Bug 144190 - ldconfig cannot create symlinks in home directories
ldconfig cannot create symlinks in home directories
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2005-01-04 17:37 EST by Mike Hearn
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-02-09 10:57:47 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mike Hearn 2005-01-04 17:37:45 EST
From Colin:

On Tue, 2005-01-04 at 15:21 +0000, Mike Hearn wrote:
> On Mon, 03 Jan 2005 12:49:05 -0500, Colin Walters wrote:
> > Can you explain why you have ldconfig writing to a home directory?
> > you doing the equivalent of "ldconfig > ~/install.log"?
>    cp *.so.* ~/.local/lib
>    /sbin/ldconfig -n ~/.local/lib    # generate the symlinks

Hmm.  This is actually something that should work in the strict policy,
but not in targeted.  The reason is that in targeted, we can't easily
differentiate between the system and users.  So in targeted, we
transition to ldconfig_t, but in strict there should be no transition.

I can't think of any good ideas on a solution for this one at the
Comment 1 Jerry 2005-01-04 23:57:29 EST
I have test libraries in /home/jerry/usr/lib that i use to test
gfortran .  I have noticed that ldconfig fails to be able to access
this directory so the test programs I am compiling won't run because
the libraries can't be found.  I though I fixed this by turning off
enforcement and running fixfiles relabel.  Not so.  I noticed the
problem persists.  To get around I am turning off enforce to run
ldconfig and then turn it back on.  Any suggestions?
Comment 2 Daniel Walsh 2005-01-05 10:30:55 EST
Ok If I add the following policy, does it satisfy you needs.
ifdef(`targeted_policy', `
allow ldconfig_t file_type:dir { getattr read search };
Comment 3 Mike Hearn 2005-01-05 11:13:50 EST
I don't think so. It needs to be able to create symlinks as well (and
maybe mmap stuff but I don't know if that's a separate priviledge or not)
Comment 4 Daniel Walsh 2005-02-09 10:57:47 EST
Fixed in current policy.

Note You need to log in before you can comment on or make changes to this bug.