[DSE-Dev] refpolicy: patch for ldconfig from glibc 2.7
Václav Ovsík
vaclav.ovsik at i.cz
Fri Feb 22 15:27:04 UTC 2008
Hi,
I had some denials for ldconfig on Debian Sid. I took changes from
Fedora policy package - a patch attached. I grabed only things needed
to suppress denials below from Fedora.
audit(1203580520.435:11): avc: denied { read } for pid=3985 comm="ldconfig" name="aux-cache" dev=sda1 ino=294984 scontext=system_u:system_r:ldconfig_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
audit(1203580520.435:12): avc: denied { getattr } for pid=3985 comm="ldconfig" name="aux-cache" dev=sda1 ino=294984 scontext=system_u:system_r:ldconfig_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
audit(1203580520.907:13): avc: denied { write } for pid=3985 comm="ldconfig" name="ldconfig" dev=sda1 ino=294986 scontext=system_u:system_r:ldconfig_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
audit(1203580520.907:14): avc: denied { add_name } for pid=3985 comm="ldconfig" name="aux-cache~" scontext=system_u:system_r:ldconfig_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
audit(1203580520.907:15): avc: denied { create } for pid=3985 comm="ldconfig" name="aux-cache~" scontext=system_u:system_r:ldconfig_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
...
Thanks
--
Zito
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libraries.ldconfig.patch
Type: text/x-diff
Size: 1364 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20080222/90e2a3fa/attachment.patch
More information about the SELinux-devel
mailing list