On Wed, 2006-06-21 at 21:13 -0400, Daniel J Walsh wrote:
Jason L Tibbitts III wrote:
>>>>>> "SS" == Stephen Smalley <sds(a)tycho.nsa.gov>
writes:
>>>>>>
>
> SS> Is this in a chroot?
>
> I am seeing the problem running a plain rpmbuild -ba, no chroot or
> mock in sight.
>
> - J<
>
Is this happening selinux disabled? There is a printf in libselinux
which is triggered when matchpatcon fails
to verify a file context via the kernel. If the kernel is not running
selinux this could happen.
Normally that is suppressed because default_canoncon checks whether
security_canonicalize_context() returned with errno ENOENT
(i.e. /selinux/context didn't exist, as with SELinux disabled or in a
chroot). But the patch from Ian Kent for !selinux_mnt changes that
behavior unless those checks also set errno to ENOENT, which I added
upstream, but is _not_ in your FC5 backport.
--
Stephen Smalley
National Security Agency