Bug 436999 - dmesg avc reading /etc/ld.so.cache
dmesg avc reading /etc/ld.so.cache
Product: Fedora
Classification: Fedora
Component: selinux-policy-mls (Show other bugs)
noarch Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
: Reopened
Depends On:
  Show dependency treegraph
Reported: 2008-03-11 12:12 EDT by Joe Nall
Modified: 2008-05-07 13:59 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-05-07 13:59:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
allow dmesg to read /etc/ld.so.cache (441 bytes, patch)
2008-03-11 12:13 EDT, Joe Nall
no flags Details | Diff

  None (edit)
Description Joe Nall 2008-03-11 12:12:19 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-us) AppleWebKit/523.15.1 (KHTML, like Gecko) Version/3.0.4 Safari/523.15

Description of problem:
Boot acvs from dmesg in latest rawhide. Patch attached.

[root@rawhide ~]# grep dmesg /var/log/messages 
Mar 11 10:36:16 rawhide kernel: type=1400 audit(1205249752.671:3): avc:  denied  { read } for  pid=517 comm="dmesg" name="ld.so.cache" dev=sda2 ino=13337248 scontext=system_u:system_r:dmesg_t:s0-s15:c0.c1023 tcontext=user_u:object_r:etc_t:s0 tclass=file
Mar 11 10:36:16 rawhide kernel: type=1400 audit(1205249752.672:4): avc:  denied  { getattr } for  pid=517 comm="dmesg" path="/etc/ld.so.cache" dev=sda2 ino=13337248 scontext=system_u:system_r:dmesg_t:s0-s15:c0.c1023 tcontext=user_u:object_r:etc_t:s0 tclass=file

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Boot in mls/Permissive

Actual Results:

Expected Results:

Additional info:
Comment 1 Joe Nall 2008-03-11 12:13:21 EDT
Created attachment 297633 [details]
allow dmesg to read /etc/ld.so.cache
Comment 2 Daniel Walsh 2008-03-11 19:19:13 EDT
matchpathcon /etc/ld.so.cache
/etc/ld.so.cache	system_u:object_r:ld_so_cache_t

You have a labeling problem.
Comment 3 Joe Nall 2008-03-25 10:53:28 EDT
ldconfig is leaving /etc/ld.so.cache in the wrong type

[root@rawhide ~]# matchpathcon /etc/ld.so.cache
/etc/ld.so.cache	system_u:object_r:ld_so_cache_t:SystemLow
[root@rawhide ~]# ls -Z /etc/ld.so.cache
-rw-r--r--  root root user_u:object_r:etc_t:SystemLow  /etc/ld.so.cache
[root@rawhide ~]# restorecon -v /etc/ld.so.cache
restorecon reset /etc/ld.so.cache context user_u:object_r:etc_t:s0->system_u:object_r:ld_so_cache_t:s0
[root@rawhide ~]# ldconfig
[root@rawhide ~]# !ls
ls -Z /etc/ld.so.cache
-rw-r--r--  root root user_u:object_r:etc_t:SystemLow  /etc/ld.so.cache
Comment 4 Daniel Walsh 2008-03-25 17:06:55 EDT
How is your ldconfig program labeled?

Looks like this should be wroking?
Comment 5 Daniel Walsh 2008-05-07 13:59:59 EDT
Joe did this problem disappear?  Was it a labeling problem.  Closing for now,
reopen if it is still a problem.

Note You need to log in before you can comment on or make changes to this bug.