Hello! Does anybody here uses GHC on Linux with SELinux turned on? I've just installed SELinux and run into GHC/SELinux incompatibility. It seems that the similar problem was reported some time ago and was fixed in 6.4.3. However, I use 6.6.1 and the problem is still here. $ ghc ghc-6.6.1: internal error: getMBlock: mmap: Permission denied (GHC version 6.6.1 for i386_unknown_linux) Please report this as a GHC bug: http://www.haskell.org/ghc/reportabug Exactly the same bug is appearing on x86_64 architecture. Much more details is available at http://hackage.haskell.org/trac/ghc/ticket/738 Any ideas? With best regards, Alexander. PS. Is it possible to turn on global allow_execmem boolean in SELinux policy, thus enabling executable memory mapping. This solves the problem. However, this is major drawback for system security and should be avoided at any cost.
On Tue, 2007-08-28 at 13:14 +0400, Alexander Vodomerov wrote:
Does anybody here uses GHC on Linux with SELinux turned on?
I'm using it on Fedora 7 without any problems. $ /usr/sbin/getenforce Enforcing $ getsebool allow_execmem allow_execmem --> off $ cat /etc/redhat-release Fedora release 7 (Moonshine) $ ls -Z $(which ghc) lrwxrwxrwx root root system_u:object_r:bin_t /usr/bin/ghc -> ghc-6.6.1* $ ls -Z $(which ghci) lrwxrwxrwx root root system_u:object_r:bin_t /usr/bin/ghci -> ghci-6.6.1* $ ghc ghc-6.6.1: no input files Usage: For basic information, try the `--help' option. $ ghci ___ ___ _ / _ \ /\ /\/ __(_) / /_\// /_/ / / | | GHC Interactive, version 6.6.1, for Haskell 98. / /_\\/ __ / /___| | http://www.haskell.org/ghc/ \____/\/ /_/\____/|_| Type :? for help. Loading package base ... linking ... done. Prelude> :l Text.hs [1 of 1] Compiling Main ( Text.hs, interpreted ) Ok, modules loaded: Main. *Main> main Loading package mtl-1.0.1 ... linking ... done. Loading package glib-0.9.12 ... linking ... done. Loading package cairo-0.9.12 ... linking ... done. Loading package gtk-0.9.12 ... linking ... done. *Main> Leaving GHCi. $ ghc --make Text.hs [1 of 1] Compiling Main ( Text.hs, Text.o ) Linking Text ...
On Tue, Aug 28, 2007 at 08:05:02AM -0600, Stuart Jansen wrote:
I'm using it on Fedora 7 without any problems.
$ ls -Z $(which ghc) lrwxrwxrwx root root system_u:object_r:bin_t /usr/bin/ghc -> ghc-6.6.1* $ ls -Z $(which ghci) lrwxrwxrwx root root system_u:object_r:bin_t /usr/bin/ghci -> ghci-6.6.1*
In what domain do you run GHC? The commands about just show that /usr/bin/ghc has the bin_t type, however it is just a symlink or shell wrapper. Real GHC executable may have another permission. See for example (taken from my Debian box): $ ls -Z `which ghc` lrwxrwxrwx root root system_u:object_r:bin_t:s0 /usr/bin/ghc -> /etc/alternatives/ghc $ ls -Z /usr/lib/ghc-6.6.1/bin/ghc-6.6.1 -rwxr-xr-x root root system_u:object_r:bin_t:s0 /usr/lib/ghc-6.6.1/bin/ghc-6.6.1 $ file /usr/lib/ghc-6.6.1/bin/ghc-6.6.1 /usr/lib/ghc-6.6.1/bin/ghc-6.6.1: POSIX shell script text executable $ cat /usr/lib/ghc-6.6.1/bin/ghc-6.6.1 #!/bin/sh GHCBIN="/usr/lib/ghc-6.6.1/ghc-6.6.1"; TOPDIROPT="-B/usr/lib/ghc-6.6.1"; # Mini-driver for GHC exec $GHCBIN $TOPDIROPT ${1+"$@"} $ file /usr/lib/ghc-6.6.1/ghc-6.6.1 /usr/lib/ghc-6.6.1/ghc-6.6.1: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.6.1, dynamically linked (uses shared libs), stripped $ ls -Z /usr/lib/ghc-6.6.1/ghc-6.6.1 -rwxr-xr-x root root system_u:object_r:lib_t:s0 /usr/lib/ghc-6.6.1/ghc-6.6.1 In this case the real domain for ghc is lib_t, not bin_t. With best regards, Alexander.
participants (2)
-
Alexander Vodomerov -
Stuart Jansen