Colin Walters wrote:
On Fri, 2004-11-19 at 17:51 -0500, Jeff Johnson wrote:
The problem is well known, has poppped up repeatedly, is way too complicated
to analyze back to the root cause (which was that only /bin/sh has "rpm_script_t" as
exec context type), is "fixed" in rpm-4.3.3 (for FC4), and will be fixed elsewhere
as soon as I find a "rpm_execcon" symbol in a libselinux that I can link against,
I've seen this on targeted machines too, where rpm and scriptlets run as
unconfined_t, correct? The above bug report is against selinux-policy-
targeted too.
All machines, all policies, all rpm's earlier than rpm-4.3.3. The problem is one of
mix-n-match, not any specific flaw.
Dunno about "unconfined_t" symptom, dwalsh knows the problem details better than I do.
Look for Smalley's rpm_execcon patch post in September for the last known manifestation
and analysis of the causes if you wish to understand the gory details to confirm the problem.
73 de Jeff
