Nero for Linux & rpm initial labels
Jorge Fábregas
jorge.fabregas at gmail.com
Sun Dec 12 15:34:03 UTC 2010
Hi,
I installed the latest "Nero for Linux" (version 4) and noticed that rpm
labeled all files in /usr/lib/nero/lib* as textrel_shlib_t.. However, there's
no reference to this path in file_contexts and when I do a restorecon of these
files they get labeled as "lib_t" (as I would expect since there's no regex in
files_context for these).
I thought that what made rpm SELinux-aware was that it somehow consulted the
file_contexts (or a library called by rpm) but this is not the case in the
above example. Is it that rpm has some hardcoded rules to label some files in
/usr/lib/ as textrel_shlib_t regardless of what's in the file_contexts?
BTW, I had to add some regular expressions to the local file_contexts in order
to label some Nero libs as textrel_shlib_t for the ones located in
/usr/lib/nero/plug-ins/lib* as I got many AVCs when using the program.
There's one regex in file_contexts for Nero:
/usr/lib(64)?/nero/plug-ins/libMP3\.so(\.[^/]*)* --
system_u:object_r:textrel_shlib_t:s0
...but there are other libs in that directory (besides the MP3 one) that need
textrel_shlib_t. I ddin't file a bug report as I'm on Fedora 12 (it reached
its end of life). I'll check again if this happens when I install Fedora 14.
Thanks,
Jorge
More information about the selinux
mailing list