ldconfig denials during mock builds
Paul Howarth
paul at city-fan.org
Mon Aug 6 09:08:16 UTC 2007
Todd Zullinger wrote:
> Hi,
>
> I recently noticed some problems when building packages for rawhide
> with mock. The mock logs have a log of these:
>
> /sbin/ldconfig: Can't create temporary cache file /etc/ld.so.cache~: Permission denied
> error: %postun(glibc-2.6-4.i686) scriptlet failed, exit status 1
>
> The audit messages look like this:
>
> avc: denied { read } for comm="ldconfig" dev=sda2 egid=502 euid=0 exe="/sbin/ldconfig" exit=-13 fsgid=502 fsuid=0 gid=502 items=0 name="lib" pid=4247 scontext=user_u:system_r:ldconfig_t:s0 sgid=502 subj=user_u:system_r:ldconfig_t:s0 suid=0 tclass=dir tcontext=user_u:object_r:var_lib_t:s0 tty=(none) uid=0
>
> avc: denied { write } for comm="ldconfig" dev=sda2 egid=502 euid=0 exe="/sbin/ldconfig" exit=-13 fsgid=502 fsuid=0 gid=502 items=0 name="etc" pid=4247 scontext=user_u:system_r:ldconfig_t:s0 sgid=502 subj=user_u:system_r:ldconfig_t:s0 suid=0 tclass=dir tcontext=user_u:object_r:var_lib_t:s0 tty=(none) uid=0
>
> I'm guessing this has to do with the contexts on etc:
>
> $ ll -dZ /etc/ /var/lib/mock/fedora-development-i386/root/etc/
> drwxr-xr-x root root system_u:object_r:etc_t /etc/
> drwxrwsr-x build mock user_u:object_r:var_lib_t /var/lib/mock/fedora-development-i386/root/etc/
>
> Is this something that needs to be fixed in mock or in the selinux
> policy?
Is your buildsys also running on rawhide?
Are you not using the mock policy module from
http://fedoraproject.org/wiki/PackageMaintainers/MockTricks ?
Paul.
More information about the fedora-selinux-list
mailing list