A typo/thinko in current policy wrt synaptic + an ldconfig issue
Panu Matilainen
pmatilai at welho.com
Wed Apr 14 05:41:02 UTC 2004
Hi,
There's a small typo/thinko in current policy (1.11.1-2) wrt synaptic: it
says "apt-synaptic" when it should be just "synaptic".
Other than that apt seems to mostly work ok with enforcing mode on but it
gets denied when running ldconfig (as the interpreter, if that's of
relevance) in package %post:
denied { read } for pid=1332 exe=/sbin/ldconfig name=liblcms.so.1.0.12
dev=hda2 ino=1170323 scontext=root:sysamd_r:ldconfig_t
tcontext=root:object_r:lib_t tclass=file
(and then the same with { getattr })
Well, in fact I get the same error if I try to run /sbin/ldconfig as
root:sysadm_r:sysadm_t which feels kinda curious :) but what baffles me is
that when installing that package with rpm itself it doesn't complain. I
would've thought having apt-get marked as system_u:object_r:rpm_exec_t
meant that it's got exactly the same priviledges as rpm does but
apparently not so...
- Panu -
More information about the fedora-selinux-list
mailing list