Rawhide SE Linux targeted policy warning !!!
Ulrich Drepper
drepper at redhat.com
Fri Dec 24 20:19:05 UTC 2004
Paul wrote:
>>I just updated from rawhide. I am using selinux-policy-targeted-1.19.15-7. It
>>breaks about everything. My suggestion is to skip it (unless you want a little
>>excitement in your life).
>
>
> glibc is also knackered (fails to map correctly).
That is extremely unlikely, especially since I run it (and the latest
policy as well).
Since nobody has posted any actual information I must guess that some
files are mislabeled. E.g., ldconfig for some reason creates updated
glibc DOSs with
system_u:object_r:lib_t
instead of
system_u:object_r:shlib_t
This difference is crucial since the policy now is restrictive when it
comes to mapping files for execution. So, take a look at the output of
ls -lZ /lib /lib/tls /usr/lib
(and for related directories). If any DSO uses lib_t instead of
shlib_t, fix the label. The easiest way to do this is to relabel the
entire filesystem. More info at
http://fedora.redhat.com/docs/selinux-faq-fc3/
--
➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/test/attachments/20041224/6302f6a2/attachment.bin
More information about the test
mailing list