本文记录了解决Python中maxent库因SELinux安全策略导致无法加载的问题过程。通过调整文件上下文标签,成功允许了maxent库的正确运行。
maxent是我们的系统用最大熵做关键字提取时用到的一个库。今天上午查看系统日志的时候,发现有一个SELinux的报警:
Apr 3 04:57:49 nserver setroubleshoot: SELinux is preventing /usr/local/bin/python from loading /usr/local/lib/python2.5/site-packages/maxent/_cmaxent.so which requires text relocation. For complete SELinux messages. run sealert -l 6c940625-07c7-4f49-87a5-8f06b9361590
执行sealert -l 6c940625-07c7-4f49-87a5-8f06b9361590看到的详细信息如下:
Summary
SELinux is preventing /usr/local/bin/python from loading
/usr/local/lib/python2.5/site-packages/maxent/_cmaxent.so which requires
text relocation.
Detailed Description
The /usr/local/bin/python application attempted to load
/usr/local/lib/python2.5/site-packages/maxent/_cmaxent.so which requires
text relocation. This is a potential security problem. Most libraries do
not need this permission. Libraries are sometimes coded incorrectly and
request this permission. The http://people.redhat.com/drepper/selinux-
mem.html web page explains how to remove this requirement. You can
configure SELinux temporarily to allow /usr/local/lib/python2.5/site-
packages/maxent/_cmaxent.so to use relocation as a workaround, until the
library is fixed. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.
Allowing Access
If you trust /usr/local/lib/python2.5/site-packages/maxent/_cmaxent.so to
run correctly, you can change the file context to textrel_shlib_t. "chcon -t
textrel_shlib_t /usr/local/lib/python2.5/site-packages/maxent/_cmaxent.so"
The following command will allow this access:
chcon -t textrel_shlib_t /usr/local/lib/python2.5/site-packages/maxent/_cmaxent.so
可能是maxent的Python Wrapper的问题吧。按提示执行了chcon -t textrel_shlib_t /usr/local/lib/python2.5/site-packages/maxent/_cmaxent.so,回头再看看
扫一扫
6218
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
