[suggest] libmpeg2 - SELinux text relocation issues (CentOS 5.2)
David Savinkoff
aye at shaw.ca
Sun Jul 27 01:38:04 CEST 2008
libmpeg2 needs to be compiled with -fpic in SELinux to prevent the
"text relocation" addressing problem in shared libraries.
A solution is to simply add the following to libmpeg2.spec
CFLAGS="$CFLAGS -fpic"; export CFLAGS
The problem is caused by the code shown here:
https://trac.videolan.org/libmpeg2/changeset/1184
Note the Message for this code:
"libmpeg2/configure.incl: only avoid -fPIC on 32-bit x86 platforms, there
have been too many breakage reports."
The solution is suggested by the code shown here:
https://trac.videolan.org/libmpeg2/changeset/1183
Note the Message for this code:
"configure.ac: do not reset user-provided CFLAGS, they should know what
they are doing."
libmpeg2-0.5.1/configure and configure.ac contain the
libtool -prefer-non-pic option to prevent gcc from compiling
with -fpic . I believe this is an attempt to get more performance, but it
conflicts with SELinux and the proper use of Dynamic Shared Obects.
# The new patch was built, installed and ran without SELinux text relocation
errors on CentOS 5.2
The following commands also show no Text Relocations:
eu-readelf -d libmpeg2.so.0.1.0 | fgrep TEXTREL
eu-readelf -d libmpeg2convert.so.0.0.0 | fgrep TEXTREL
http://people.redhat.com/drepper/textrelocs.html
has excellent information on shared objects and text relocation.
# The libmpeg2.spec patch is:
--- libmpeg2.spec 2008-07-26 22:07:45.000000000 +0000
+++ libmpeg2.CFLAGS.spec 2008-07-26 22:10:51.000000000 +0000
@@ -61,6 +61,7 @@
%setup
%build
+CFLAGS="$CFLAGS -fpic"; export CFLAGS
%configure \
%ifnarch %{ix86}
--disable-accel-detect \
More information about the suggest
mailing list