[selinux-policy: 1983/3172] trunk: Glibc 2.7 fix from Vaclav Ovsik.

Thu Oct 7 21:56:17 UTC 2010

commit 9c4500b2f4b093ac01114ee7f7022674e893373b
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue Aug 12 19:33:18 2008 +0000

    trunk: Glibc 2.7 fix from Vaclav Ovsik.

 Changelog                          |    1 +
 policy/modules/system/libraries.fc |    2 ++
 policy/modules/system/libraries.te |    7 ++++++-
 3 files changed, 9 insertions(+), 1 deletions(-)
---

diff --git a/Changelog b/Changelog
index 3cd8425..717b309 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Glibc 2.7 fix from Vaclav Ovsik.
 - Samba/winbind update from Mike Edenfield.
 - Policy size optimization with a non-security file attribute from James
   Carter.
diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc
index 5b8fa1a..87248dc 100644
--- a/policy/modules/system/libraries.fc
+++ b/policy/modules/system/libraries.fc
@@ -296,6 +296,8 @@ HOME_DIR/.*/plugins/nprhapengine\.so.* --	gen_context(system_u:object_r:textrel_
 #
 # /var
 #
+/var/cache/ldconfig(/.*)?			gen_context(system_u:object_r:ldconfig_cache_t,s0)
+
 /var/ftp/lib(64)?(/.*)?				gen_context(system_u:object_r:lib_t,s0)
 /var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:ld_so_t,s0)
 
diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te
index 156e377..1129327 100644
--- a/policy/modules/system/libraries.te
+++ b/policy/modules/system/libraries.te
@@ -1,5 +1,5 @@
 
-policy_module(libraries, 2.2.0)
+policy_module(libraries, 2.2.1)
 
 ########################################
 #
@@ -23,6 +23,9 @@ type ldconfig_exec_t;
 init_system_domain(ldconfig_t,ldconfig_exec_t)
 role system_r types ldconfig_t;
 
+type ldconfig_cache_t;
+files_type(ldconfig_cache_t)
+
 type ldconfig_tmp_t;
 files_tmp_file(ldconfig_tmp_t)
 
@@ -51,6 +54,8 @@ optional_policy(`
 
 allow ldconfig_t self:capability sys_chroot;
 
+manage_files_pattern(ldconfig_t, ldconfig_cache_t, ldconfig_cache_t)
+
 allow ldconfig_t ld_so_cache_t:file manage_file_perms;
 files_etc_filetrans(ldconfig_t,ld_so_cache_t,file)
 
