sds at epoch.ncsc.mil
Thu Dec 9 13:26:34 UTC 2004
On Thu, 2004-12-09 at 08:19, Stephen Smalley wrote:
> The 'ls' output indicates that the libpcre shared object is labeled
> correctly, so I wonder if he had already relabeled it via fixfiles or
> restorecon prior to running that ls.
> The prelink.log file does include some 'Could not get security context"
> errors (with errno ENODATA), which is interesting, but peculiar that
> there is no such error for the libpcre shared object, since that is the
> one that is triggering this denial. The lack of any context on those
> files is very odd unless he ran with SELinux disabled for a while (in
> which case the files would indeed end up with no context if they were
> updated while SELinux was disabled and he failed to relabel when he
> re-enabled SELinux).
Note: I added a comment to the bugzilla entry with this information and
also asked the bug reporter several follow-up questions.
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list