BZ #41: cacao vs selinux memory protection

Status fields:

creation_ts:2007-07-27 22:25
version:default branch
cacao fails to run when selinux memory protection is enabled - default setting
on Fedora 7.

Attempting to run gives:

[psj@82-71-88-73 ~]$ /home/psj/software/install/cacao-cvs/bin/cacao
main: lt_dlopenext failed: cannot open shared object file: No such
file or directory
main: lt_dlopenext failed:
cannot restore segment prot after reloc: Permission denied

selinux failure is reported in execmod plugin:

SELinux is preventing
/home/psj/software/install/cacao-cvs-20070710-0530/bin/cacao from loading
/home/psj/software/install/cacao-cvs-20070710-0530/lib/ which
requires text relocation.

Details on cause of the text relocation error are here:

Running eu-findtextrel helper tool gives:

[psj@82-71-88-73 ~]$ eu-findtextrel
../../../../../src/vm/jit/i386/asmpart.S not compiled with -fpic/-fPIC

(Ignore the compile with fpic which is misleading since source file is assembler)

Comment #1 by on 2007-08-04 12:07:35

This is a common problem for JIT compilers, as they write code into memory at
runtime.  There are profiles (at least I think they are called like this) for
such programs to allow them to run.  IIRC, Gentoo has something for Sun's Java.

Comment #2 by on 2007-08-23 15:31:03

Understood and agreed. I guess I was logging to note this causes Cacao not to
run on default Fedora 7 and so others may have common experience.

Comment #3 by on 2007-08-25 01:33:06

Thanks.  Maybe we can get one day such a profile.