On Tue, 2005-01-04 at 02:14, Bob Kashani wrote:
> But here is the log message that I get when ldconfig fails in /home (as
> requested by Stephen).
>
> Jan 3 22:44:05 chaucer kernel: audit(1104821045.640:0): avc: denied
> { search } for pid=4960 exe=/sbin/ldconfig name=bob-chroot dev=hdb1
> ino=855792 scontext=root:system_r:ldconfig_t
> tcontext=user_u:object_r:file_t tclass=dir
> Jan 3 22:44:05 chaucer kernel: audit(1104821045.641:0): avc: denied
> { search } for pid=4960 exe=/sbin/ldconfig name=bob-chroot dev=hdb1
> ino=855792 scontext=root:system_r:ldconfig_t
> tcontext=user_u:object_r:file_t tclass=dir
First, I'd suggest relabeling /home, as there shouldn't be any file_t
files there. restorecon -R /home. Was /home inherited from a prior
install, or did you run a non-SELinux kernel while creating files there?
Second, ldconfig is normally restricted in the set of types it can
access; see the "SELinux and third party installers" thread. This can
be changed in the policy if necesssary, but understand that there are
implications.
--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency
