Re: ldconfig denials during mock builds

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Todd Zullinger wrote:
Hi,

I recently noticed some problems when building packages for rawhide
with mock.  The mock logs have a log of these:

/sbin/ldconfig: Can't create temporary cache file /etc/ld.so.cache~: Permission denied
error: %postun(glibc-2.6-4.i686) scriptlet failed, exit status 1

The audit messages look like this:

avc: denied { read } for comm="ldconfig" dev=sda2 egid=502 euid=0 exe="/sbin/ldconfig" exit=-13 fsgid=502 fsuid=0 gid=502 items=0 name="lib" pid=4247 scontext=user_u:system_r:ldconfig_t:s0 sgid=502 subj=user_u:system_r:ldconfig_t:s0 suid=0 tclass=dir tcontext=user_u:object_r:var_lib_t:s0 tty=(none) uid=0 avc: denied { write } for comm="ldconfig" dev=sda2 egid=502 euid=0 exe="/sbin/ldconfig" exit=-13 fsgid=502 fsuid=0 gid=502 items=0 name="etc" pid=4247 scontext=user_u:system_r:ldconfig_t:s0 sgid=502 subj=user_u:system_r:ldconfig_t:s0 suid=0 tclass=dir tcontext=user_u:object_r:var_lib_t:s0 tty=(none) uid=0
I'm guessing this has to do with the contexts on etc:

$ ll -dZ /etc/ /var/lib/mock/fedora-development-i386/root/etc/
drwxr-xr-x  root  root system_u:object_r:etc_t          /etc/
drwxrwsr-x  build mock user_u:object_r:var_lib_t        /var/lib/mock/fedora-development-i386/root/etc/

Is this something that needs to be fixed in mock or in the selinux
policy?

Is your buildsys also running on rawhide?

Are you not using the mock policy module from http://fedoraproject.org/wiki/PackageMaintainers/MockTricks ?

Paul.

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux