Bug 376181 - selinux = ...
Summary: selinux = ...
Keywords:
Status: CLOSED DUPLICATE of bug 375991
Alias: None
Product: Fedora
Classification: Fedora
Component: prelink
Version: 8
Hardware: i386
OS: Linux
low
low
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-11-11 17:05 UTC by apadfaszat
Modified: 2007-11-30 22:12 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-11-11 19:15:30 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description apadfaszat 2007-11-11 17:05:32 UTC 
Summary
    SELinux is preventing /usr/sbin/prelink (prelink_t) "unlink" on <Unknown>
    (etc_t).

Detailed Description
    SELinux denied prelink unlink on <Unknown>. The prelink program is only
    allowed to manipulate files that are identified as executables or shared
    libraries by SELinux.  Libraries that get placed in lib directories get
    labeled by default as a shared library.  Similarly, executables that get
    placed in a bin or sbin directory get labeled as executables by SELinux.
    However, if these files get installed in other directories they might not
    get the correct label.  If prelink is trying to manipulate a file that is
    not a binary or share library this may indicate an intrusion attack.

Allowing Access
    You can alter the file context by executing "chcon -t bin_t <Unknown>" or
    "chcon -t lib_t <Unknown>" if it is a shared library.  If you want to make
    these changes permanent you must execute the semanage command. "semanage
    fcontext -a -t bin_t <Unknown>" or "semanage fcontext -a -t shlib_t
    <Unknown>". If you feel this executable/shared library is in the wrong
    location please file a bug against the package that includes the file.  If
    you feel that SELinux should know about this file and label it correctly
    please file a bug against
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi.

Additional Information        

Source Context                system_u:system_r:prelink_t:s0
Target Context                unconfined_u:object_r:etc_t:s0
Target Objects                None [ file ]
Affected RPM Packages         prelink-0.4.0-1 [application]
Policy RPM                    selinux-policy-3.0.8-47.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.prelink_mislabled
Host Name                     fedora8
Platform                      Linux fedora8 2.6.23.1-49.fc8 #1 SMP Thu Nov 8
                              21:41:26 EST 2007 i686 i686
Alert Count                   1
First Seen                    Sun 11 Nov 2007 02:31:05 AM MST
Last Seen                     Sun 11 Nov 2007 02:31:05 AM MST
Local ID                      525a2b3a-ca17-4c1e-ae65-68565ddfabeb
Line Numbers                  

Raw Audit Messages            

avc: denied { unlink } for comm=prelink dev=dm-0 egid=0 euid=0
exe=/usr/sbin/prelink exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=prelink.cache
pid=4518 scontext=system_u:system_r:prelink_t:s0 sgid=0
subj=system_u:system_r:prelink_t:s0 suid=0 tclass=file
tcontext=unconfined_u:object_r:etc_t:s0 tty=(none) uid=0

Note: This is after the update, that contained a selinux policy item, also i
can't use the gui updates package system installed by default, yum works and
kyum also works
Comment 1 Jakub Jelinek 2007-11-11 19:15:30 UTC 

*** This bug has been marked as a duplicate of 375991 ***
Note You need to log in before you can comment on or make changes to this bug.