Running targeted/enforcing, latest rawhide.

Noticed the following AVC in log: Mar 25 07:38:36 localhost kernel: audit(1111765116.214:0): avc: denied { execmod } for pid=13994 comm=ld-linux.so.2 path=/usr/lib/openoffice.org1.9.87/program/libicudata.so.26.0 dev=dm-0 ino=164963 scontext=user_u:system_r:crond_t tcontext=system_u:object_r:lib_t tclass=file

This appears to be generated by prelink run from cron. Here are entries from prelink.log:

Prelinking /usr/lib/openoffice.org1.9.87/program/libicudata.so.26.0 /usr/sbin/prelink: /usr/lib/openoffice.org1.9.87/program/libicudata.so.26.0 Could not trace symbol resolving /usr/sbin/prelink: Could not prelink /usr/lib/openoffice.org1.9.87/program/libicuuc.so.26.0 because its dependency /usr/lib/openoffice.org1.9.87/program/libicudata.so.26.0 could not be prelinked /usr/sbin/prelink: Could not prelink /usr/lib/openoffice.org1.9.87/program/libicule.so.26.0 because its dependency /usr/lib/openoffice.org1.9.87/program/libicuuc.so.26.0 could not be prelinked Prelinking /usr/lib/openoffice.org1.9.87/program/libjvmaccessgcc3.so.3 /usr/sbin/prelink: Could not prelink /usr/lib/openoffice.org1.9.87/program/libvcl680li.so because its dependency /usr/lib/openoffice.org1.9.87/program/libicuuc.so.26.0 could not be prelinked <<<< etc. >>>

Interestingly, the AVC seems to be showing the the type of the link instead of the type of the real file: [root@tlondon program]# ls -lZ libicudata* lrwxrwxrwx root root system_u:object_r:lib_t libicudata.so -> libicudata.so.26.0 lrwxrwxrwx root root system_u:object_r:lib_t libicudata.so.26 -> libicudata.so.26.0 -r--r--r-- root root system_u:object_r:shlib_t libicudata.so.26.0

Any significance to this?

tom