On Mon, 2005-05-16 at 11:13 -0400, Peter Jones wrote: > Anaconda has been using initramfs for boot media since November. Are > you sure you mean initrd? > > Regardless of that, why isn't ld.so.cache's context getting set > correctly from the data in the glibc package? It is a runtime-created file, and ldconfig is not specifically modified to set the security context on it, so it just follows the default behavior, i.e. if there is a file type transition rule for the creating domain and the parent directory type, then apply the resulting type (which is what normally happens when ldconfig is run in the ldconfig_t domain); otherwise, inherit the type from the parent directory. In this case, it seems that ldconfig is not running in its domain because the caller isn't in the expected domain because the calling sequence never transitioned out of kernel_t due to the lack of labeling on the initramfs. At least that is what I gleaned from Russell's posting. -- Stephen Smalley National Security Agency -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-devel-list
