Running 'setfiles -vv $FC /lib' produces:
setfiles: labeling files under /lib setfiles: relabeling /lib/tls/i586/libdb-4.2.so from system_u:object_r:shlib_t to system_u:object_r:lib_t setfiles: conflicting specifications for /lib/tls/i486/libdb-4.2.so and /lib/tls/i586/libdb-4.2.so, using system_u:object_r:shlib_t. setfiles: relabeling /lib/tls/i486/libdb-4.2.so from system_u:object_r:lib_t to system_u:object_r:shlib_t
Suggest this patch:
--- types.fc 2004-09-23 11:02:38.000000000 -0700 +++ /tmp/types.fc 2004-09-24 22:35:40.913346939 -0700 @@ -302,7 +302,7 @@ /lib(64)?/[^/]*/lib[^/]*.so(.[^/]*)* -- system_u:object_r:shlib_t /lib(64)?/security/[^/]*.so(.[^/]*)* -- system_u:object_r:shlib_t /lib(64)?/tls/i686/cmov/[^/]*.so(.[^/]*)* -- system_u:object_r:shlib_t -/lib(64)?/tls/i486/[^/]*.so(.[^/]*)* -- system_u:object_r:shlib_t +/lib(64)?/tls/i[456]86/[^/]*.so(.[^/]*)* -- system_u:object_r:shlib_t
# # /sbin
tom
Tom London wrote:
Running 'setfiles -vv $FC /lib' produces:
setfiles: labeling files under /lib setfiles: relabeling /lib/tls/i586/libdb-4.2.so from system_u:object_r:shlib_t to system_u:object_r:lib_t setfiles: conflicting specifications for /lib/tls/i486/libdb-4.2.so and /lib/tls/i586/libdb-4.2.so, using system_u:object_r:shlib_t. setfiles: relabeling /lib/tls/i486/libdb-4.2.so from system_u:object_r:lib_t to system_u:object_r:shlib_t
Suggest this patch:
--- types.fc 2004-09-23 11:02:38.000000000 -0700 +++ /tmp/types.fc 2004-09-24 22:35:40.913346939 -0700 @@ -302,7 +302,7 @@ /lib(64)?/[^/]*/lib[^/]*.so(.[^/]*)* -- system_u:object_r:shlib_t /lib(64)?/security/[^/]*.so(.[^/]*)* -- system_u:object_r:shlib_t /lib(64)?/tls/i686/cmov/[^/]*.so(.[^/]*)* -- system_u:object_r:shlib_t -/lib(64)?/tls/i486/[^/]*.so(.[^/]*)* -- system_u:object_r:shlib_t +/lib(64)?/tls/i[456]86/[^/]*.so(.[^/]*)* -- system_u:object_r:shlib_t
# # /sbin
tom
/lib(64)?/tls/i.86/[^/]*.so(.[^/]*)* -- system_u:object_r:shlib_t
is already in the latest policy.
On Mon, Sep 27, 2004 at 11:00:49AM -0400, Daniel J Walsh wrote:
/lib(64)?/tls/i.86/[^/]*.so(.[^/]*)* -- system_u:object_r:shlib_t
is already in the latest policy.
I think that we're inevitably going to need a similar addition for /usr/lib.
There's also a reference to /lib/tls/i686/cmov in the policy, which brings up a question. The hwcap logic in the dynamic linker includes the ability to distinguish between many other specialized variations of libraries. So, how exhaustive is the policy intended to be?
Nalin
selinux@lists.fedoraproject.org