Permission denied during rpm installation

Paul Howarth paul at city-fan.org
Fri Jul 28 17:00:34 UTC 2006 

Deepak Shrestha wrote:
> On 7/29/06, Paul Howarth <paul at city-fan.org> wrote:
>> Deepak Shrestha wrote:
>> >> The problem appears to be depmod trying to unlink (delete) a file of
>> >> context type modules_object_t. I can't see any need for it to delete
>> >> anything that's actually a kernel module, so perhaps you have a
>> >> labelling problem?
>> >>
>> >> Can you post the output of the following commands:
>> >>
>> >> $ ls -lZ /lib/modules//2.6.17-1.2157_FC5
>> >>
>> >> $ rpm -q --scripts kernel-module-ntfs-2.6.17-1.2157_FC5
>> >>
>> >> Paul.
>> >
>> >
>> > Ok
>> >
>> > output of
>> >
>> > $ ls -lZ /lib/modules//2.6.17-1.2157_FC5
>> >
>> > ============
>> > lrwxrwxrwx  root root system_u:object_r:modules_object_t build ->
>> > ../../../usr/src/kernels/2.6.17-1.2157_FC5-i686
>> > drwxr-xr-x  root root system_u:object_r:modules_object_t extra
>> > drwxr-xr-x  root root system_u:object_r:modules_object_t kernel
>> > -rw-r--r--  root root user_u:object_r:modules_dep_t    modules.alias
>> > -rw-r--r--  root root user_u:object_r:modules_dep_t    modules.ccwmap
>> > -rw-r--r--  root root user_u:object_r:modules_dep_t    modules.dep
>> > -rw-r--r--  root root user_u:object_r:modules_dep_t    
>> modules.ieee1394map
>> > -rw-r--r--  root root user_u:object_r:modules_dep_t    modules.inputmap
>> > -rw-r--r--  root root user_u:object_r:modules_dep_t    
>> modules.isapnpmap
>> > -rw-r--r--  root root user_u:object_r:modules_dep_t    modules.ofmap
>> > -rw-r--r--  root root user_u:object_r:modules_dep_t    modules.pcimap
>> > -rw-r--r--  root root user_u:object_r:modules_dep_t    modules.seriomap
>> > -rw-r--r--  root root user_u:object_r:modules_dep_t    modules.symbols
>> > -rw-r--r--  root root user_u:object_r:modules_dep_t    modules.usbmap
>> > lrwxrwxrwx  root root system_u:object_r:modules_object_t source -> 
>> build
>> > drwxr-xr-x  root root system_u:object_r:modules_object_t updates
>> > ==============
>> >
>> > and output of
>> >
>> > $ rpm -q --scripts kernel-module-ntfs-2.6.17-1.2157_FC5
>> >
>> > ==============
>> > preinstall program: /bin/sh
>> > postinstall scriptlet (using /bin/sh):
>> > if [ -f /boot/System.map-2.6.17-1.2157_FC5 ]; then
>> >        /sbin/depmod -a -F /boot/System.map-2.6.17-1.2157_FC5
>> > 2.6.17-1.2157_FC5 || :
>> > else
>> >        /sbin/depmod -a || :
>> > fi
>> > postuninstall scriptlet (using /bin/sh):
>> > if [ -f /boot/System.map-2.6.17-1.2157_FC5 ]; then
>> >        /sbin/depmod -a -F /boot/System.map-2.6.17-1.2157_FC5
>> > 2.6.17-1.2157_FC5 || :
>> > else
>> >        /sbin/depmod -a || :
>> > fi
>> > ======================
>>
>> Nothing looks particularly odd to me there. If you were running the
>> audit daemon we might have found the name of the actual file that depmod
>> was trying to remove, which would have helped.
>>
>> The only thing I can think of now would be to try reinstalling the
>> package and if the problem is repeated. If not, it's likely that it was
>> a labelling issue that has "fixed itself" by having depmod write a new
>> file with the correct context type when you did the original install in
>> permissive mode.
>>
>> Paul.
>>
> 
> I can't remember the particular package which got denied when I did
> the yum update but its not giving me touble at this moment. Hope next
> update will solve this problem.

D'oh, silly me. The answer was there is the first post of this thread. 
The file concerned was /lib/modules/2.6.17-1.2157_FC5/modules.dep.temp, 
probably created during installation of the 
kernel-module-ntfs-2.6.17-1.2157_FC5 package.

If a file of that name is created by depmod, it should have the 
modules_dep_t file context type. However, if it's created by an 
unconfined process (e.g. by just doing "touch 
/lib/modules/2.6.17-1.2157_FC5/modules.dep.temp"), it'll get the 
modules_object_t context type, which is what caused the problem. So the 
question is, how did that file get created?

It would be useful if you could try uninstalling 
kernel-module-ntfs-2.6.17-1.2157_FC5, making sure that 
/lib/modules/2.6.17-1.2157_FC5/modules.dep.temp does not exist, making 
sure that you're in enforcing mode, then trying to reinstall 
kernel-module-ntfs-2.6.17-1.2157_FC5 and see if the problem happens again.

Paul.

More information about the users mailing list