rpmbuild and selinux
Stephen Smalley
sds at tycho.nsa.gov
Thu Jun 22 13:21:37 UTC 2006
On Wed, 2006-06-21 at 21:13 -0400, Daniel J Walsh wrote:
> Jason L Tibbitts III wrote:
> >>>>>> "SS" == Stephen Smalley <sds at tycho.nsa.gov> writes:
> >>>>>>
> >
> > SS> Is this in a chroot?
> >
> > I am seeing the problem running a plain rpmbuild -ba, no chroot or
> > mock in sight.
> >
> > - J<
> >
> Is this happening selinux disabled? There is a printf in libselinux
> which is triggered when matchpatcon fails
> to verify a file context via the kernel. If the kernel is not running
> selinux this could happen.
Normally that is suppressed because default_canoncon checks whether
security_canonicalize_context() returned with errno ENOENT
(i.e. /selinux/context didn't exist, as with SELinux disabled or in a
chroot). But the patch from Ian Kent for !selinux_mnt changes that
behavior unless those checks also set errno to ENOENT, which I added
upstream, but is _not_ in your FC5 backport.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list