[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: A typo/thinko in current policy wrt synaptic + an ldconfig issue



Panu Matilainen wrote:

Hi,

There's a small typo/thinko in current policy (1.11.1-2) wrt synaptic: it says "apt-synaptic" when it should be just "synaptic".

Other than that apt seems to mostly work ok with enforcing mode on but it gets denied when running ldconfig (as the interpreter, if that's of relevance) in package %post:
denied { read } for pid=1332 exe=/sbin/ldconfig name=liblcms.so.1.0.12 dev=hda2 ino=1170323 scontext=root:sysamd_r:ldconfig_t tcontext=root:object_r:lib_t tclass=file
(and then the same with { getattr })


liblcms has the wrong security context on it. It should be shlib_t.

Well, in fact I get the same error if I try to run /sbin/ldconfig as root:sysadm_r:sysadm_t which feels kinda curious :) but what baffles me is that when installing that package with rpm itself it doesn't complain. I would've thought having apt-get marked as system_u:object_r:rpm_exec_t meant that it's got exactly the same priviledges as rpm does but apparently not so...

- Panu -
--
fedora-selinux-list mailing list
fedora-selinux-list redhat com
http://www.redhat.com/mailman/listinfo/fedora-selinux-list



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]