Software Archive
Read-only legacy content
17060 Discussions

selinux issues

BradleyKuszmaul
Beginner
‎05-10-2011 07:49 AM
475 Views
I've continued to run into selinux issues where this message pops out:
/opt/intel/composerxe-2011.3.174/compiler/lib/intel64/libcilkrts.so.5: cannot restore segment prot after reloc: Permission denied
We typically fiddle around with selinux settings to make this go away.
My big concern is that my customers will run into this problem, and our customers will not want to fiddle with selinux settings.
I don't really understand what's going on here, but I have the feeling that if I could ship staticall-linked binaries, the problem wouldn't arise.
What are the best practices for an ISV to ship binaries that use cilk? (For us, one of the "best practices" has always been static compilation of anything that's not in the standard linux libraries.)
-Bradley
0 Kudos

Link Copied

6 Replies
Brandon_H_Intel
Employee
‎05-11-2011 09:53 AM
475 Views
Hi Bradley,

So can you confirm that if the SELinux settings are set to permissive that this problem goes away? What OS are you seeing this on and what are the SELinux settings when it fails?
0 Kudos
Copy link
zardosht_kasheff
Beginner
‎05-11-2011 10:57 AM
475 Views
Hello Brandon,

I work at Tokutek with Bradley. I can confirm that SELinux settings are set to permissive, the problem goes away, but if they are set to Enforcing, then the problem persists (these are the only two settings AFAIK). The OS is CentOS 5.5.

-Zardosht
0 Kudos
Copy link
BradleyKuszmaul
Beginner
‎05-11-2011 09:22 PM
475 Views
So if our customer is running in Enforcing mode, will our software fail?
0 Kudos
Copy link
Brandon_H_Intel
Employee
‎05-12-2011 05:44 PM
475 Views
It looks likely. I wasn't able to reproduce this when I posted about this at http://software.intel.com/en-us/forums/showthread.php?t=78752&o=a&s=lr, but admittedly I might not have got the right configuration. And we don't have any CentOS* systems in our lab - CentOS is not one of our supported/tested Linux* distributions. Ones that are from our Release Notes:

o Asianux* 3.0, 4.0

o Fedora* 12, 13

o Red Hat Enterprise Linux* 4, 5, 6

o SUSE LINUX Enterprise Server* 10, 11

o Ubuntu* 10.04

o Debian* 5.0

That doesn't mean that I don't consider this a problem, but it will make it trickier for me to deal with if it's CentOS-specific. I'll keep you posted on this thread.

0 Kudos
Copy link
BradleyKuszmaul
Beginner
‎05-13-2011 07:06 AM
475 Views
centos 5 should be the same as rhel 5.
So this is puzzling.
-Bradley
0 Kudos
Copy link
Brandon_H_Intel
Employee
‎05-20-2011 06:16 PM
475 Views
So Red Hat 4.2 works fine:

$ ./linear-recurrence

the linear recurrence value is 9

time (in ms) for sequential execution: 218.913

time (in ms) for parallel execution: 241.232

$cat /selinux/enforce

0$ sudo /usr/sbin/setenforce 1

$ ./linear-recurrence

the linear recurrence value is 9

time (in ms) for sequential execution: 218.913

time (in ms) for parallel execution: 238.633

I'll see if I can try it on Red Hat EL 5.

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.