From Colin: On Tue, 2005-01-04 at 15:21 +0000, Mike Hearn wrote: > On Mon, 03 Jan 2005 12:49:05 -0500, Colin Walters wrote: > > Can you explain why you have ldconfig writing to a home directory? Are > > you doing the equivalent of "ldconfig > ~/install.log"? > > cp *.so.* ~/.local/lib > /sbin/ldconfig -n ~/.local/lib # generate the symlinks Hmm. This is actually something that should work in the strict policy, but not in targeted. The reason is that in targeted, we can't easily differentiate between the system and users. So in targeted, we transition to ldconfig_t, but in strict there should be no transition. I can't think of any good ideas on a solution for this one at the moment.
I have test libraries in /home/jerry/usr/lib that i use to test gfortran . I have noticed that ldconfig fails to be able to access this directory so the test programs I am compiling won't run because the libraries can't be found. I though I fixed this by turning off enforcement and running fixfiles relabel. Not so. I noticed the problem persists. To get around I am turning off enforce to run ldconfig and then turn it back on. Any suggestions?
Ok If I add the following policy, does it satisfy you needs. ifdef(`targeted_policy', ` allow ldconfig_t file_type:dir { getattr read search }; ')
I don't think so. It needs to be able to create symlinks as well (and maybe mmap stuff but I don't know if that's a separate priviledge or not)
Fixed in current policy.