A typo/thinko in current policy wrt synaptic + an ldconfig issue
Daniel J Walsh
dwalsh at redhat.com
Wed Apr 14 12:29:00 UTC 2004
Panu Matilainen wrote:
>Hi,
>
>There's a small typo/thinko in current policy (1.11.1-2) wrt synaptic: it
>says "apt-synaptic" when it should be just "synaptic".
>
>Other than that apt seems to mostly work ok with enforcing mode on but it
>gets denied when running ldconfig (as the interpreter, if that's of
>relevance) in package %post:
>denied { read } for pid=1332 exe=/sbin/ldconfig name=liblcms.so.1.0.12
>dev=hda2 ino=1170323 scontext=root:sysamd_r:ldconfig_t
>tcontext=root:object_r:lib_t tclass=file
>(and then the same with { getattr })
>
>
liblcms has the wrong security context on it. It should be shlib_t.
>Well, in fact I get the same error if I try to run /sbin/ldconfig as
>root:sysadm_r:sysadm_t which feels kinda curious :) but what baffles me is
>that when installing that package with rpm itself it doesn't complain. I
>would've thought having apt-get marked as system_u:object_r:rpm_exec_t
>meant that it's got exactly the same priviledges as rpm does but
>apparently not so...
>
> - Panu -
>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
More information about the fedora-selinux-list
mailing list