labelling issues
Stephen Smalley
sds at epoch.ncsc.mil
Fri Dec 3 13:36:41 UTC 2004
On Fri, 2004-12-03 at 03:03, Joe Orton wrote:
> I've seen a few issues where file labels are getting lost:
>
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140706
> http://bugs.php.net/bug.php?id=30952
>
> and another one reported to the httpd users' list. Is there a known
> cause of these problems? Is it prelink related, possibly?
I've seen prior reports suggesting that it is prelink-related, but no
hard evidence. On the other hand, I just checked my FC3 systems (all
strict policy) and they don't have any mislabeled shared objects. While
they have been getting regular updates via yum and the prelink cron job
is present, I see that prelink has been getting denials because of the
/etc/ld.so.cache mislabeling problem (problem in rpm, not sure if a
fixed rpm has found its way into FC3 or not). So possibly if prelink
wasn't encountering those denials on ld.so.cache, it would gone on to
complete its processing and would have left the shared objects with the
wrong label. I'll restorecon /etc/ld.so.cache again and see if the
problem manifests upon the next prelink run.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list