From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.3) Gecko/20041020 Galeon/1.3.18 Description of problem: After upgrading to the latest selinux-policy-targeted update via up2date I was not able to use self-compiled libraries in /usr/local/lib64 any more. Error message was like this: mplayer: error while loading shared libraries: libmp3lame.so.0: cannot open shared object file: No such file or directory Running ldconfig by hand brought the same result: ldconfig: Input file /usr/local/lib64/libxvidcore.so.4.0 not found. ldconfig: Input file /usr/local/lib64/libaa.so.1.0.4 not found. ldconfig: Input file /usr/local/lib64/libmp3lame.so.0.0.0 not found. Using strace: ------------------- [root@chaos ~]# strace ldconfig 2>&1 |grep local open("/etc/ld.so.conf.d/local.conf", O_RDONLY) = 4 read(4, "/usr/local/lib\n/usr/local/lib64\n", 4096) = 32 stat("/usr/local/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 stat("/usr/local/lib64", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 open("/usr/local/lib", O_RDONLY|O_NONBLOCK|O_DIRECTORY) = 3 open("/usr/local/lib64", O_RDONLY|O_NONBLOCK|O_DIRECTORY) = 3 stat("/usr/local/lib64/libaa.so", 0x7fbffff660) = -1 EACCES (Permission denied) open("/usr/local/lib64/libxvidcore.so.4.0", O_RDONLY) = -1 EACCES (Permission denied) write(2, "Input file /usr/local/lib64/libx"..., 58Input file /usr/local/lib64/libxvidcore.so.4.0 not found. stat("/usr/local/lib64/libmp3lame.so", 0x7fbffff660) = -1 EACCES (Permission denied) open("/usr/local/lib64/libaa.so.1.0.4", O_RDONLY) = -1 EACCES (Permission denied) write(2, "Input file /usr/local/lib64/liba"..., 54Input file /usr/local/lib64/libaa.so.1.0.4 not found. open("/usr/local/lib64/libmp3lame.so.0.0.0", O_RDONLY) = -1 EACCES (Permission denied) write(2, "Input file /usr/local/lib64/libm"..., 59Input file /usr/local/lib64/libmp3lame.so.0.0.0 not found. stat("/usr/local/lib64/libxvidcore.so", 0x7fbffff660) = -1 EACCES (Permission denied) ----------------------- After installing selinux-policy-targeted-1.17.30-2.19 with rpm --oldpackage -Uvh I had to reboot and call ldconfig manually, and now everything is working again. Tried the updated rpm once more, but same errors. Version-Release number of selected component (if applicable): selinux-policy-targeted-1.17.30-2.58 How reproducible: Always Steps to Reproduce: 1. use up2date to install selinux-policy-targeted-1.17.30-2.58 2. try to use self-compiled application which makes use of at least one self-compiled library that resides in /usr/local/lib64 3. run ldconfig as root Actual Results: mplayer refuses to start with error message. ldconfig prints error messages and does not find the libraries Expected Results: The libraries should be available without error message. Additional info:
Still broken in selinux-policy-targeted-1.17.30-2.62 on i386. Causes mass breakage of 3rd party applications. Temporary fix was to disable selinux by changing SELINUX=enforcing to SELINUX=permissive in /etc/selinux/config [root@insp drew]# /sbin/ldconfig /sbin/ldconfig: Input file /usr/X11R6/lib/libXvMC.so.1.0 not found. /sbin/ldconfig: Input file /usr/X11R6/lib/libfontenc.so.1.0 not found. /sbin/ldconfig: Input file /usr/X11R6/lib/libFS.so.6.0 not found. /sbin/ldconfig: Input file /usr/X11R6/lib/libXRes.so.1.0 not found. /sbin/ldconfig: Input file /usr/X11R6/lib/libGLw.so.1.0 not found. /sbin/ldconfig: Input file /usr/X11R6/lib/libXcursor.so.1.0.2 not found. /sbin/ldconfig: Input file /usr/X11R6/lib/libGLU.so.1.3 not found. ..... /sbin/ldconfig: Input file /usr/lib/libxine.so.1.11.0 not found. /sbin/ldconfig: Input file /usr/lib/libxvidcore.so.4.0 not found. /sbin/ldconfig: Input file /usr/lib/libartswavplayobject.so.0.0.0 not found. /sbin/ldconfig: Input file /usr/lib/libartsflow_idl.so.1.0.0 not found. /sbin/ldconfig: Input file /usr/lib/sse2/libfame-0.9.so.1.0.0 not found. /var/log/message shows: Jan 2 09:30:56 insp kernel: audit(1104687056.766:0): avc: denied { read } for pid=3485 exe=/sbin/ldconfig name=libartsflow_idl.so.1.0.0 dev=hda3 ino=188361 scontext=root:system_r:ldconfig_t tcontext=root:object_r:lib_t tclass=file Jan 2 09:30:56 insp kernel: audit(1104687056.878:0): avc: denied { getattr } for pid=3485 exe=/sbin/ldconfig path=/usr/lib/libmad.so.0.2.1 dev=hda3 ino=186668 scontext=root:system_r:ldconfig_t tcontext=root:object_r:lib_t tclass=file Jan 2 09:30:57 insp kernel: audit(1104687057.081:0): avc: denied { getattr } for pid=3485 exe=/sbin/ldconfig path=/usr/lib/sse2/libfame-0.9.so.1.0.0 dev=hda3 ino=214534 scontext=root:system_r:ldconfig_t tcontext=root:object_r:lib_t tclass=file Jan 2 09:30:57 insp kernel: audit(1104687057.103:0): avc: denied { read } for pid=3485 exe=/sbin/ldconfig name=libfame-0.9.so.1.0.0 dev=hda3 ino=214534 scontext=root:system_r:ldconfig_t tcontext=root:object_r:lib_t tclass=file
This is not a bug with targeted policy but with the install command not setting up the context with the correct state. Currenly only RPM sets the context of files. We have put a new version of coreutils out in Rawhide with a version of "install" that checks and sets the file context on a file to match the currently installed policy. Once we are satisfied with how that works we will release for FC3. Please check it out. coreutils-5.2.1-36
Also seems to be fixed in selinux-policy-targeted-1.17.30-2.66 from FC3 updates. I'm guessing the "Allow ldconfig to read lib_t files" in the changelog was what fixed it.
Works for me too. Seems to be fixed.