selinux prelink avc's
dragoran
dragoran at feuerpokemon.de
Tue May 23 15:06:52 UTC 2006
Paul Howarth wrote:
> On Tue, 2006-05-23 at 16:28 +0200, dragoran wrote:
>
>> dragoran wrote:
>>
>>> dragoran wrote:
>>>
>>>> audit(1147793154.831:353): avc: denied { execute_no_trans } for
>>>> pid=5195 comm="prelink" name="ld-2.4.so" dev=md0 ino=8061163
>>>> scontext=system_u:system_r:prelink_t:s0
>>>> tcontext=system_u:object_r:lib_t:s0 tclass=file
>>>> audit(1147793154.831:354): avc: denied { execute_no_trans } for
>>>> pid=5196 comm="prelink" name="ld-2.4.so" dev=md0 ino=8061163
>>>> scontext=system_u:system_r:prelink_t:s0
>>>> tcontext=system_u:object_r:lib_t:s0 tclass=file
>>>> audit(1147793155.019:355): avc: denied { execute_no_trans } for
>>>> pid=5197 comm="prelink" name="ld-2.4.so" dev=md0 ino=8061163
>>>> scontext=system_u:system_r:prelink_t:s0
>>>> tcontext=system_u:object_r:lib_t:s0 tclass=file
>>>> audit(1147793155.447:356): avc: denied { execute_no_trans } for
>>>> pid=5198 comm="prelink" name="ld-2.4.so" dev=md0 ino=8061163
>>>> scontext=system_u:system_r:prelink_t:s0
>>>> tcontext=system_u:object_r:lib_t:s0 tclass=file
>>>> audit(1147793156.255:357): avc: denied { execute_no_trans } for
>>>> pid=5199 comm="prelink" name="ld-2.4.so" dev=md0 ino=8061163
>>>> scontext=system_u:system_r:prelink_t:s0
>>>> tcontext=system_u:object_r:lib_t:s0 tclass=file
>>>> I am using FC5 with selinux-policy-targeted-2.2.36-2.fc5
>>>> whats gonig on? is a file misslabeled or is this a policy bug?
>>>>
>>>> --
>>>> fedora-selinux-list mailing list
>>>> fedora-selinux-list at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>>>
>>>>
>>>>
>>> hello?
>>> any solution for this problem?
>>>
>>>
>>>
>> it happend again...
>> am I the only one seeing this?
>> audit(1148393411.538:2907): avc: denied { execute_no_trans } for
>> pid=16856 comm="prelink" name="ld-2.4.so" dev=md0 ino=8060939
>> scontext=system_u:system_r:prelink_t:s0
>> tcontext=system_u:object_r:lib_t:s0 tclass=file
>> audit(1148393411.794:2908): avc: denied { execmod } for pid=16859
>> comm="ld-linux.so.2" name="libGLcore.so.1.0.8762" dev=md0 ino=29797475
>> scontext=system_u:system_r:prelink_t:s0 tcontext=root:object_r:lib_t:s0
>> tclass=file
>> audit(1148393411.814:2909): avc: denied { execmod } for pid=16860
>> comm="ld-linux.so.2" name="libnvidia-tls.so.1.0.8762" dev=md0
>> ino=30869146 scontext=system_u:system_r:prelink_t:s0
>> tcontext=root:object_r:lib_t:s0 tclass=file
>> audit(1148393412.438:2910): avc: denied { unlink } for pid=13702
>> comm="prelink" name="prelink.cache" dev=md0 ino=7012828
>> scontext=system_u:system_r:prelink_t:s0
>> tcontext=user_u:object_r:etc_t:s0 tclass=file
>> prelink seems to be completly broken and nobody seems to notice it?
>>
>
> I'm not seeing this anywhere.
>
> Perhaps it's because /lib/ld-2.4.so is lib_t rather than ld_so_t on your
> system?
>
> Paul.
>
>
>
>
ls -Z /lib/ld-2.4.so
-rwxr-xr-x root root system_u:object_r:ld_so_t
/lib/ld-2.4.so
ls -Z /lib64/ld-2.4.so
-rwxr-xr-x root root system_u:object_r:lib_t
seems that you are correct lets hope that this wont happen again.
More information about the fedora-selinux-list
mailing list