I need selinux execstack help

asked 2017-09-24 16:12:08 -0500

toddandmargo

Hi All,

I am getting the follow error message :

Java HotSpot(TM) 64-Bit Server VM warning: You have loaded library /rla/buju/lib/ which might have disabled stack guard. The VM will try to fix the stack guard now. It's highly recommended that you fix the library with ''execstack -c <libfile>', or link it with '-z noexecstack'.

Problem: /sys/fs/selinux/class/process/perms/execstack has permissions of 444. Mean no execute. I really don't want to change the permissions until I know what I am doing.

I am getting no SELinux warning pop ups.

Many thanks, -T

2 Answers

answered 2017-09-24 20:39:19 -0500

sideburns

If bash can't find execstack, that means that it's not installed.

sudo dnf install -y exackstack

will take care of that.

That did the trick. I wonder what /sys/fs/selinux/class/process/perms/execstack was all about?

toddandmargo ( 2017-09-24 22:04:08 -0500 )

answered 2017-09-24 17:04:48 -0500

villykruse

execstack is a command you can run to set or clear a flag in the library file. You run it like this

execstack -c /rla/buju/lib/

The flag tells the linux kernel if the program can run code stored on the stack. Normally that should not be required.

(as root) execstack -c /rla/buju/lib/ bash: execstack: command not found

toddandmargo ( 2017-09-24 17:50:23 -0500 )

Asked: 2017-09-24 16:12:08 -0500

