解決銀河麒麟kylin.desktop-generic編譯生成的程序執行報錯“權限不夠”

問題復現

編寫一個簡單的a.c程序

#include <stdio.h>


void main(){
	printf("zzz\n");	
}

編譯該程序，生成a.out可執行程序

greatwall@greatwall-KVM-Virtual-Machine:~/cproj$ gcc a.c
greatwall@greatwall-KVM-Virtual-Machine:~/cproj$ ll
總用量 24
drwxrwxr-x  2 greatwall greatwall 4096 6月   9 14:49 ./
drwx------ 26 greatwall greatwall 4096 6月   9 14:39 ../
-rw-rw-r--  1 greatwall greatwall   55 6月   9 14:38 a.c
-rwxrwxr-x  1 greatwall greatwall 9488 6月   9 14:49 a.out*

可以看到生成的a.out具備可執行權限

執行該程序

greatwall@greatwall-KVM-Virtual-Machine:~/cproj$ ./a.out
bash: ./a.out: 權限不夠

報錯

權限不夠

 

解決方案

方案一：設置麒麟系統安全狀態爲Softmode

greatwall@greatwall-KVM-Virtual-Machine:~/cproj$ sudo setstatus Softmode
[sudo] greatwall 的密碼：
greatwall@greatwall-KVM-Virtual-Machine:~/cproj$ getstatus 
KySec status: Softmode

exec control: on
file protect: on
kmod protect: on
three admin : off
greatwall@greatwall-KVM-Virtual-Machine:~/cproj$ ./a.out
zzz

方案二：單獨設置a.out文件kysec執行權限

greatwall@greatwall-KVM-Virtual-Machine:~/cproj$ sudo kysec_set -n exectl -v trusted ./a.out
[sudo] greatwall 的密碼：
greatwall@greatwall-KVM-Virtual-Machine:~/cproj$ ./a.out
zzz

總結

1. 方案一適合用在開發環境，可有效避免編譯生成的各類文件不可執行故障

2. 方案二適合Normal模式下，安裝軟件後爲軟件制定可執行權限

附件

kysec_set man手冊

kysec_set(8)              System Manager's Manual              kysec_set(8)

NAME
       kysec_set - set kysec label for specfied path(s)

SYNOPSIS
       kysec_set [ -n part ] [ -r ] -v value path1 ..

DESCRIPTION
       kysec_set  set  the kysec label of specified files or directories to
       value.  Kysec label is composed of three parts: identify part,  pro‐
       tect part and exectl part.

       when  not used with -n option, kysec label should be in such format:
       "identify:protect:exectl". Set the new value to 'none' to clear  the
       corresponding part of kysec label.

       for identify part, these values are valid:

           secadm          commands for secadm

           audadm          commands for auditadm

       for exectl part, these values are valid:

           unknown              unknown files

           original             original system files

           verified             verified 3rd party files

           kysoft               software installer

           trusted              trusted files

       for protect part, only readonly is valid.

OPTIONS
       -n          set  specified part of kysec labels. part can be exectl,
              userid or protect.

       -r          process labels recursively, only usable for directories.

       -v          the new label value

EE ALSO
       getstatus(8), setstatus(8), kysec_get(8)

                                                               kysec_set(8)