Saturday, February 10, 2007

execmod

Ulrich Drepper has written a good web page about text relocation which is most often noticed as execmod failures reported when running SE Linux. When an AVC message reports a failure of execmod against a shared object it means that the object has text relocations (the shared object code writes to code that it executes to fix up addresses). This is due to being compiled without -fPIC or -fpic.

The command eu-findtextrel (from the elfutils package) when run with a parameter of the shared object in question will tell you which functions were compiled without -fpic or -fPIC.

The module in question must be recompiled with -fpic or -fPIC to generate the correct code.

Without SE Linux it's still a bug to compile a shared object without position independent code, so any shared object which can't run under SE Linux because of execmod will probably have problems in other situations anyway (maybe only on certain architectures).

No comments: