Bug 594745 - dirsrv_lib_t is causing AVC messages from prelink
Summary: dirsrv_lib_t is causing AVC messages from prelink
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: 389
Classification: Retired
Component: Directory Server
Version: 1.2.6
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nathan Kinder
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks: 389_1.2.6 639035
TreeView+ depends on / blocked
 
Reported: 2010-05-21 13:44 UTC by Daniel Walsh
Modified: 2015-12-07 17:17 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2015-12-07 17:17:02 UTC
Embargoed:

Attachments (Terms of Use)
ds patch (3.14 KB, patch)
2010-08-03 17:32 UTC, Nathan Kinder 		no flags Details | Diff
admin patch (1.60 KB, patch)
2010-08-03 17:33 UTC, Nathan Kinder 		no flags Details | Diff
View All

Description Daniel Walsh 2010-05-21 13:44:02 UTC 
Description of problem:

Why are your librarlies labeled dirsrv_lib_t rather then just lib_t.  This is causing prelink to generate avc messages.
Comment 1 Nathan Kinder 2010-06-01 17:22:36 UTC 
I suppose there is not a compelling reason that dirsrv_lib_t is needed, though I would need to do some testing to see how easily that label could be removed.

I suppose the alternative is to add an interface macro to allow prelink to deal with dirsrv_lib_t labeled libraries?  Is there any precedent for this approach?
Comment 3 Nathan Kinder 2010-08-03 17:32:54 UTC 
Created attachment 436332 [details]
ds patch
Comment 4 Nathan Kinder 2010-08-03 17:33:22 UTC 
Created attachment 436333 [details]
admin patch
Comment 5 Nathan Kinder 2010-08-03 17:37:44 UTC 
Pushed ds patch to master:

Counting objects: 11, done.
Delta compression using 2 threads.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (6/6), 672 bytes, done.
Total 6 (delta 4), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   f87b2ba..b0b88c2  master -> master

Pushed ds patch to 389-ds-base-1.2.6 branch:

Counting objects: 11, done.
Delta compression using 2 threads.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (6/6), 670 bytes, done.
Total 6 (delta 4), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   34c4ab7..2719431  126-local -> 389-ds-base-1.2.6

Pushed admin patch to master:

Counting objects: 9, done.
Delta compression using 2 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 676 bytes, done.
Total 5 (delta 3), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/admin.git
   56824d9..9976cb3  master -> master
Comment 6 Amita Sharma 2011-06-13 12:54:14 UTC 
coverity/Fedora related?
Can I verify this with RHDS?
Comment 7 Rich Megginson 2011-06-13 19:43:38 UTC 
(In reply to comment #6)
> coverity/Fedora related?
> Can I verify this with RHDS?

SELinux related.  Running 389-ds-base on RHEL6.1 with SELinux Enforcing should show no AVCs related to directory server.
Comment 8 Amita Sharma 2011-06-14 06:14:35 UTC 
[root@rhel61 lib64]# ps -aef | grep slapd
nobody    7266     1  0 Jun13 ?        00:00:22 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-rhel61 -i /var/run/dirsrv/slapd-rhel61.pid -w /var/run/dirsrv/slapd-rhel61.startpid

root      7907  7071  0 11:42 pts/0    00:00:00 grep slapd
[root@rhel61 lib64]# getenforce
Enforcing

[root@rhel61 lib64]#  vim /var/log/dirsrv/slapd-rhel61/errors

NO AVC error found. Hence marking as VERIFIED.
Note You need to log in before you can comment on or make changes to this bug.