On Thu, Jun 03, 2004 at 01:59:16PM +1000, Russell Coker wrote:
> On Thu, 3 Jun 2004 02:29, Chris Grier <grier@xxxxxxxx> wrote:
> > Hi, I'm using Fedora Core 2 with SELinux, and I was wondering if there
> > is an official place to submit (possible) policy changes. I have run
>
> Here is the best place.
>
> > hda6 is the / partition, where the loopback file is (I'm using losetup
> > to setup the loop, and dm-crypt to encrypt, which is then mounted as a
> > user home directory)
> >
> > audit(1086192065.154:0): avc: denied { read } for pid=2844
> > exe=/sbin/ldconfig name=libdevmapper.so.1.00 dev=hda6 ino=278879
> > scontext=root:sysadm_r:ldconfig_t tcontext=system_u:object_r:usr_t
> > tclass=file
>
> What directory is libdevmapper.so.1.00 in?
>
Symlinked into /usr/local/lib from
/usr/local/encap/device-mapper-1.00.17/lib
[chris@localhost chris]$ ls -laZd /usr/local/lib
drwxr-xr-x+ root root system_u:object_r:lib_t /usr/local/lib
So my next guess is that /usr/local/encap/* is not labeled correctly,
and this is generating the audits (it IS not labled correctly). I didn't
think about this since /usr/local/lib is labeled correctly, athough the
files that encap links in are not. Simple to add this to the file
contexts though. Thanks.
--
Chris Grier <grier@xxxxxxxx>
