�get_problem_description[s


zplugin.get_problem_descriptioncCst|�
d
kr|j
S|jS)Nr
)r�unsafe_if_text�if_text)rrrr	r	r
�get_if_text`s


zplugin.get_if_textcCst|�
d
kr|j
S|jS)Nr
)r�unsafe_then_text�	then_text)rrrr	r	r
�
get_then_textes


zplugin.get_then_textcCst|�
d
kr|j
S|jS)Nr
)r�unsafe_do_text�do_text)rrrr	r	r
�get_do_textjs


zplugin.get_do_textc

Cs*tj
|t�
d
|_td�
|_|jd�

dS)NTzChange label on the library.�
)r�__init__�__name__r�
_Zbutton_textZset_priority)
rr	r	r
ros




zplugin.__init__cCs�d
dl}|
j
dg
�
r�y6|jdd|
jg|jd�}|jdddg|j|jd	�}Wn



dS|jj�
|j�
|j�
|jd
kr�|j	dg
�
St
j|
jjd�
t
�d
}|jd
�
ddkr�|j	�SdS)Nr
Zexecmodz
eu-readelfz-d)
�stdoutZfgrepz-qZTEXTREL)�stdinr�
Zunsafe�
"�
:�Zlib_t)�
subprocessZhas_any_access_in�PopenZtpath�PIPEr�close�wait�
returncodeZreport�selinuxZmatchpathcon�strip�S_IFREG�split)rrr#Zp1Zp2Zmconr	r	r
�analyzeus 















zplugin.analyzeN)r�
__module__�__qualname__rZsummaryr
rZunsafe_fix_descriptionZfix_descriptionrrrrrrZfix_cmdrrrrrrr-r	r	r	r
rs.
	
r)	r)�stat�gettextZtranslationrZsetroubleshoot.utilZsetroubleshoot.Pluginrrr	r	r	r
�<module>s