Bug 617832 - SELinux impedisce l'accesso sh "execute" on /sbin/ldconfig.
SELinux impedisce l'accesso sh "execute" on /sbin/ldconfig.
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: telepathy-mission-control (Show other bugs)
14
i386 Linux
low Severity medium
: ---
: ---
Assigned To: Peter Robinson
Fedora Extras Quality Assurance
setroubleshoot_trace_hash:e083ee5fd09...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-07-24 06:07 EDT by Antonio Trande
Modified: 2010-09-07 20:25 EDT (History)
13 users (show)

See Also:
Fixed In Version: telepathy-mission-control-5.5.3-1.fc14
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-08-21 16:37:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Antonio Trande 2010-07-24 06:07:45 EDT
Sommario:

SELinux impedisce l'accesso sh "execute" on /sbin/ldconfig.

Descrizione dettagliata:

SELinux ha negato l'accesso richiesto da sh. Non è previsto che questo accesso
venga richiesto da sh, e tale accesso può segnalare un tentativo di intrusione.
È anche possibile che questo sia provocato dalla specifica versione o dalla
configurazione dell'applicazione per richiedere un ulteriore accesso.

Abilitazione accesso in corso:

E' possibile generare un modulo di politica locale per consentire questo accesso
- consultare le FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385)
Inviare un bug report.

Informazioni aggiuntive:

Contesto della sorgente       unconfined_u:unconfined_r:telepathy_msn_t
                              :SystemLow-SystemHigh
Contesto target               system_u:object_r:ldconfig_exec_t:SystemLow
Oggetti target                /sbin/ldconfig [ file ]
Sorgente                      sh
Percorso della sorgente       sh
Porta                         <Sconosciuto>
Host                          (rimosso)
Sorgente Pacchetti RPM        
Pacchetti RPM target          glibc-2.12.90-6
RPM della policy              selinux-policy-3.8.8-3.fc14
Selinux abilitato             True
Tipo di policy                targeted
Modalità Enforcing           Enforcing
Nome plugin                   catchall
Host Name                     (rimosso)
Piattaforma                   Linux (rimosso)
                              2.6.34-43.fc14.i686 #1 SMP Thu Jun 17 10:29:59 UTC
                              2010 i686 i686
Conteggio avvisi              5
Primo visto                   sab 24 lug 2010 12:06:07 CEST
Ultimo visto                  sab 24 lug 2010 12:06:10 CEST
ID locale                     f370f923-b57e-4ef2-94c4-ae56080e830d
Numeri di linea               

Messaggi Raw Audit            

node=(rimosso) type=AVC msg=audit(1279965970.423:23179): avc:  denied  { execute } for  pid=1936 comm="sh" name="ldconfig" dev=sda7 ino=30272 scontext=unconfined_u:unconfined_r:telepathy_msn_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file



Hash String generated from  catchall,sh,telepathy_msn_t,ldconfig_exec_t,file,execute
audit2allow suggests:

#============= telepathy_msn_t ==============
allow telepathy_msn_t ldconfig_exec_t:file execute;
Comment 1 Daniel Walsh 2010-07-26 17:26:52 EDT
Why is telepath executing ldconfig?
Comment 2 Bug Zapper 2010-07-30 08:48:58 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 14 development cycle.
Changing version to '14'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 3 Fedora Update System 2010-08-21 17:56:49 EDT
telepathy-mission-control-5.4.3-2.fc14 has been submitted as an update for Fedora 14.
http://admin.fedoraproject.org/updates/telepathy-mission-control-5.4.3-2.fc14
Comment 4 Fedora Update System 2010-08-23 15:17:54 EDT
telepathy-mission-control-5.5.3-1.fc14 has been submitted as an update for Fedora 14.
http://admin.fedoraproject.org/updates/telepathy-mission-control-5.5.3-1.fc14
Comment 5 Daniel Walsh 2010-08-23 15:57:15 EDT
Peter did you take away the execution of ldconfig?
Comment 6 Peter Robinson 2010-08-23 16:17:09 EDT
(In reply to comment #5)
> Peter did you take away the execution of ldconfig?

I did in 5.4.3-2 but then 5.5.x added some other libraries:
%{_libdir}/libmission-control-plugins.so.0
%{_libdir}/libmission-control-plugins.so.0.2.0

So as far as I can tell from the package guidelines I can need it. If you can tell me otherwise I'll happily remove it.
Comment 7 Daniel Walsh 2010-08-23 16:22:22 EDT
You can run ldconfig in the post install 

%post
/sbin/ldconfig
exit 0

Not the running of the app.
Comment 8 Fedora Update System 2010-09-01 23:59:37 EDT
telepathy-mission-control-5.5.3-1.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.