Security 制作glibc-2.20报告xxx/nscd/selinux.c:368:未定义对“安全性”的引用
我的操作系统是:RedHat5.8 内核是:Linux hcw3 2.6.18-308.el5#1 SMP Fri Jan 27 17:21:15 EST 2012 i686 i686 i386 GNU/Linux 我已经通过在我的主机上安装Anaconda3-5.1.0-Linux-x86.sh安装了pyqt5,但在运行简单的“hellworld.py”程序时出现了一系列错误。在逐个安装了相关的软件包之后,最终还是有一个依赖软件包libpthread.so.0需要安装版本为'GLIBC_2.20'。但是我的服务器只安装了glibc2.5,所以我需要在其他地方安装另一个新的glibc,由libpthread.so.0调用 我下载了glibc2.20源代码,配置命令如下图所示:Security 制作glibc-2.20报告xxx/nscd/selinux.c:368:未定义对“安全性”的引用,security,pthreads,glibc,selinux,Security,Pthreads,Glibc,Selinux,我的操作系统是:RedHat5.8 内核是:Linux hcw3 2.6.18-308.el5#1 SMP Fri Jan 27 17:21:15 EST 2012 i686 i686 i386 GNU/Linux 我已经通过在我的主机上安装Anaconda3-5.1.0-Linux-x86.sh安装了pyqt5,但在运行简单的“hellworld.py”程序时出现了一系列错误。在逐个安装了相关的软件包之后,最终还是有一个依赖软件包libpthread.so.0需要安装版本为'GLIBC_2.2
../configure --prefix=/app/open_source/glibc/2.20 --with-headers=/usr/include
/* Check the permission from the caller (via getpeercon) to nscd.
Returns 0 if access is allowed, 1 if denied, and -1 on error.
The SELinux policy, enablement, and permission bits are all dynamic and the
caching done by glibc is not entirely correct. This nscd support should be
rewritten to use selinux_check_permission. A rewrite is risky though and
requires some refactoring. Currently we use symbolic mappings instead of
compile time constants (which SELinux upstream says are going away), and we
use security_deny_unknown to determine what to do if selinux-policy* doesn't
have a definition for the the permission or object class we are looking
up. */
int
nscd_request_avc_has_perm (int fd, request_type req)
{
/* Initialize to NULL so we know what to free in case of failure. */
security_context_t scon = NULL;
security_context_t tcon = NULL;
security_id_t ssid = NULL;
security_id_t tsid = NULL;
int rc = -1;
security_class_t sc_nscd;
access_vector_t perm;
int avc_deny_unknown;
/* Check if SELinux denys or allows unknown object classes
and permissions. It is 0 if they are allowed, 1 if they
are not allowed and -1 on error. */
if ((avc_deny_unknown = security_deny_unknown ()) == -1)
dbg_log (_("Error querying policy for undefined object classes "
"or permissions."));
可以,但运行“make”时出现以下错误
/app/open_source/glibc/glibc-2.20/build/nscd/nscd.o: In function `main':
/app/open_source/glibc/glibc-2.20/nscd/nscd.c:297: warning: inotify_init1 is not implemented and will always fail
/app/open_source/glibc/glibc-2.20/build/nscd/selinux.o: In function `nscd_request_avc_has_perm':
/app/open_source/glibc/glibc-2.20/nscd/selinux.c:368: undefined reference to `security_deny_unknown'
collect2: error: ld returned 1 exit status
selinux.c的部分如下所示:
../configure --prefix=/app/open_source/glibc/2.20 --with-headers=/usr/include
/* Check the permission from the caller (via getpeercon) to nscd.
Returns 0 if access is allowed, 1 if denied, and -1 on error.
The SELinux policy, enablement, and permission bits are all dynamic and the
caching done by glibc is not entirely correct. This nscd support should be
rewritten to use selinux_check_permission. A rewrite is risky though and
requires some refactoring. Currently we use symbolic mappings instead of
compile time constants (which SELinux upstream says are going away), and we
use security_deny_unknown to determine what to do if selinux-policy* doesn't
have a definition for the the permission or object class we are looking
up. */
int
nscd_request_avc_has_perm (int fd, request_type req)
{
/* Initialize to NULL so we know what to free in case of failure. */
security_context_t scon = NULL;
security_context_t tcon = NULL;
security_id_t ssid = NULL;
security_id_t tsid = NULL;
int rc = -1;
security_class_t sc_nscd;
access_vector_t perm;
int avc_deny_unknown;
/* Check if SELinux denys or allows unknown object classes
and permissions. It is 0 if they are allowed, 1 if they
are not allowed and -1 on error. */
if ((avc_deny_unknown = security_deny_unknown ()) == -1)
dbg_log (_("Error querying policy for undefined object classes "
"or permissions."));
如何修复它?你能帮我吗?提前感谢。您可以在不支持SELinux的情况下编译glibc(使用
配置-禁用SELinux
)
我很惊讶你居然走了这么远。Glibc2.20需要至少2.6.32的内核版本。也许您仍然可以构建库,因为Red Hat内核后端口添加了所有必要的系统接口,但是由于glibc二进制文件中内置了版本检查,您将无法在2.6.18内核上运行任何与此glibc相关的程序
相反,您必须将PyQt和Anaconda移植到Red Hat Enterprise Linux 5.8系统。通过开发工具集(DTS)可以获得更为现代的C++编译器,但即使如此,它也将是一项相当大的工作。我会试试你的建议