View Full Version : SELinux permissions

05-13-2010, 10:55 AM
We have had some reports that the IMSL Libraries on Linux are sometimes encountering access issues on systems that use SELinux (http://en.wikipedia.org/wiki/Security-Enhanced_Linux). The error encountered is typically something like:

/home/devuser/workspace/DebugTest1/Debug/DebugTest1: error while loading shared libraries: /home/devuser/IMSL/imsl/cnl700/rdhgc412i32/lib/libimslcstat_imsl.so: cannot restore segment prot after reloc: Permission denied

Previously, we have recommended that users disable the extra checks from SELinux (the user and group ID rules will still be enforced). This can be done temporarily with:

usr/sbin/setenforce 0

or permanently with:

SELINUX=disabled in your /etc/sysconfig/selinux file.

For developers, it may be sensible enough to turn off the SELinux features on your workstation, but IT probably isn't going to want you to do this on their production servers. The better solution is to execute the following command on all the libraries related to IMSL:

chcon -t textrel_shlib_t *.so

This setting changes the SELinux security context of the library (allowing text relocations) and lets it run properly. More info on chcon here (http://www.gnu.org/software/coreutils/manual/html_node/chcon-invocation.html).

Thanks to Stephane for investigating