Sorry to belabor this....but running strict/enforcing, here is a subset of the messages from 'yum update' of today's Rawhide: gnome-vfs2 100 % done 3/161 /sbin/ldconfig: Renaming of /etc/ld.so.cache~ to /etc/ld.so.cache failed: Permission denied error: %post(gnome-vfs2-2.8.2-1.i386) scriptlet failed, exit status 1 gail 100 % done 4/161 mozilla-nspr 100 % done 5/161 error: %post(mozilla-nspr-1.7.3-13.i386) scriptlet failed, exit status 1 eel2 100 % done 6/161 rpm-libs 100 % done 7/161 ImageMagick 100 % done 8/161 grep 100 % done 9/161 pam 100 % done 10/161 /sbin/ldconfig: Renaming of /etc/ld.so.cache~ to /etc/ld.so.cache failed: Permission denied mozilla-nss 100 % done 11/161 error: %post(mozilla-nss-1.7.3-13.i386) scriptlet failed, exit status 1 mozilla 100 % done 12/161 sane-backends 100 % done 13/161 rpm 100 % done 14/161 /sbin/ldconfig: Renaming of /etc/ld.so.cache~ to /etc/ld.so.cache failed: Permission denied cups-libs 100 % done 15/161 libuser 100 % done 16/161 /sbin/ldconfig: Renaming of /etc/ld.so.cache~ to /etc/ld.so.cache failed: Permission denied error: %post(libuser-0.52.5-1.i386) scriptlet failed, exit status 1 ImageMagick-c++ 100 % done 17/161 nautilus 100 % done 78/161 /sbin/ldconfig: Renaming of /etc/ld.so.cache~ to /etc/ld.so.cache failed: Permission denied nautilus-cd-burner 100 % done 79/161 /sbin/ldconfig: Renaming of /etc/ld.so.cache~ to /etc/ld.so.cache failed: Permission denied control-center 100 % done 80/161 /sbin/ldconfig: Renaming of /etc/ld.so.cache~ to /etc/ld.so.cache failed: Permission denied rpm -V of the above packages is non-eventful, except for libuser: .......T. c /etc/libuser.conf ..5....T. /usr/bin/lchfn ..5....T. /usr/bin/lchsh ..5....T. /usr/lib/libuser.so.1.1.1 ..5....T. /usr/lib/libuser/libuser_files.so ..5....T. /usr/lib/libuser/libuser_ldap.so ..5....T. /usr/lib/libuser/libuser_shadow.so S.5....T. /usr/lib/python2.3/site-packages/libusermodule.so ..5....T. /usr/sbin/lchage ..5....T. /usr/sbin/lgroupadd ..5....T. /usr/sbin/lgroupdel ..5....T. /usr/sbin/lgroupmod ..5....T. /usr/sbin/lid ..5....T. /usr/sbin/lnewusers ..5....T. /usr/sbin/lpasswd ..5....T. /usr/sbin/luseradd ..5....T. /usr/sbin/luserdel ..5....T. /usr/sbin/lusermod .......T. /usr/share/locale/ar/LC_MESSAGES/libuser.mo <<<SNIP files with just T changes>>> Is this safe to ignore? Should I reinstall offending packages running in permissive mode? Other? tom On Tue, 12 Oct 2004 10:44:32 -0400, Jeff Johnson <n3npq@xxxxxxxxx> wrote: > Stephen Smalley wrote: > > >On Tue, 2004-10-12 at 10:03, Jeff Johnson wrote: > > > > > >>Better still, how about libselinux_execve() clone. no reason why libselinux > >>should not do the execve as well afaict. > >> > >> > > > >Hmmm..that lends itself to interface spread, as people will then want > >libselinux_execl*, libselinux_execvp, ... and possibly even > >libselinux_popen, as opposed to just a setexeccon-like function that can > >be called prior to any of those normal calls. We actually had > >execve_secure() in the old SELinux API, but were forced to migrate to > >setexeccon();execve(); as part of mainstream inclusion. > > > > > > Interface spread appreciated, but whether application or library does > execve(2) is > pehaps not the important issue. > > A hook called afetr fork(2) to permit libselinux to change the execution > environment opaquely > is what rpm seeks, execve(2) clone is a rather natural way to define the > necessary API imho. > > But if you want rpm (or application) to do its own execve(2), well, that > works too. The issue > for rpm is opaqueness, i.e. not compiling "rpm_script_t" and the > decision algorithm into rpmlib. > > 73 de Jeff > > > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > http://www.redhat.com/mailman/listinfo/fedora-selinux-list > -- Tom London
