ldconfig_t - still more .... ?

Tue Aug 7 13:48:16 UTC 2007

Running selinux-policy-3.0.5-2.fc8, targeted/enforcing.

Says: "- Fixes for ldconfig" but, get these during 'yum update'.
'restorecon' of /var/cache/ldconfig doesn't change ....

type=AVC msg=audit(1186493561.393:26): avc:  denied  { search } for
pid=4210 comm="ldconfig" name="ldconfig" dev=dm-0 ino=67143
scontext=system_u:system_r:ldconfig_t:s0
tcontext=system_u:object_r:ld_so_cache_t:s0 tclass=dir
type=SYSCALL msg=audit(1186493561.393:26): arch=40000003 syscall=5
success=no exit=-13 a0=80c5a92 a1=0 a2=3 a3=0 items=0 ppid=4209
pid=4210 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=pts0 comm="ldconfig" exe="/sbin/ldconfig"
subj=system_u:system_r:ldconfig_t:s0 key=(null)
type=AVC msg=audit(1186493561.572:27): avc:  denied  { getattr } for
pid=4210 comm="ldconfig" path="/var/cache/ldconfig" dev=dm-0 ino=67143
scontext=system_u:system_r:ldconfig_t:s0
tcontext=system_u:object_r:ld_so_cache_t:s0 tclass=dir
type=SYSCALL msg=audit(1186493561.572:27): arch=40000003 syscall=195
success=no exit=-13 a0=bfde8600 a1=bfde8658 a2=bfde8613 a3=8fd3080
items=0 ppid=4209 pid=4210 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=pts0 comm="ldconfig" exe="/sbin/ldconfig"
subj=system_u:system_r:ldconfig_t:s0 key=(null)

Putting in permissive mode adds:

type=SYSCALL msg=audit(1186493569.650:32): arch=40000003 syscall=4
success=yes exit=1 a0=3 a1=bfb7f5d4 a2=1 a3=bfb7f5d4 items=0 ppid=4222
pid=4263 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=pts1 comm="setenforce" exe="/usr/sbin/setenforce"
subj=system_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1186493600.964:33): avc:  denied  { search } for
pid=4290 comm="ldconfig" name="ldconfig" dev=dm-0 ino=67143
scontext=system_u:system_r:ldconfig_t:s0
tcontext=system_u:object_r:ld_so_cache_t:s0 tclass=dir
type=SYSCALL msg=audit(1186493600.964:33): arch=40000003 syscall=5
success=yes exit=3 a0=80c5a92 a1=0 a2=3 a3=0 items=0 ppid=4271
pid=4290 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=pts0 comm="ldconfig" exe="/sbin/ldconfig"
subj=system_u:system_r:ldconfig_t:s0 key=(null)
type=AVC msg=audit(1186493601.234:34): avc:  denied  { getattr } for
pid=4290 comm="ldconfig" path="/var/cache/ldconfig" dev=dm-0 ino=67143
scontext=system_u:system_r:ldconfig_t:s0
tcontext=system_u:object_r:ld_so_cache_t:s0 tclass=dir
type=SYSCALL msg=audit(1186493601.234:34): arch=40000003 syscall=195
success=yes exit=0 a0=bfd35ad0 a1=bfd35b28 a2=bfd35ae3 a3=8d77940
items=0 ppid=4271 pid=4290 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=pts0 comm="ldconfig" exe="/sbin/ldconfig"
subj=system_u:system_r:ldconfig_t:s0 key=(null)
type=AVC msg=audit(1186493601.234:35): avc:  denied  { write } for
pid=4290 comm="ldconfig" name="ldconfig" dev=dm-0 ino=67143
scontext=system_u:system_r:ldconfig_t:s0
tcontext=system_u:object_r:ld_so_cache_t:s0 tclass=dir
type=AVC msg=audit(1186493601.234:35): avc:  denied  { add_name } for
pid=4290 comm="ldconfig" name="aux-cache~"
scontext=system_u:system_r:ldconfig_t:s0
tcontext=system_u:object_r:ld_so_cache_t:s0 tclass=dir
type=SYSCALL msg=audit(1186493601.234:35): arch=40000003 syscall=5
success=yes exit=3 a0=8d77940 a1=20241 a2=180 a3=8d77940 items=0
ppid=4271 pid=4290 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts0 comm="ldconfig" exe="/sbin/ldconfig"
subj=system_u:system_r:ldconfig_t:s0 key=(null)
type=AVC msg=audit(1186493601.235:36): avc:  denied  { remove_name }
for  pid=4290 comm="ldconfig" name="aux-cache~" dev=dm-0 ino=66343
scontext=system_u:system_r:ldconfig_t:s0
tcontext=system_u:object_r:ld_so_cache_t:s0 tclass=dir
type=SYSCALL msg=audit(1186493601.235:36): arch=40000003 syscall=38
success=yes exit=0 a0=8d77940 a1=80c5a92 a2=3 a3=8d77940 items=0
ppid=4271 pid=4290 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts0 comm="ldconfig" exe="/sbin/ldconfig"
subj=system_u:system_r:ldconfig_t:s0 key=(null)

tom
-- 
Tom London