On Mon, 2004-10-11 at 02:34, Russell Coker wrote: > On Sat, 9 Oct 2004 02:14, Stephen Smalley <sds@xxxxxxxxxxxxxx> wrote: > > /etc/ld.so.cache is supposed to be labeled ld_so_cache_t. > > ldconfig is being executed directly from rpm not via "sh -c ldconfig". This > means that it doesn't transition to ldconfig_t. > > Jeff, please change rpm to use "sh -c" for spawning all scripts including > ldconfig and /usr/sbin/glibc_post_upgrade. Should I file a bugzilla against > rpm? Ironically, this used to work with the older rpm that did not setexeccon to rpm_script_t for binaries, as there was a transition from rpm_t to ldconfig_t in the policy. But since we asked Jeff to change the behavior, the explicit setexeccon takes precedence over the default transition, and ldconfig ends up running in rpm_script_t directly then. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
