make glibc-2.20 report xxx / nscd / selinux.c:368:未定义引用`security_deny_unknown

时间:2018-04-07 15:06:13

标签: security pthreads glibc selinux

我的操作系统是:RedHat5.8,

内核是:Linux hcw3 2.6.18-308.el5#1 SMP Fri Jan 27 17:21:15 EST 2012 i686 i686 i386 GNU / Linux

我已经在我的主机上安装了anaconda3-5.1.0-Linux-x86.sh安装了pyqt5,但是在运行一个简单的'hellworld.py'程序时我遇到了一系列错误。在逐个安装相关软件包之后,最后还是有一个依赖软件包libpthread.so.0要求安装版本`GLIBC_2.20'。但是我的服务器只安装了glibc2.5,所以我需要在其他地方安装另一个更新的glibc,由libpthread.so.0调用。

我下载了glibc2.20源代码,configure命令如下所示:

    ../configure --prefix=/app/open_source/glibc/2.20 --with-headers=/usr/include 

没问题,但在运行'make'

时出现以下错误
    /app/open_source/glibc/glibc-2.20/build/nscd/nscd.o: In function `main':
    /app/open_source/glibc/glibc-2.20/nscd/nscd.c:297: warning: inotify_init1 is not implemented and will always fail
    /app/open_source/glibc/glibc-2.20/build/nscd/selinux.o: In function `nscd_request_avc_has_perm':
    /app/open_source/glibc/glibc-2.20/nscd/selinux.c:368: undefined reference to `security_deny_unknown'
    collect2: error: ld returned 1 exit status

selinux.c的部分如下所示:

    /* Check the permission from the caller (via getpeercon) to nscd.
   Returns 0 if access is allowed, 1 if denied, and -1 on error.

   The SELinux policy, enablement, and permission bits are all dynamic and the
   caching done by glibc is not entirely correct.  This nscd support should be
   rewritten to use selinux_check_permission.  A rewrite is risky though and
   requires some refactoring.  Currently we use symbolic mappings instead of
   compile time constants (which SELinux upstream says are going away), and we
   use security_deny_unknown to determine what to do if selinux-policy* doesn't
   have a definition for the the permission or object class we are looking
   up.  */
int
nscd_request_avc_has_perm (int fd, request_type req)
{
  /* Initialize to NULL so we know what to free in case of failure.  */
  security_context_t scon = NULL;
  security_context_t tcon = NULL;
  security_id_t ssid = NULL;
  security_id_t tsid = NULL;
  int rc = -1;
  security_class_t sc_nscd;
  access_vector_t perm;
  int avc_deny_unknown;

  /* Check if SELinux denys or allows unknown object classes
     and permissions.  It is 0 if they are allowed, 1 if they
     are not allowed and -1 on error.  */
  if ((avc_deny_unknown = security_deny_unknown ()) == -1)
    dbg_log (_("Error querying policy for undefined object classes "
           "or permissions."));

如何修复?你可以帮帮我吗?提前谢谢。

1 个答案:

答案 0 :(得分:1)

您可以在没有SELinux支持的情况下编译glibc(使用UPDATE tblOne INNER JOIN tblTwo ON tblOne.TID = tblTwo.TID SET tblTwo.PC = tblOne.PC 配置)。

我很惊讶你实际上走得那么远。 glibc 2.20需要至少2.6.32的内核版本。也许您仍然可以构建库,因为Red Hat内核backports添加了所有必需的系统接口,但是由于glibc二进制文件中内置的版本检查,您将无法在2.6.18内核上运行与此glibc链接的任何程序

相反,您必须将PyQt和Anaconda移植到您的Red Hat Enterprise Linux 5.8系统。您可以通过Developer Toolset(DTS)获得更现代的C ++编译器,但即使这样,它也会有相当多的工作。