On Thu, 2004-12-09 at 08:19, Stephen Smalley wrote: > The 'ls' output indicates that the libpcre shared object is labeled > correctly, so I wonder if he had already relabeled it via fixfiles or > restorecon prior to running that ls. > > The prelink.log file does include some 'Could not get security context" > errors (with errno ENODATA), which is interesting, but peculiar that > there is no such error for the libpcre shared object, since that is the > one that is triggering this denial. The lack of any context on those > files is very odd unless he ran with SELinux disabled for a while (in > which case the files would indeed end up with no context if they were > updated while SELinux was disabled and he failed to relabel when he > re-enabled SELinux). Note: I added a comment to the bugzilla entry with this information and also asked the bug reporter several follow-up questions. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
