Hide Forgot
SELinux is preventing /bin/bash from 'read' accesses on the lnk_file /lib/ld-linux.so.2. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that bash should be allowed read access on the ld-linux.so.2 lnk_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep ldd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:prelink_cron_system_t:s0-s0:c0.c 1023 Target Context system_u:object_r:execmem_exec_t:s0 Target Objects /lib/ld-linux.so.2 [ lnk_file ] Source ldd Source Path /bin/bash Port <Unknown> Host (removed) Source RPM Packages bash-4.1.7-3.fc14 Target RPM Packages glibc-2.13-1 Policy RPM selinux-policy-3.9.7-31.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.35.11-83.fc14.x86_64 #1 SMP Mon Feb 7 07:06:44 UTC 2011 x86_64 x86_64 Alert Count 5 First Seen Wed 23 Feb 2011 03:48:33 AM CET Last Seen Sun 27 Feb 2011 03:09:02 AM CET Local ID 995c711e-0b6c-4291-8272-ccb9745ab22b Raw Audit Messages type=AVC msg=audit(1298772542.748:71712): avc: denied { read } for pid=29369 comm="ldd" name="ld-linux.so.2" dev=dm-0 ino=72747 scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=system_u:object_r:execmem_exec_t:s0 tclass=lnk_file type=SYSCALL msg=audit(1298772542.748:71712): arch=x86_64 syscall=stat success=no exit=EACCES a0=a24aa0 a1=7fff09462df0 a2=7fff09462df0 a3=8 items=0 ppid=29368 pid=29369 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=552 comm=ldd exe=/bin/bash subj=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 key=(null) Hash: ldd,prelink_cron_system_t,execmem_exec_t,lnk_file,read audit2allow #============= prelink_cron_system_t ============== allow prelink_cron_system_t execmem_exec_t:lnk_file read; audit2allow -R #============= prelink_cron_system_t ============== allow prelink_cron_system_t execmem_exec_t:lnk_file read;
This happens since selinux-policy-targeted-3.9.7-29.fc14.noarch Every morning, probably from the prelink cron job, this AVC is reported. I did a restorecon -rv /, but this message still pops up
Execute # restorecon -R -v /lib/ld-* which will fix the label. But if an setroubleshoot alert told you to put this label, could you attach the alert?
Miroslav, as said before, I did a relabel already. This does not change anything: [root@nepomuk ~]# matchpathcon /lib/ld-* /lib/ld-2.13.so system_u:object_r:ld_so_t:s0 /lib/ld-linux.so.2 system_u:object_r:execmem_exec_t:s0
Miroslav, I found it. This was done with an installation of Bibble. Interestingly, even though this change is pasted everywhere: http://www.google.de/search?q=execmem_exec_t+ld-linux.so.2&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:de:official&client=firefox-a this breaks prelink Thanks
(In reply to comment #3) > Miroslav, > > as said before, I did a relabel already. This does not change anything: You are right, I missed it. > > [root@nepomuk ~]# matchpathcon /lib/ld-* > /lib/ld-2.13.so system_u:object_r:ld_so_t:s0 > /lib/ld-linux.so.2 system_u:object_r:execmem_exec_t:s0 Ok, so Bibble runs semanage and adds the labeling? # grep -r execmem_exec_t /etc/selinux/targeted/contexts/ |grep ld
Either the Bibble installer did this, or a colleague who found this in a support board. Can't tell as he's currently unavailable... The grep output is here: (~) klaus@nepomuk [1323] $ grep -r execmem_exec_t /etc/selinux/targeted/contexts/ |grep ld /etc/selinux/targeted/contexts/files/file_contexts.local:/lib/ld-linux.so.2 system_u:object_r:execmem_exec_t:s0 (~) klaus@nepomuk [1324] $ Bibble itself is uninstalled again ... Klaus