Re: package selinux-policy-2.6.4-35.fc7 link

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Garry T. Williams wrote:
On Monday 13 August 2007 07:24:23 Daniel J Walsh wrote:
I will put it in fedora-testing today along with fixes for your problem.

Thanks.  I just installed it but afterwards, I still see these when I
run "sudo ldconfig" with setenforce 0:

    type=AVC msg=audit(1187043238.692:2616): avc:  denied  { dac_override } for  pid=15479 comm="ldconfig" capability=1 scontext=user_u:system_r:ldconfig_t:s0 tcontext=user_u:system_r:ldconfig_t:s0 tclass=capability
    type=SYSCALL msg=audit(1187043238.692:2616): arch=40000003 syscall=195 success=yes exit=0 a0=89c1c08 a1=bf8b83e0 a2=89bf801 a3=89bf801 items=0 ppid=15457 pid=15479 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="ldconfig" exe="/sbin/ldconfig" subj=user_u:system_r:ldconfig_t:s0 key=(null)
    type=AVC msg=audit(1187043239.334:2617): avc:  denied  { search } for  pid=15479 comm="ldconfig" name="/" dev=dm-1 ino=2 scontext=user_u:system_r:ldconfig_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir
    type=SYSCALL msg=audit(1187043239.334:2617): arch=40000003 syscall=195 success=yes exit=0 a0=bf8b7460 a1=bf8b84bc a2=a000 a3=89c0a88 items=0 ppid=15457 pid=15479 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 comm="ldconfig" exe="/sbin/ldconfig" subj=user_u:system_r:ldconfig_t:s0 key=(null)

You can always modify selinux policy by executing

grep ldconfig /var/log/audit/audit.log | audit2allow -M myldconfig
semodule -i myldconfig.pp

Yes, it produces:

    module myldconfig 1.0;

    require {
	    type home_root_t;
	    type ldconfig_t;
	    class capability dac_override;
	    class dir search;
    }

    #============= ldconfig_t ==============
    allow ldconfig_t home_root_t:dir search;
    allow ldconfig_t self:capability dac_override;

I can't help but think that the AVCs are due to something I did
instead of ldconfig or its shipped policy.  Any thoughts?


No this is because you are running ldconfig on files in your homedir, and we have not seen this before. See if selinux-policy-2.6.4-38 fixes your problem

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux