Russell Coker wrote:
avc: denied { search } for pid=3019 exe=/usr/sbin/glibc_post_upgrade name=1 dev=proc ino=65538 scontext=root:sysadm_r:rpm_t tcontext=system_u:system_r:init_t tclass=dir
Jeff, it seems that the glibc post upgrade script run when a new glibc package is installed gets run as rpm_t not rpm_script_t. Do you have any ideas why this is?
Yes, rpm_script_t is applied only for /bin/sh, not for other helpers like /sbin/ldconfig, and
/usr/sbin/{glibc,libgcc}_post_upgrade, to name the other known helpers.
I can certainly change that behavior, and have asked several times if I should, with no answer.
73 de Jeff
