SELinux和maxent

阅读更多

maxent是我们的系统用最大熵做关键字提取时用到的一个库。今天上午查看系统日志的时候,发现有一个SELinux的报警:
Apr  3 04:57:49 nserver setroubleshoot:      SELinux is preventing /usr/local/bin/python from loading /usr/local/lib/python2.5/site-packages/maxent/_cmaxent.so which requires text relocation.      For complete SELinux messages. run sealert -l 6c940625-07c7-4f49-87a5-8f06b9361590

执行sealert -l 6c940625-07c7-4f49-87a5-8f06b9361590看到的详细信息如下:
Summary
    SELinux is preventing /usr/local/bin/python from loading
    /usr/local/lib/python2.5/site-packages/maxent/_cmaxent.so which requires
    text relocation.

Detailed Description
    The /usr/local/bin/python application attempted to load
    /usr/local/lib/python2.5/site-packages/maxent/_cmaxent.so which requires
    text relocation.  This is a potential security problem. Most libraries do
    not need this permission. Libraries are sometimes coded incorrectly and
    request this permission.  The http://people.redhat.com/drepper/selinux-
    mem.html web page explains how to remove this requirement.  You can
    configure SELinux temporarily to allow /usr/local/lib/python2.5/site-
    packages/maxent/_cmaxent.so to use relocation as a workaround, until the
    library is fixed. Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.

Allowing Access
    If you trust /usr/local/lib/python2.5/site-packages/maxent/_cmaxent.so to
    run correctly, you can change the file context to textrel_shlib_t. "chcon -t
    textrel_shlib_t /usr/local/lib/python2.5/site-packages/maxent/_cmaxent.so"

    The following command will allow this access:
    chcon -t textrel_shlib_t /usr/local/lib/python2.5/site-packages/maxent/_cmaxent.so

可能是maxent的Python Wrapper的问题吧。按提示执行了chcon -t textrel_shlib_t /usr/local/lib/python2.5/site-packages/maxent/_cmaxent.so,回头再看看

你可能感兴趣的:(Python,RedHat,Access,Security,CGI)