Bug 139358 - SELinux blocks execution of ldconfig following package install
SELinux blocks execution of ldconfig following package install
Status: CLOSED DUPLICATE of bug 136848
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-15 10:47 EST by W. Michael Petullo
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-21 14:07:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description W. Michael Petullo 2004-11-15 10:47:25 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.7.3)
Gecko/20041027 Epiphany/1.4.4

Description of problem:


Version-Release number of selected component (if applicable):
selinux-policy-strict-1.19.1-3

How reproducible:
Always

Steps to Reproduce:
Set SELinux to enforce Fedora's strict policy.  Use "rpm -Uvh" to
install a package that executes ldconfig as a part of the installation
process.
    

Actual Results:  Though the package does get installed, I receive the
following error message: /sbin/ldconfig: Renaming of /etc/ld.so.cache~
to /etc/ld.so.cache failed: Permission denied

Also, the following AVC is logged:

Nov 15 09:34:11 imp kernel: audit(1100532851.237:0): avc:  denied  {
unlink } for  pid=5628 exe=/sbin/ldconfig name=ld.so.cache dev=dm-0
ino=310538 scontext=root:sysadm_r:ldconfig_t
tcontext=root:object_r:etc_t tclass=file


Expected Results:  The package should install with no errors.

Additional info:

This error is not seen when SELinux is not enforcing its policy.
Comment 1 Daniel Walsh 2004-11-15 10:53:29 EST
This is a known problem and should be fixed with an update to rpm

restorecon /etc/ld.so.cache  will clean it up.

Dan
Comment 2 Daniel Walsh 2004-11-17 15:21:33 EST

*** This bug has been marked as a duplicate of 136848 ***
Comment 3 Red Hat Bugzilla 2006-02-21 14:07:01 EST
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.