Bug 437 – NSC does not work when SELinux is in enforcing mode

Bug 437 - NSC does not work when SELinux is in enforcing mode


Summary:	NSC does not work when SELinux is in enforcing mode

Status:	RESOLVED INVALID

Product:	nsc
Classification:	Unclassified
Component:	core
Version:	unspecified
Hardware:	PC Linux

Importance:	P3 normal
Assigned To:	Sam Jansen

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2008-12-08 09:12 EST by Tom Henderson
Modified:	2009-11-23 17:24 EST (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tom Henderson 2008-12-08 09:12:37 EST

By default, some Fedora/RedHat/CentOS systems ship with SELinux on by default.  Trying to run an nsc script will produce the following error.

[nsnam@ns-fedora-core-10 ns-3-dev]$ ./waf --run tcp-nsc-lfn
Entering directory `/home/nsnam/hg/ns-3-dev/build'
[250/250] build-nsc
Compilation finished successfully 
/home/nsnam/hg/ns-3-dev/build/debug/liblinux2.6.26.so: cannot restore segment prot after reloc: Permission denied
Command ['/home/nsnam/hg/ns-3-dev/build/debug/examples/tcp-nsc-lfn'] exited with code -11 

Workaround:
to temporarily disable enforcement on a running system

/usr/sbin/setenforce 0

To permanently disable enforcement during a system startup
change "enforcing" to "disabled" in ''/etc/selinux/config'' and reboot.

Comment 1 Sam Jansen 2008-12-09 01:29:11 EST

I see this is assigned to me... I have no idea what to do with this bug though. It's all working normally as far as I'm concerned!

Comment 2 Tom Henderson 2008-12-09 01:45:59 EST

(In reply to comment #1)
> I see this is assigned to me... I have no idea what to do with this bug though.
> It's all working normally as far as I'm concerned!
> 

I don't have anything against you; Bugzilla defaults to you as the assignee for any nsc bugs (as opposed to ns-3 bugs) :)

I expect that we are going to have to document this behavior and workaround, since I expect that there will be some non-negligible fraction of the user base that uses the fedora/red hat/centos variants and will see this by default when they try nsc.

Comment 3 Tom Henderson 2008-12-09 01:46:27 EST

adding ns-bugs to the cc list

Comment 4 Mathieu Lacage 2009-11-23 09:16:41 EST

I [personally have never seen this bug: are we sure that this is reproducible ? If so, what exact distribution versions ?

Comment 5 Craig Dowell 2009-11-23 17:24:04 EST

I did see this problem when it was reported.  It was a permissions issue (google for "cannot restore segment prot after reloc") and there were a flurry of bug reports all over everywhere when people first started running into it as SELinux made it into 2.6 kernels.

I installed ns-3 on Fedora 11 a week or so ago which does come with SELinux enabled and I can confirm that this no longer happens.

I believe this was fixed in selinux-policy-targeted-1.17.30-3.9 so I took the liberty of resolving this bug as invalid (not our fault).