Bug 376181

Summary: selinux = ...
Product: [Fedora] Fedora Reporter: apadfaszat <khangyi>
Component: prelinkAssignee: Jakub Jelinek <jakub>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 8   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-11-11 19:15:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description apadfaszat 2007-11-11 17:05:32 UTC
Summary
    SELinux is preventing /usr/sbin/prelink (prelink_t) "unlink" on <Unknown>
    (etc_t).

Detailed Description
    SELinux denied prelink unlink on <Unknown>. The prelink program is only
    allowed to manipulate files that are identified as executables or shared
    libraries by SELinux.  Libraries that get placed in lib directories get
    labeled by default as a shared library.  Similarly, executables that get
    placed in a bin or sbin directory get labeled as executables by SELinux.
    However, if these files get installed in other directories they might not
    get the correct label.  If prelink is trying to manipulate a file that is
    not a binary or share library this may indicate an intrusion attack.

Allowing Access
    You can alter the file context by executing "chcon -t bin_t <Unknown>" or
    "chcon -t lib_t <Unknown>" if it is a shared library.  If you want to make
    these changes permanent you must execute the semanage command. "semanage
    fcontext -a -t bin_t <Unknown>" or "semanage fcontext -a -t shlib_t
    <Unknown>". If you feel this executable/shared library is in the wrong
    location please file a bug against the package that includes the file.  If
    you feel that SELinux should know about this file and label it correctly
    please file a bug against
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi.

Additional Information        

Source Context                system_u:system_r:prelink_t:s0
Target Context                unconfined_u:object_r:etc_t:s0
Target Objects                None [ file ]
Affected RPM Packages         prelink-0.4.0-1 [application]
Policy RPM                    selinux-policy-3.0.8-47.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.prelink_mislabled
Host Name                     fedora8
Platform                      Linux fedora8 2.6.23.1-49.fc8 #1 SMP Thu Nov 8
                              21:41:26 EST 2007 i686 i686
Alert Count                   1
First Seen                    Sun 11 Nov 2007 02:31:05 AM MST
Last Seen                     Sun 11 Nov 2007 02:31:05 AM MST
Local ID                      525a2b3a-ca17-4c1e-ae65-68565ddfabeb
Line Numbers                  

Raw Audit Messages            

avc: denied { unlink } for comm=prelink dev=dm-0 egid=0 euid=0
exe=/usr/sbin/prelink exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=prelink.cache
pid=4518 scontext=system_u:system_r:prelink_t:s0 sgid=0
subj=system_u:system_r:prelink_t:s0 suid=0 tclass=file
tcontext=unconfined_u:object_r:etc_t:s0 tty=(none) uid=0

Note: This is after the update, that contained a selinux policy item, also i
can't use the gui updates package system installed by default, yum works and
kyum also works

Comment 1 Jakub Jelinek 2007-11-11 19:15:30 UTC

*** This bug has been marked as a duplicate of 375991 ***