ldconfig AVCs ..... needs /var

Tom London selinux at gmail.com
Fri Aug 3 14:03:13 UTC 2007 

Today's Rawhide: targeted/enforcing/permissive.

Today's 'yum update' of library packages that run 'ldconfig' produce:

type=AVC msg=audit(1186149388.713:55): avc:  denied  { write } for
pid=6019 comm="ldconfig" name="ldconfig" dev=dm-0 ino=67143
scontext=system_u:system_r:ldconfig_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=dir
type=SYSCALL msg=audit(1186149388.713:55): arch=40000003 syscall=5
success=no exit=-13 a0=97443e0 a1=20241 a2=180 a3=97443e0 items=0
ppid=4587 pid=6019 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts0 comm="ldconfig" exe="/sbin/ldconfig"
subj=system_u:system_r:ldconfig_t:s0 key=(null)


Running in permissive mode:

type=AVC msg=audit(1186149533.240:59): avc:  denied  { write } for
pid=6055 comm="ldconfig" name="ldconfig" dev=dm-0 ino=67143
scontext=system_u:system_r:ldconfig_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=dir
type=AVC msg=audit(1186149533.240:59): avc:  denied  { add_name } for
pid=6055 comm="ldconfig" name="aux-cache~"
scontext=system_u:system_r:ldconfig_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=dir
type=AVC msg=audit(1186149533.240:59): avc:  denied  { create } for
pid=6055 comm="ldconfig" name="aux-cache~"
scontext=system_u:system_r:ldconfig_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1186149533.240:59): arch=40000003 syscall=5
success=yes exit=3 a0=82c43e0 a1=20241 a2=180 a3=82c43e0 items=0
ppid=6051 pid=6055 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts0 comm="ldconfig" exe="/sbin/ldconfig"
subj=system_u:system_r:ldconfig_t:s0 key=(null)
type=AVC msg=audit(1186149533.240:60): avc:  denied  { write } for
pid=6055 comm="ldconfig" path="/var/cache/ldconfig/aux-cache~"
dev=dm-0 ino=66583 scontext=system_u:system_r:ldconfig_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1186149533.240:60): arch=40000003 syscall=4
success=yes exit=48749 a0=3 a1=82e5a48 a2=be6d a3=82c43e0 items=0
ppid=6051 pid=6055 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts0 comm="ldconfig" exe="/sbin/ldconfig"
subj=system_u:system_r:ldconfig_t:s0 key=(null)
type=AVC msg=audit(1186149533.241:61): avc:  denied  { remove_name }
for  pid=6055 comm="ldconfig" name="aux-cache~" dev=dm-0 ino=66583
scontext=system_u:system_r:ldconfig_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=dir
type=AVC msg=audit(1186149533.241:61): avc:  denied  { rename } for
pid=6055 comm="ldconfig" name="aux-cache~" dev=dm-0 ino=66583
scontext=system_u:system_r:ldconfig_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1186149533.241:61): arch=40000003 syscall=38
success=yes exit=0 a0=82c43e0 a1=80c5ef2 a2=3 a3=82c43e0 items=0
ppid=6051 pid=6055 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts0 comm="ldconfig" exe="/sbin/ldconfig"
subj=system_u:system_r:ldconfig_t:s0 key=(null)


tom
-- 
Tom London

More information about the fedora-selinux-list mailing list