Bug 143633 - last update of selinux-policy-targeted breaks using self-compiled shared libraries
last update of selinux-policy-targeted breaks using self-compiled shared libr...
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
3
x86_64 Linux
medium Severity high
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-12-22 21:54 EST by Burkhard
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-01-12 08:11:41 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Burkhard 2004-12-22 21:54:50 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.3)
Gecko/20041020 Galeon/1.3.18

Description of problem:
After upgrading to the latest selinux-policy-targeted update via
up2date I was not able to use self-compiled libraries in
/usr/local/lib64 any more. Error message was like this:

  mplayer: error while loading shared libraries: libmp3lame.so.0:
cannot open shared object file: No such file or directory

Running ldconfig by hand brought the same result:

  ldconfig: Input file /usr/local/lib64/libxvidcore.so.4.0 not found.

  ldconfig: Input file /usr/local/lib64/libaa.so.1.0.4 not found.

  ldconfig: Input file /usr/local/lib64/libmp3lame.so.0.0.0 not found.

Using strace:
-------------------
[root@chaos ~]# strace ldconfig 2>&1 |grep local
open("/etc/ld.so.conf.d/local.conf", O_RDONLY) = 4
read(4, "/usr/local/lib\n/usr/local/lib64\n", 4096) = 32
stat("/usr/local/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/usr/local/lib64", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/local/lib", O_RDONLY|O_NONBLOCK|O_DIRECTORY) = 3
open("/usr/local/lib64", O_RDONLY|O_NONBLOCK|O_DIRECTORY) = 3
stat("/usr/local/lib64/libaa.so", 0x7fbffff660) = -1 EACCES
(Permission denied)
open("/usr/local/lib64/libxvidcore.so.4.0", O_RDONLY) = -1 EACCES
(Permission denied)
write(2, "Input file /usr/local/lib64/libx"..., 58Input file
/usr/local/lib64/libxvidcore.so.4.0 not found.
stat("/usr/local/lib64/libmp3lame.so", 0x7fbffff660) = -1 EACCES
(Permission denied)
open("/usr/local/lib64/libaa.so.1.0.4", O_RDONLY) = -1 EACCES
(Permission denied)
write(2, "Input file /usr/local/lib64/liba"..., 54Input file
/usr/local/lib64/libaa.so.1.0.4 not found.
open("/usr/local/lib64/libmp3lame.so.0.0.0", O_RDONLY) = -1 EACCES
(Permission denied)
write(2, "Input file /usr/local/lib64/libm"..., 59Input file
/usr/local/lib64/libmp3lame.so.0.0.0 not found.
stat("/usr/local/lib64/libxvidcore.so", 0x7fbffff660) = -1 EACCES
(Permission denied)
-----------------------

After installing selinux-policy-targeted-1.17.30-2.19 with rpm
--oldpackage -Uvh I had to reboot and call ldconfig manually, and now
everything is working again.

Tried the updated rpm once more, but same errors.



Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-2.58

How reproducible:
Always

Steps to Reproduce:
1. use up2date to install selinux-policy-targeted-1.17.30-2.58
2. try to use self-compiled application which makes use of at least
one self-compiled library that resides in /usr/local/lib64
3. run ldconfig as root
    

Actual Results:  mplayer refuses to start with error message.
ldconfig prints error messages and does not find the libraries

Expected Results:  The libraries should be available without error
message.

Additional info:
Comment 1 drew.middlesworth 2005-01-02 12:43:45 EST
Still broken in selinux-policy-targeted-1.17.30-2.62 on i386. Causes
mass breakage of 3rd party applications. Temporary fix was to disable
selinux by changing SELINUX=enforcing to SELINUX=permissive in
/etc/selinux/config

[root@insp drew]# /sbin/ldconfig 
/sbin/ldconfig: Input file /usr/X11R6/lib/libXvMC.so.1.0 not found.

/sbin/ldconfig: Input file /usr/X11R6/lib/libfontenc.so.1.0 not found.

/sbin/ldconfig: Input file /usr/X11R6/lib/libFS.so.6.0 not found.

/sbin/ldconfig: Input file /usr/X11R6/lib/libXRes.so.1.0 not found.

/sbin/ldconfig: Input file /usr/X11R6/lib/libGLw.so.1.0 not found.

/sbin/ldconfig: Input file /usr/X11R6/lib/libXcursor.so.1.0.2 not found.

/sbin/ldconfig: Input file /usr/X11R6/lib/libGLU.so.1.3 not found.

..... 

/sbin/ldconfig: Input file /usr/lib/libxine.so.1.11.0 not found.

/sbin/ldconfig: Input file /usr/lib/libxvidcore.so.4.0 not found.

/sbin/ldconfig: Input file /usr/lib/libartswavplayobject.so.0.0.0 not
found.

/sbin/ldconfig: Input file /usr/lib/libartsflow_idl.so.1.0.0 not found.

/sbin/ldconfig: Input file /usr/lib/sse2/libfame-0.9.so.1.0.0 not found.

/var/log/message shows:

Jan  2 09:30:56 insp kernel: audit(1104687056.766:0): avc:  denied  {
read } for  pid=3485 exe=/sbin/ldconfig name=libartsflow_idl.so.1.0.0
dev=hda3 ino=188361 scontext=root:system_r:ldconfig_t
tcontext=root:object_r:lib_t tclass=file
Jan  2 09:30:56 insp kernel: audit(1104687056.878:0): avc:  denied  {
getattr } for  pid=3485 exe=/sbin/ldconfig
path=/usr/lib/libmad.so.0.2.1 dev=hda3 ino=186668
scontext=root:system_r:ldconfig_t tcontext=root:object_r:lib_t tclass=file
Jan  2 09:30:57 insp kernel: audit(1104687057.081:0): avc:  denied  {
getattr } for  pid=3485 exe=/sbin/ldconfig
path=/usr/lib/sse2/libfame-0.9.so.1.0.0 dev=hda3 ino=214534
scontext=root:system_r:ldconfig_t tcontext=root:object_r:lib_t tclass=file
Jan  2 09:30:57 insp kernel: audit(1104687057.103:0): avc:  denied  {
read } for  pid=3485 exe=/sbin/ldconfig name=libfame-0.9.so.1.0.0
dev=hda3 ino=214534 scontext=root:system_r:ldconfig_t
tcontext=root:object_r:lib_t tclass=file
Comment 2 Daniel Walsh 2005-01-03 09:13:28 EST
This is not a bug with targeted policy but with the install command
not setting up the context with the correct state.  Currenly only RPM
sets the context of files.  We have put a new version of coreutils out
in Rawhide with a version of "install" that checks and sets the file
context on a file to match the currently installed policy.  Once we
are satisfied with how that works we will release for FC3.  Please
check it out.
coreutils-5.2.1-36
Comment 3 drew.middlesworth 2005-01-04 17:33:30 EST
Also seems to be fixed in selinux-policy-targeted-1.17.30-2.66 from
FC3 updates. I'm guessing the "Allow ldconfig to read lib_t files" in
the changelog was what fixed it.
Comment 4 Burkhard 2005-01-11 21:19:11 EST
Works for me too. Seems to be fixed.

Note You need to log in before you can comment on or make changes to this bug.