859546 – dmidecode AVC related to accessing ld.so.cache

Bug 859546 - dmidecode AVC related to accessing ld.so.cache

Summary: dmidecode AVC related to accessing ld.so.cache

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	18
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-09-21 19:41 UTC by Hans de Goede
Modified:	2012-09-26 20:47 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2012-09-26 20:47:56 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Hans de Goede 2012-09-21 19:41:50 UTC

Hi,

I just noticed the following AVC in audit.log:

type=AVC msg=audit(1348256238.384:11): avc:  denied  { read } for  pid=733 comm="dmidecode" name="ld.so.cache" dev="sdb1" ino=917779 scontext=system_u:system_r:dmidecode_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:etc_t:s0 tclass=file
type=SYSCALL msg=audit(1348256238.384:11): arch=c000003e syscall=2 success=no exit=-13 a0=7f19102558e4 a1=80000 a2=1 a3=0 items=0 ppid=686 pid=733 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dmidecode" exe="/usr/sbin/dmidecode" subj=system_u:system_r:dmidecode_t:s0-s0:c0.c1023 key=(null)

Harmless since ld.so will fallback to a non cache searc of /lib /usr/lib, but still something which ought to be fixed :)

Regards,

Hans

Comment 1 Daniel Walsh 2012-09-26 20:47:56 UTC

Hans. for some reason ld.so.cache is mislabeled.

restorecon /etc/ld.so.cache

There was a bad policy out for a while that could cause default labeling to get screwed up.

Make sure you update to -25 or later

selinux-policy-3.11.1-25

Note You need to log in before you can comment on or make changes to this bug.