[DSE-Dev] refpolicy: patch for ldconfig from glibc 2.7
Russell Coker
russell at coker.com.au
Wed Aug 13 12:45:07 UTC 2008
On Wednesday 13 August 2008 20:09, Václav Ovsík <vaclav.ovsik at i.cz> wrote:
> sid:~# fgrep /var/cache/ldconfig
> /etc/selinux/default/contexts/files/file_contexts
> /var/cache/ldconfig/aux-cache -- system_u:object_r:ld_so_cache_t:s0
> sid:~#
semanage fcontext -l | grep var.cache.ldconfig
The above command (or something similar) is what you want. It's best to use
tools such as semanage so that when (not if) the layout of the files change
you will still get the results you desire.
> So running ldconfig emits denials still.
>
> Nevertheless, I think we should use the solution from Fedora now
> already upstream. Why to do common thing in some special way?
We can do that, I just have to review it.
> > Incidentally what is the benefit of having that new type defined in that
> > patch?
>
> ldconfig_cache_t? Different purpose?
We don't want to have a type for every purpose of file.
It's a matter of who gets to write to it and who can read it. Having two
types that produce data that can be publicly read and which can only be
written by one program makes no sense.
--
russell at coker.com.au
http://etbe.coker.com.au/ My Blog
http://www.coker.com.au/sponsorship.html Sponsoring Free Software development
More information about the SELinux-devel
mailing list