Todd Zullinger wrote:
Hi,
I recently noticed some problems when building packages for rawhide
with mock. The mock logs have a log of these:
/sbin/ldconfig: Can't create temporary cache file /etc/ld.so.cache~: Permission denied
error: %postun(glibc-2.6-4.i686) scriptlet failed, exit status 1
The audit messages look like this:
avc: denied { read } for comm="ldconfig" dev=sda2 egid=502 euid=0 exe="/sbin/ldconfig" exit=-13 fsgid=502 fsuid=0 gid=502 items=0 name="lib" pid=4247 scontext=user_u:system_r:ldconfig_t:s0 sgid=502 subj=user_u:system_r:ldconfig_t:s0 suid=0 tclass=dir tcontext=user_u:object_r:var_lib_t:s0 tty=(none) uid=0
avc: denied { write } for comm="ldconfig" dev=sda2 egid=502 euid=0 exe="/sbin/ldconfig" exit=-13 fsgid=502 fsuid=0 gid=502 items=0 name="etc" pid=4247 scontext=user_u:system_r:ldconfig_t:s0 sgid=502 subj=user_u:system_r:ldconfig_t:s0 suid=0 tclass=dir tcontext=user_u:object_r:var_lib_t:s0 tty=(none) uid=0
I'm guessing this has to do with the contexts on etc:
$ ll -dZ /etc/ /var/lib/mock/fedora-development-i386/root/etc/
drwxr-xr-x root root system_u:object_r:etc_t /etc/
drwxrwsr-x build mock user_u:object_r:var_lib_t /var/lib/mock/fedora-development-i386/root/etc/
Is this something that needs to be fixed in mock or in the selinux
policy?
Is your buildsys also running on rawhide?
Are you not using the mock policy module from
http://fedoraproject.org/wiki/PackageMaintainers/MockTricks ?
Paul.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
