SELinux error with yum --installroot
Daniel J Walsh
dwalsh at redhat.com
Thu Jan 6 15:16:01 UTC 2005
Stephen Smalley wrote:
>On Wed, 2005-01-05 at 02:21, Bob Kashani wrote:
>
>
>>I read the thread and I seem to understand the technical reason behind
>>why ldconfig is restricted in the way that it is (the security side of
>>the issue). But is seems a little harsh from a usability point of view
>>since for example, you can no longer run ldconfig in a chroot in your
>>home dir. I like fine grained security but isn't the whole idea behind
>>policy-targeted to enable security without restricting usability too
>>much? I would understand not allowing ldconfig to execute in /home with
>>policy-strict but shouldn't policy-targeted allow you to do this
>>regardless of the potential security issues? Do the security concerns in
>>this case outweigh the usability issues?
>>
>>
>
>I'm not clear on why ldconfig runs in its own domain at all under
>targeted policy (vs. unconfined_t). It used to just run unconfined_t in
>older versions of the targeted policy. Is it an attempt to preserve the
>type on /etc/ld.so.cache via the file type transition rules?
>
>
>
Yes.
More information about the fedora-selinux-list
mailing list