Bug 594745 - dirsrv_lib_t is causing AVC messages from prelink
dirsrv_lib_t is causing AVC messages from prelink
Status: CLOSED CURRENTRELEASE
Product: 389
Classification: Community
Component: Directory Server (Show other bugs)
1.2.6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nathan Kinder
Viktor Ashirov
:
Depends On:
Blocks: 389_1.2.6 639035
  Show dependency treegraph
 
Reported: 2010-05-21 09:44 EDT by Daniel Walsh
Modified: 2015-12-07 12:17 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-07 12:17:02 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
ds patch (3.14 KB, patch)
2010-08-03 13:32 EDT, Nathan Kinder
no flags Details | Diff
admin patch (1.60 KB, patch)
2010-08-03 13:33 EDT, Nathan Kinder
no flags Details | Diff

  None (edit)
Description Daniel Walsh 2010-05-21 09:44:02 EDT
Description of problem:

Why are your librarlies labeled dirsrv_lib_t rather then just lib_t.  This is causing prelink to generate avc messages.
Comment 1 Nathan Kinder 2010-06-01 13:22:36 EDT
I suppose there is not a compelling reason that dirsrv_lib_t is needed, though I would need to do some testing to see how easily that label could be removed.

I suppose the alternative is to add an interface macro to allow prelink to deal with dirsrv_lib_t labeled libraries?  Is there any precedent for this approach?
Comment 3 Nathan Kinder 2010-08-03 13:32:54 EDT
Created attachment 436332 [details]
ds patch
Comment 4 Nathan Kinder 2010-08-03 13:33:22 EDT
Created attachment 436333 [details]
admin patch
Comment 5 Nathan Kinder 2010-08-03 13:37:44 EDT
Pushed ds patch to master:

Counting objects: 11, done.
Delta compression using 2 threads.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (6/6), 672 bytes, done.
Total 6 (delta 4), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   f87b2ba..b0b88c2  master -> master

Pushed ds patch to 389-ds-base-1.2.6 branch:

Counting objects: 11, done.
Delta compression using 2 threads.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (6/6), 670 bytes, done.
Total 6 (delta 4), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   34c4ab7..2719431  126-local -> 389-ds-base-1.2.6

Pushed admin patch to master:

Counting objects: 9, done.
Delta compression using 2 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 676 bytes, done.
Total 5 (delta 3), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/admin.git
   56824d9..9976cb3  master -> master
Comment 6 Amita Sharma 2011-06-13 08:54:14 EDT
coverity/Fedora related?
Can I verify this with RHDS?
Comment 7 Rich Megginson 2011-06-13 15:43:38 EDT
(In reply to comment #6)
> coverity/Fedora related?
> Can I verify this with RHDS?

SELinux related.  Running 389-ds-base on RHEL6.1 with SELinux Enforcing should show no AVCs related to directory server.
Comment 8 Amita Sharma 2011-06-14 02:14:35 EDT
[root@rhel61 lib64]# ps -aef | grep slapd
nobody    7266     1  0 Jun13 ?        00:00:22 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-rhel61 -i /var/run/dirsrv/slapd-rhel61.pid -w /var/run/dirsrv/slapd-rhel61.startpid

root      7907  7071  0 11:42 pts/0    00:00:00 grep slapd
[root@rhel61 lib64]# getenforce
Enforcing

[root@rhel61 lib64]#  vim /var/log/dirsrv/slapd-rhel61/errors

NO AVC error found. Hence marking as VERIFIED.

Note You need to log in before you can comment on or make changes to this bug.