[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    Re: core dump
From:       Stephen Smalley <sds () tycho ! nsa ! gov>
Date:       2007-02-06 12:40:38
Message-ID: 1170765638.12293.362.camel () moss-spartans ! epoch ! ncsc ! mil
[Download RAW message or body]

On Tue, 2007-02-06 at 04:12 +0200, Stefanos Harhalakis wrote:
> I had this issue today:
> 
> # semodule -i logging.pp 
> Segmentation fault (core dumped)
> 
> I traced this a bit and it seems that this is because of libsepol. 
> The core dump is the result of lines 602:603 of link.c:
> 
> (gdb) bt
> #0  0xb7f732fd in sens_copy_callback (key=0x848c2a0 "s15", datum=0x848c290, \
> data=0xbfde3854) at link.c:602 #1  0xb7f6f8a1 in hashtab_map (h=0x846cbf0, \
> apply=0xb7f731d1 <sens_copy_callback>, args=0xbfde3854) at hashtab.c:214 #2  \
> 0xb7f75528 in copy_identifiers (state=0xbfde3854, src_symtab=0x843cc74, \
> dest_decl=0x0) at link.c:1323 #3  0xb7f77c72 in link_modules (handle=0x804c710, \
> b=0x80525b8, mods=0x863ce18, len=19, verbose=0) at link.c:2178 #4  0xb7f7a2c9 in \
> sepol_link_packages (handle=0x804c710, base=0x8053060, modules=0x80543c8, \
> num_modules=19, verbose=0) at module.c:302 
> Where:
> 
> (gdb) l
> 597                                 state->cur_mod_name);
> 598                             return -SEPOL_LINK_NOTSUP;
> 599                     }
> 600             }
> 601     
> 602             state->cur->map[SYM_LEVELS][level->level->sens - 1] =
> 603                 base_level->level->sens;
> 604     
> 605             return 0;
> 606     }
> 
> Because of:
> 
> (gdb) p base_level
> $1 = (level_datum_t *) 0x0
> 
> The last 'if' checks for !base_level, but inside the 'if' block, only 
> !scope and scope->scope==SCOPE_DECL are checked.
> 
> This core dump is caused by:
> 
> (gdb) p scope->scope
> $2 = 1
> 
> Which is noted as:
> 
> /* Required for this decl */
> #define SCOPE_REQ  1
> 
> in libsepol/include/sepol/policydb/policydb.h
> 
> Hope this helps...

Looks like your logging.pp policy module has a requires on sensitivity
s15 but your base module doesn't declare it.  Naturally, that should
show up as an unfulfilled requirement rather than a seg fault.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.


[prev in list] [next in list] [prev in thread] [next in thread]