gdb /sbin/sefcontext_compile
...
(gdb) r
Starting program: /usr/sbin/sefcontext_compile
/usr/sbin/sefcontext_compile: error while loading shared libraries: cannot make segment writable for relocation: Permission denied
[Inferior 1 (process 1782) exited with code 0177]
(gdb)

This only happens on riscv, I haven't seen it on any other platforms.  This is likely to be a bug
in library package but I don't know which one.

Can you show the output of `readelf -W -l
/usr/sbin/sefcontext_compile` and `readelf -W -a ${LIBRARY} | grep -i
textrel` for each library in `ldd /usr/sbin/sefcontext_compile` ?

Hi,

    In newest version selinux-utils (3.4-1) on riscv, #981629 [1] is fixed.

The output in my riscv board:

gdb /sbin/sefcontext_compile
GNU gdb (Debian 11.2-1) 11.2
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "riscv64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
     <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /sbin/sefcontext_compile...
Reading symbols from
/usr/lib/debug/.build-id/ae/c04f89b51df7a5a6159db185edf12f98bc99bc.debug...
(gdb) r
Starting program: /usr/sbin/sefcontext_compile
usage: /usr/sbin/sefcontext_compile [-o out_file] [-p policy_file] fc_file
Where:
     -o       Optional file name of the PCRE formatted binary
              file to be output. If not specified the default
              will be fc_file with the .bin suffix appended.
     -p       Optional binary policy file that will be used to
              validate contexts defined in the fc_file.
     -r       Omit precompiled regular expressions from the output.
              (PCRE2 only. Compiled PCRE2 regular expressions are
              not portable across architectures. Use this flag
              if you know that you build for an incompatible
              architecture to save space. When linked against
              PCRE1 this flag is ignored.)
     -i       Print regular expression info end exit. That is, back
              end version and architecture identifier.
              Arch identifier format (PCRE2):
              <pointer width>-<size type width>-<endianness>, e.g.,
              "8-8-el" for x86_64.
     fc_file  The text based file contexts file to be processed.
[Inferior 1 (process 47533) exited with code 01]
(gdb)
------------------------------------------------------------------------

There is not error now.


[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981629

Hi,

    In newest version selinux-utils (3.4-1) on riscv, #981629 [1] is fixed.

The output in my riscv board:

gdb /sbin/sefcontext_compile
GNU gdb (Debian 11.2-1) 11.2
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "riscv64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
     <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /sbin/sefcontext_compile...
Reading symbols from
/usr/lib/debug/.build-id/ae/c04f89b51df7a5a6159db185edf12f98bc99bc.debug...
(gdb) r
Starting program: /usr/sbin/sefcontext_compile
usage: /usr/sbin/sefcontext_compile [-o out_file] [-p policy_file] fc_file
Where:
     -o       Optional file name of the PCRE formatted binary
              file to be output. If not specified the default
              will be fc_file with the .bin suffix appended.
     -p       Optional binary policy file that will be used to
              validate contexts defined in the fc_file.
     -r       Omit precompiled regular expressions from the output.
              (PCRE2 only. Compiled PCRE2 regular expressions are
              not portable across architectures. Use this flag
              if you know that you build for an incompatible
              architecture to save space. When linked against
              PCRE1 this flag is ignored.)
     -i       Print regular expression info end exit. That is, back
              end version and architecture identifier.
              Arch identifier format (PCRE2):
              <pointer width>-<size type width>-<endianness>, e.g.,
              "8-8-el" for x86_64.
     fc_file  The text based file contexts file to be processed.
[Inferior 1 (process 47533) exited with code 01]
(gdb)
------------------------------------------------------------------------

There is not error now.


[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981629

Hi,

    In newest version selinux-utils (3.4-1) on riscv, #981629 [1] is fixed.

The output in my riscv board:

gdb /sbin/sefcontext_compile
GNU gdb (Debian 11.2-1) 11.2
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "riscv64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
     <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /sbin/sefcontext_compile...
Reading symbols from
/usr/lib/debug/.build-id/ae/c04f89b51df7a5a6159db185edf12f98bc99bc.debug...
(gdb) r
Starting program: /usr/sbin/sefcontext_compile
usage: /usr/sbin/sefcontext_compile [-o out_file] [-p policy_file] fc_file
Where:
     -o       Optional file name of the PCRE formatted binary
              file to be output. If not specified the default
              will be fc_file with the .bin suffix appended.
     -p       Optional binary policy file that will be used to
              validate contexts defined in the fc_file.
     -r       Omit precompiled regular expressions from the output.
              (PCRE2 only. Compiled PCRE2 regular expressions are
              not portable across architectures. Use this flag
              if you know that you build for an incompatible
              architecture to save space. When linked against
              PCRE1 this flag is ignored.)
     -i       Print regular expression info end exit. That is, back
              end version and architecture identifier.
              Arch identifier format (PCRE2):
              <pointer width>-<size type width>-<endianness>, e.g.,
              "8-8-el" for x86_64.
     fc_file  The text based file contexts file to be processed.
[Inferior 1 (process 47533) exited with code 01]
(gdb)
------------------------------------------------------------------------

There is not error now.


[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981629