On Wed, 2004-12-08 at 18:27, Joe Orton wrote: > On Fri, Dec 03, 2004 at 08:42:18AM -0500, Stephen Smalley wrote: > > BTW, ask people who encounter the mislabeled shared objects to check > > their /var/log/prelink.log for errors, particularly "Could not get > > security context" or "Could not set security context", as prelink is > > supposed to log those errors when it cannot get or set the file context. > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=142319 > > is that any use? The 'ls' output indicates that the libpcre shared object is labeled correctly, so I wonder if he had already relabeled it via fixfiles or restorecon prior to running that ls. The prelink.log file does include some 'Could not get security context" errors (with errno ENODATA), which is interesting, but peculiar that there is no such error for the libpcre shared object, since that is the one that is triggering this denial. The lack of any context on those files is very odd unless he ran with SELinux disabled for a while (in which case the files would indeed end up with no context if they were updated while SELinux was disabled and he failed to relabel when he re-enabled SELinux). -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency