About Me

Curriculum Vitae

A brief list of my current skill set

Bloggybits

Why Do People Come Here?
Monday, 15th October 2012, 15:47

They come to look at porn!

Idiot thinks Raspberry Pi Unsuitable for Education
Tuesday, 2nd October 2012, 15:24

Dumbest thing I've read since...

Upgrading to PostgreSQL 9.2 on CentOS 5
Tuesday, 25th September 2012, 14:52

It's easy as PI!

Fare Ye Well Work Email You Have Served Me Well
Monday, 17th September 2012, 14:36

Cause of death too much spam

Forest Racer - A HTML5 Game in Under 13K
Tuesday, 11th September 2012, 20:46

Including all assets, but only when zipped

Entering a 13k HTML5 Game Competition
Tuesday, 4th September 2012, 16:31

I'm so tempted to have a go at this

Faster Loops and Faster Iterations in Node.js and V8
Wednesday, 29th August 2012, 13:16

Is Object.keys faster than For...In?

And the Fastworks.js framework is Born!
Wednesday, 22nd August 2012, 16:23

Well I'm excited, even if you aren't

Libxmljs Update on CentOS 3.8 throws an SELinux Wobbley Fit
Monday, 20th August 2012, 15:40

The right way to fix this sort of issue

TV Land Doesn't Understand Technology
Friday, 17th August 2012, 17:09

Or maybe it does and thinks we don't?

Yet More Benchmarking - Function Chains vs Object Chains
Wednesday, 15th August 2012, 13:34

Working towards a faster Node.js framework

More Benchmarking in Node.js and V8
Tuesday, 14th August 2012, 12:19

Working out the fastest way to route

MinnaHTML.js Benchmarking for Speed in Node.js
Monday, 13th August 2012, 17:55

Don't believe it, test it

Playing Around With HTML5's Canvas
Friday, 10th August 2012, 16:19

Speccy loading screens in a browser!

Scripting in Node.js AKA How to Watch for Olympic Tickets Using a Script
Tuesday, 7th August 2012, 23:37

Let Node refresh the webpage so you don't have to!

Projects and Sillyness

MAME Cabinet Diary

How I built my own arcade cabinet

Loading Screen Simulator

I don't miss the ZX Spectrum, I still use it!

The Little Guy Chat Room

It's a Pitfall inspired chat room

GPMad MP3

A fully featured MP3 player what I wrote

GP Space Invaders

My first little emulator

GP32 Development Page

Some info and links about this cute little handheld

Disney Nasties

Uncensored images, you must be 18 to view them

Minna's World

The cuttest fluffy puppy in the world

Diary of a Hamster

Learn about how hamsters think, first hand

Utilities

Time Calculator

A simple little online utility for working out how many hours to bill a client

A Few Links

Libxmljs Update on CentOS 3.8 throws an SELinux Wobbley Fit
Monday, 20th August 2012, 15:40

So every now and again, I get brave. And I run "npm update" which can cause all sorts of issues as it updates my most relied on node modules to ones which require changes to my code, or updates to libraries I have installed, or in the case of last week, just plain break on CentOS 3.8.

The offending module this time was libxmljs, and the offending error related to SELinux. Here is what flew up the console when I tried to launch any Node.js app post update:

domain.js:66
throw er;
^
Error: /var/www/node/node_modules/libxmljs/build/Release/libxmljs.node: cannot restore segment prot after reloc: Permission denied
at Object.Module._extensions..node (module.js:485:11)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)
at Module.require (module.js:362:17)
at require (module.js:378:17)
at bindings (/var/www/node/node_modules/libxmljs/node_modules/bindings/bindings.js:74:15)
at Object.<anonymous> (/var/www/node/node_modules/libxmljs/lib/bindings.js:1:99)
at Module._compile (module.js:449:26)
at Object.Module._extensions..js (module.js:467:10)
at Module.load (module.js:356:32)

At first glance, that is a real... uh... um... whut? moment right there. But a quick google and although this specific module isn't mentioned, other Linux related issues appear that link the phrase "cannot restore segment prot after reloc" quite clearly with SELinux, along with a lot of very dodgy looking fixes to the problem.

I say dodgy, because I don't know, perhaps this is just me, but isn't SELinux some security feature? Designed to help protect against things like your database and web servers being compromised and abusing your system? I don't claim to be a world expert in network intrusion, but I'm pretty sure that if something is tripping your burglar alarm, turning it off permanently is not the solution surely?

So some more research later, I discovered how to explicitly allow a specified library (or in this case node module) permission to restore it's segment protection setting after relocating itself. Actually I have no idea if that is what it does which triggers this error, I'm doing what newspapers and radio shows across the world do on a regular basis, pretending my level of knowledge is adequate enough to make a statement on something.


Firstly I am making some assumptions, these are the following:

  1. It is safe to let the libxmljs module do this
  2. Because I run every node webapp process under it's own user if this did somehow become compromised damage would be limited
    (please tell me you don't run them all under one, or root?)

Now, if you both assume and understand those, here is the a-lot-less-evil-than-just-turning-off-SELinux-command itself...

chcon -t texrel_shlib_t /var/www/node/node_modules/libxmljs/build/Release/libxmljs.node

Note that you will have to change the path to wherever you keep libxmljs for this to work. Also if this isn't the module which is causing you problems, then you'll need to hunt down what that is yourself. Needless to say if your problem is related to a Node.js module, then it is highly likely whatever *.node file is in that module's directory. If the issue is more widespread, then it is probably a library that ends in .so and sits in /usr/local/lib or suchlike.

Happy hunting!

Comments

Add Your Own Comment