[DSE-Dev] refpolicy: patch for ldconfig from glibc 2.7

Russell Coker russell at coker.com.au
Wed Aug 13 12:45:07 UTC 2008

On Wednesday 13 August 2008 20:09, Václav Ovsík <vaclav.ovsik at i.cz> wrote:
> sid:~# fgrep /var/cache/ldconfig
> /etc/selinux/default/contexts/files/file_contexts
> /var/cache/ldconfig/aux-cache   -- system_u:object_r:ld_so_cache_t:s0
> sid:~#

semanage fcontext -l | grep var.cache.ldconfig

The above command (or something similar) is what you want.  It's best to use 
tools such as semanage so that when (not if) the layout of the files change 
you will still get the results you desire.

> So running ldconfig emits denials still.
> Nevertheless, I think we should use the solution from Fedora now
> already upstream. Why to do common thing in some special way?

We can do that, I just have to review it.

> > Incidentally what is the benefit of having that new type defined in that
> > patch?
> ldconfig_cache_t? Different purpose?

We don't want to have a type for every purpose of file.

It's a matter of who gets to write to it and who can read it.  Having two 
types that produce data that can be publicly read and which can only be 
written by one program makes no sense.

russell at coker.com.au
http://etbe.coker.com.au/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development

More information about the SELinux-devel mailing list