Bug 249165
Summary: | "rpm -V mesa-libGL" triggers SEtroubleshoot error | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Andre Robatino <robatino> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 7 | CC: | alwanza |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 2.6.4-30.fc7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-08-03 04:45:08 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Andre Robatino
2007-07-21 20:08:56 UTC
Someone at fedoraforum notified me that he doesn't have the problem with SELinux disabled, so the rpm verify error is triggered by the SELinux issue and not the other way around. http://forums.fedoraforum.org/showthread.php?p=833100 It was also reported that it's not triggered in permissive mode. I and my father both use the default enforcing mode. This isn't Mesa's fault, except inasmuch as it requires text relocations. It's either prelink or rpm. But I suspect it's just not a bug that can be fixed, because files that need textrels should be marked as such in selinux policy. Shifting the blame to rpm for now. Bzzzt! Nice guess, you lose. Wanna play again? Try selinux and/or prelink. Note the hints in the above, at no point does the error spew say "rpm". rpm has zippo control over how packages (in this case Mesa) are produced (with or without text relocations), or with policy controls that preventy execution when text relocations are present, or with prelinking of elf executables Switching the component to selinux-policy. I am changing the prelink policy to allow execmod on prelink_tmp_t and lib_t files. Fixed in selinux-policy-2.6.4-30 The way I originally noticed this problem was after noticing that Presto didn't use the deltarpm for mesa-libGL to update it, and then failing to be able to use applydeltarpm (from the deltarpm package) to update mesa-libGL using the old installed package and the deltarpm from the Presto server http://lesloueizeh.com/f7/i386/updates/DRPMS/mesa-libGL-6.5.2-10.fc7_6.5.2-13.fc7.i386.drpm and having an SEtroubleshoot error pop up during the failed attempt (it works, though, using the old RPM together with the deltarpm). Just to be sure, will this also fix that problem? Actually, I can just wait until the updated selinux-policy package is released, and if that fixes the immediate problem, then I'll just downgrade mesa-libGL* and see if Presto can update it with deltarpms. If not, I'll file another bug. So never mind. Verified as fixed in updates-released selinux-policy-*2.6.4-30.fc7. Also verified that the Presto update problem is fixed by downgrading mesa-libGL* and successfully using Presto to update both packages. Closing. RH VERSION=5.4 KERNEL RELEASE=2.6.18-164.6.1.el5 LAST UPDATE=-rw-r--r-- 1 root root 23186 Nov 20 04:03 /var/log/rpmpkgs LAST REBOOT= system boot 2009-11-19 14:22 MEMORY TOTAL=MemTotal: 2074476 kB PROCESSORS=1 PROC SPEED=cpu MHz : 2004.653 11/20/09 CentOS 5.4 has this bug. rpm -V mesa-libGL prelink: /usr/lib/libGL.so.1.2.#prelink#.1HibCL Could not trace symbol resolving S.?..... /usr/lib/libGL.so.1.2 I am using selinux in enforcing mode. I am confused about how a bug gets closed and still exists 2 years later. There are probably details I don't understand, but just in case I thought I'd let you know. I'm not seeing the bug in Fedora 12. Other than just now, haven't checked since this bug was closed. [root@compaq-pc ~]# rpm -V mesa-libGL [root@compaq-pc ~]# Meryl please open a RHEL5 bugzilla if you see this problem. Also make sure you have the RHEL5.4 selinux-policy installed. The problem most likely is libGL.s0.1.2 is mislabale. It should be labeled textrel_shlib_t. |