2010/12/12 Jorge Fábregas <jorge.fabregas@xxxxxxxxx>: > Hi, > > I installed the latest "Nero for Linux" (version 4) and noticed that rpm > labeled all files in /usr/lib/nero/lib* as textrel_shlib_t.. However, there's > no reference to this path in file_contexts and when I do a restorecon of these > files they get labeled as "lib_t" (as I would expect since there's no regex in > files_context for these). > > I thought that what made rpm SELinux-aware was that it somehow consulted the > file_contexts (or a library called by rpm) but this is not the case in the > above example. Is it that rpm has some hardcoded rules to label some files in > /usr/lib/ as textrel_shlib_t regardless of what's in the file_contexts? > > BTW, I had to add some regular expressions to the local file_contexts in order > to label some Nero libs as textrel_shlib_t for the ones located in > /usr/lib/nero/plug-ins/lib* as I got many AVCs when using the program. > There's one regex in file_contexts for Nero: > > /usr/lib(64)?/nero/plug-ins/libMP3\.so(\.[^/]*)* -- > system_u:object_r:textrel_shlib_t:s0 > > ...but there are other libs in that directory (besides the MP3 one) that need > textrel_shlib_t. I ddin't file a bug report as I'm on Fedora 12 (it reached > its end of life). I'll check again if this happens when I install Fedora 14. > > Thanks, > Jorge rpms sometimes do 'ad-hoc' labeling, usually by inserting explicit 'chcon -t' commands in the 'post install' scripts. You can see if that is the case by running 'rpm -q --scripts' on the particular rpm. tom -- Tom London -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
