Re: SELinux error with yum --installroot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2005-01-05 at 08:10 -0500, Daniel J Walsh wrote:
> >I read the thread and I seem to understand the technical reason behind
> >why ldconfig is restricted in the way that it is (the security side of
> >the issue). But is seems a little harsh from a usability point of view
> >since for example, you can no longer run ldconfig in a chroot in your
> >home dir. I like fine grained security but isn't the whole idea behind
> >policy-targeted to enable security without restricting usability too
> >much? I would understand not allowing ldconfig to execute in /home with
> >policy-strict but shouldn't policy-targeted allow you to do this
> >regardless of the potential security issues? Do the security concerns in
> >this case outweigh the usability issues?
> >
> >Bob
> >
> >  
> >
> What AVC messages are you seeing.  We can and probably should loosen up 
> ldconfig policy for targeted.
> 
> Dan

Here is the AVC message I'm getting:

Jan  5 11:56:39 chaucer kernel: audit(1104954999.233:0): avc:  denied
{ search } for  pid=4605 exe=/sbin/ldconfig name=g-chroot dev=hdb1
ino=855792 scontext=root:system_r:ldconfig_t
tcontext=system_u:object_r:user_home_t tclass=dir

Bob

-- 
Bob Kashani
http://www.ocf.berkeley.edu/~bobk/garnome


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux