Bug 139358 - SELinux blocks execution of ldconfig following package install
Summary: SELinux blocks execution of ldconfig following package install
Status: CLOSED DUPLICATE of bug 136848
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict (Show other bugs)
(Show other bugs)
Version: rawhide
Hardware: All Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2004-11-15 15:47 UTC by W. Michael Petullo
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-02-21 19:07:01 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description W. Michael Petullo 2004-11-15 15:47:25 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.7.3)
Gecko/20041027 Epiphany/1.4.4

Description of problem:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Set SELinux to enforce Fedora's strict policy.  Use "rpm -Uvh" to
install a package that executes ldconfig as a part of the installation

Actual Results:  Though the package does get installed, I receive the
following error message: /sbin/ldconfig: Renaming of /etc/ld.so.cache~
to /etc/ld.so.cache failed: Permission denied

Also, the following AVC is logged:

Nov 15 09:34:11 imp kernel: audit(1100532851.237:0): avc:  denied  {
unlink } for  pid=5628 exe=/sbin/ldconfig name=ld.so.cache dev=dm-0
ino=310538 scontext=root:sysadm_r:ldconfig_t
tcontext=root:object_r:etc_t tclass=file

Expected Results:  The package should install with no errors.

Additional info:

This error is not seen when SELinux is not enforcing its policy.

Comment 1 Daniel Walsh 2004-11-15 15:53:29 UTC
This is a known problem and should be fixed with an update to rpm

restorecon /etc/ld.so.cache  will clean it up.


Comment 2 Daniel Walsh 2004-11-17 20:21:33 UTC

*** This bug has been marked as a duplicate of 136848 ***

Comment 3 Red Hat Bugzilla 2006-02-21 19:07:01 UTC
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.