[Haskell-cafe] GHC 6.6.1 and SELinux issues
Alexander Vodomerov
alexander.vodomerov at gmail.com
Tue Aug 28 16:59:46 EDT 2007
On Tue, Aug 28, 2007 at 08:05:02AM -0600, Stuart Jansen wrote:
> I'm using it on Fedora 7 without any problems.
>
> $ ls -Z $(which ghc)
> lrwxrwxrwx root root system_u:object_r:bin_t /usr/bin/ghc ->
> ghc-6.6.1*
> $ ls -Z $(which ghci)
> lrwxrwxrwx root root system_u:object_r:bin_t /usr/bin/ghci ->
> ghci-6.6.1*
In what domain do you run GHC? The commands about just show that
/usr/bin/ghc has the bin_t type, however it is just a symlink or shell
wrapper. Real GHC executable may have another permission.
See for example (taken from my Debian box):
$ ls -Z `which ghc`
lrwxrwxrwx root root system_u:object_r:bin_t:s0 /usr/bin/ghc ->
/etc/alternatives/ghc
$ ls -Z /usr/lib/ghc-6.6.1/bin/ghc-6.6.1
-rwxr-xr-x root root system_u:object_r:bin_t:s0
/usr/lib/ghc-6.6.1/bin/ghc-6.6.1
$ file /usr/lib/ghc-6.6.1/bin/ghc-6.6.1
/usr/lib/ghc-6.6.1/bin/ghc-6.6.1: POSIX shell script text executable
$ cat /usr/lib/ghc-6.6.1/bin/ghc-6.6.1
#!/bin/sh
GHCBIN="/usr/lib/ghc-6.6.1/ghc-6.6.1";
TOPDIROPT="-B/usr/lib/ghc-6.6.1";
# Mini-driver for GHC
exec $GHCBIN $TOPDIROPT ${1+"$@"}
$ file /usr/lib/ghc-6.6.1/ghc-6.6.1
/usr/lib/ghc-6.6.1/ghc-6.6.1: ELF 32-bit LSB executable, Intel 80386,
version 1 (SYSV), for GNU/Linux 2.6.1, dynamically linked (uses shared
libs), stripped
$ ls -Z /usr/lib/ghc-6.6.1/ghc-6.6.1
-rwxr-xr-x root root system_u:object_r:lib_t:s0
/usr/lib/ghc-6.6.1/ghc-6.6.1
In this case the real domain for ghc is lib_t, not bin_t.
With best regards,
Alexander.
More information about the Haskell-Cafe
mailing list