rpmbuild and selinux
Daniel J Walsh
dwalsh at redhat.com
Thu Jun 22 17:27:14 UTC 2006
Stephen Smalley wrote:
> On Wed, 2006-06-21 at 21:13 -0400, Daniel J Walsh wrote:
>
>> Jason L Tibbitts III wrote:
>>
>>>>>>>> "SS" == Stephen Smalley <sds at tycho.nsa.gov> writes:
>>>>>>>>
>>>>>>>>
>>> SS> Is this in a chroot?
>>>
>>> I am seeing the problem running a plain rpmbuild -ba, no chroot or
>>> mock in sight.
>>>
>>> - J<
>>>
>>>
>> Is this happening selinux disabled? There is a printf in libselinux
>> which is triggered when matchpatcon fails
>> to verify a file context via the kernel. If the kernel is not running
>> selinux this could happen.
>>
>
> Normally that is suppressed because default_canoncon checks whether
> security_canonicalize_context() returned with errno ENOENT
> (i.e. /selinux/context didn't exist, as with SELinux disabled or in a
> chroot). But the patch from Ian Kent for !selinux_mnt changes that
> behavior unless those checks also set errno to ENOENT, which I added
> upstream, but is _not_ in your FC5 backport.
>
>
Fixed in libselinux-1_30_3-4_fc5
More information about the fedora-selinux-list
mailing list