Bug 115416 - yum keeps rpm file handle open when spawning children
Summary: yum keeps rpm file handle open when spawning children
Alias: None
Product: Fedora
Classification: Fedora
Component: rpm
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Jeff Johnson
QA Contact: Mike McLean
Depends On:
TreeView+ depends on / blocked
Reported: 2004-02-12 05:47 UTC by Russell Coker
Modified: 2014-01-21 22:48 UTC (History)
0 users

Clone Of:
Last Closed: 2004-02-25 09:38:09 UTC

Attachments (Terms of Use)

Description Russell Coker 2004-02-12 05:47:08 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.1; Linux)

Description of problem:
avc:  denied  { read } for  pid=2116 exe=/sbin/ldconfig path=/var/cache/yum/development/packages/nss_ldap-207-6.i386.rpm dev=hda1 ino=440249 scontext=root:sysadm_r:ldconfig_t tcontext=root:object_r:var_t tclass=file

Above is the error message returned when a library package is installed on an SE Linux system.  The file handle for the rpm is inherited by ldconfig from either YUM or RPM.  Not sure which, if it's not done by yum then please re-assign to RPM.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Install a library package.    

Expected Results:  Should not have inherited the open file.

Additional info:

Comment 1 Seth Vidal 2004-02-12 05:56:13 UTC
yum never calls ldconfig directly so I'm guessing this is happening
during the %post  of the rpm install.

Also changing this to test1 so it can be more easily picked up in

Comment 2 Jeff Johnson 2004-02-12 13:02:11 UTC
file handle is RDONLY at EOF, yes.

There's a whole class of problems here, not just ldconfig,
and possibly not just the *.rpm file handle.

Can you describe the context and goal of the policy so that
I can try to address the entire class of problems across
all packages in the distro please?

Comment 3 Jeff Johnson 2004-02-25 09:38:09 UTC
Handled by imposing FD_CLOSEXEC on fdno's 3-100.

UPSTREAM becasue the better fix is to do in yum itself.

Note You need to log in before you can comment on or make changes to this bug.