SELinux is preventing sh from getattr access on the file /usr/sbin/ldconfig.

Daniel J Walsh dwalsh at redhat.com
Wed Jul 1 10:47:05 UTC 2015



On 06/30/2015 07:57 AM, Ed Greshko wrote:
> On 06/30/15 19:31, Daniel J Walsh wrote:
>> On 06/29/2015 01:45 PM, Andras Simon wrote:
>>> [Sorry for the late answer, I was away from this machine.]
>>>
>>> 2015-06-28 1:01 GMT+02:00, Ed Greshko <ed.greshko at greshko.com>:
>>>> On 06/27/15 21:15, Andras Simon wrote:
>>>>> 2015-06-27 15:11 GMT+02:00, Andras Simon <szajmi at gmail.com>:
>>>>>> Should I be worried about the $subject?
>>>>> And there's also a "SELinux is preventing sh from execute access on
>>>>> the file /usr/sbin/ldconfig" which I've only just noticed. It sounds
>>>>> even scarier.
>>>>>
>>>> Does your output match these?
>>>>
>>>> [egreshko at meimei ~]$ ls -Z /bin/bash
>>>> system_u:object_r:shell_exec_t:s0 /bin/bash
>>>>
>>>> [egreshko at meimei ~]$ ls -Z /usr/sbin/ldconfig
>>>> system_u:object_r:ldconfig_exec_t:s0 /usr/sbin/ldconfig
>>> Yes, I get the same result.
>>>
>>> Andras
>> Everything seems correct.
>>
>> But the AVC's indicate that firewalld was attempting to runldconfig...
>>
>> Which I believe should not happen normally.  The transactions at the
>> time of yum/rpm indicate
>> that the transaction or at least the post install sections were being
>> run as firewalld_t.
> Should that be BZ's to against firewalld?
>
Sure we should have this in a bugzilla, but not sure those guys will
figure it out either.


More information about the users mailing list