Re: package selinux-policy-2.6.4-35.fc7 link

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Monday 13 August 2007 07:24:23 Daniel J Walsh wrote:
> I will put it in fedora-testing today along with fixes for your problem.

Thanks.  I just installed it but afterwards, I still see these when I
run "sudo ldconfig" with setenforce 0:

    type=AVC msg=audit(1187043238.692:2616): avc:  denied  { dac_override } for  pid=15479 comm="ldconfig" capability=1 scontext=user_u:system_r:ldconfig_t:s0 tcontext=user_u:system_r:ldconfig_t:s0 tclass=capability
    type=SYSCALL msg=audit(1187043238.692:2616): arch=40000003 syscall=195 success=yes exit=0 a0=89c1c08 a1=bf8b83e0 a2=89bf801 a3=89bf801 items=0 ppid=15457 pid=15479 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="ldconfig" exe="/sbin/ldconfig" subj=user_u:system_r:ldconfig_t:s0 key=(null)
    type=AVC msg=audit(1187043239.334:2617): avc:  denied  { search } for  pid=15479 comm="ldconfig" name="/" dev=dm-1 ino=2 scontext=user_u:system_r:ldconfig_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir
    type=SYSCALL msg=audit(1187043239.334:2617): arch=40000003 syscall=195 success=yes exit=0 a0=bf8b7460 a1=bf8b84bc a2=a000 a3=89c0a88 items=0 ppid=15457 pid=15479 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="ldconfig" exe="/sbin/ldconfig" subj=user_u:system_r:ldconfig_t:s0 key=(null)

> You can always modify selinux policy by executing
> 
> grep ldconfig /var/log/audit/audit.log | audit2allow -M myldconfig
> semodule -i myldconfig.pp

Yes, it produces:

    module myldconfig 1.0;

    require {
	    type home_root_t;
	    type ldconfig_t;
	    class capability dac_override;
	    class dir search;
    }

    #============= ldconfig_t ==============
    allow ldconfig_t home_root_t:dir search;
    allow ldconfig_t self:capability dac_override;

I can't help but think that the AVCs are due to something I did
instead of ldconfig or its shipped policy.  Any thoughts?

-- 
Garry T. Williams --- +1 678 656-4579

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux