Bug 376181 - selinux = ...
selinux = ...
Status: CLOSED DUPLICATE of bug 375991
Product: Fedora
Classification: Fedora
Component: prelink (Show other bugs)
i386 Linux
low Severity low
: ---
: ---
Assigned To: Jakub Jelinek
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-11-11 12:05 EST by apadfaszat
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-11-11 14:15:30 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description apadfaszat 2007-11-11 12:05:32 EST
    SELinux is preventing /usr/sbin/prelink (prelink_t) "unlink" on <Unknown>

Detailed Description
    SELinux denied prelink unlink on <Unknown>. The prelink program is only
    allowed to manipulate files that are identified as executables or shared
    libraries by SELinux.  Libraries that get placed in lib directories get
    labeled by default as a shared library.  Similarly, executables that get
    placed in a bin or sbin directory get labeled as executables by SELinux.
    However, if these files get installed in other directories they might not
    get the correct label.  If prelink is trying to manipulate a file that is
    not a binary or share library this may indicate an intrusion attack.

Allowing Access
    You can alter the file context by executing "chcon -t bin_t <Unknown>" or
    "chcon -t lib_t <Unknown>" if it is a shared library.  If you want to make
    these changes permanent you must execute the semanage command. "semanage
    fcontext -a -t bin_t <Unknown>" or "semanage fcontext -a -t shlib_t
    <Unknown>". If you feel this executable/shared library is in the wrong
    location please file a bug against the package that includes the file.  If
    you feel that SELinux should know about this file and label it correctly
    please file a bug against

Additional Information        

Source Context                system_u:system_r:prelink_t:s0
Target Context                unconfined_u:object_r:etc_t:s0
Target Objects                None [ file ]
Affected RPM Packages         prelink-0.4.0-1 [application]
Policy RPM                    selinux-policy-3.0.8-47.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.prelink_mislabled
Host Name                     fedora8
Platform                      Linux fedora8 #1 SMP Thu Nov 8
                              21:41:26 EST 2007 i686 i686
Alert Count                   1
First Seen                    Sun 11 Nov 2007 02:31:05 AM MST
Last Seen                     Sun 11 Nov 2007 02:31:05 AM MST
Local ID                      525a2b3a-ca17-4c1e-ae65-68565ddfabeb
Line Numbers                  

Raw Audit Messages            

avc: denied { unlink } for comm=prelink dev=dm-0 egid=0 euid=0
exe=/usr/sbin/prelink exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=prelink.cache
pid=4518 scontext=system_u:system_r:prelink_t:s0 sgid=0
subj=system_u:system_r:prelink_t:s0 suid=0 tclass=file
tcontext=unconfined_u:object_r:etc_t:s0 tty=(none) uid=0

Note: This is after the update, that contained a selinux policy item, also i
can't use the gui updates package system installed by default, yum works and
kyum also works
Comment 1 Jakub Jelinek 2007-11-11 14:15:30 EST

*** This bug has been marked as a duplicate of 375991 ***

Note You need to log in before you can comment on or make changes to this bug.