[DSE-Dev] refpolicy: patch for ldconfig from glibc 2.7
Christopher J. PeBenito
cpebenito at tresys.com
Fri Feb 22 18:05:39 UTC 2008
On Fri, 2008-02-22 at 16:27 +0100, Václav Ovsík wrote:
> Hi,
> I had some denials for ldconfig on Debian Sid. I took changes from
> Fedora policy package - a patch attached. I grabed only things needed
> to suppress denials below from Fedora.
>
> audit(1203580520.435:11): avc: denied { read } for pid=3985 comm="ldconfig" name="aux-cache" dev=sda1 ino=294984 scontext=system_u:system_r:ldconfig_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
> audit(1203580520.435:12): avc: denied { getattr } for pid=3985 comm="ldconfig" name="aux-cache" dev=sda1 ino=294984 scontext=system_u:system_r:ldconfig_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
> audit(1203580520.907:13): avc: denied { write } for pid=3985 comm="ldconfig" name="ldconfig" dev=sda1 ino=294986 scontext=system_u:system_r:ldconfig_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
> audit(1203580520.907:14): avc: denied { add_name } for pid=3985 comm="ldconfig" name="aux-cache~" scontext=system_u:system_r:ldconfig_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
> audit(1203580520.907:15): avc: denied { create } for pid=3985 comm="ldconfig" name="aux-cache~" scontext=system_u:system_r:ldconfig_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
This is the right fix, and basically the same fix is queued up for
merging as part of Dan's patch set.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
More information about the SELinux-devel
mailing list