Thomas Bleher wrote:

>* Daniel J Walsh <dwalsh@redhat.com> [2004-11-18 15:32]:
>
>
>>diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/ldconfig.te policy-1.19.2/domains/program/ldconfig.te
>>--- nsapolicy/domains/program/ldconfig.te 2004-11-09 13:35:12.000000000 -0500
>>+++ policy-1.19.2/domains/program/ldconfig.te 2004-11-18 08:48:23.918139878 -0500
>>@@ -26,7 +26,7 @@
>> allow ldconfig_t lib_t:lnk_file create_lnk_perms;
>>
>> allow ldconfig_t userdomain:fd use;
>>-allow ldconfig_t etc_t:file { getattr read };
>>+allow ldconfig_t etc_t:file { getattr read unlink };
>>
>>
>
>Which files does it want to unlink? Is it possible that the file was
>just mislabeled? (there's this line in the policy:
>file_type_auto_trans(ldconfig_t, etc_t, ld_so_cache_t, file)
>so it should probably be ld_so_cache_t)
>
>Thomas
>
>
>

Yes I added this because it gets, mislabeled and then can not change it back.
A bug in RPM was causing it many times. Booting in non enforcing mode, non selinux mode
This can easily happen on targeted policy, but could also happen on strict, Allowing ldconfig_t from unlink etc_t files seems like a reasonable way around the problem.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.