On Thu, Dec 09, 2004 at 08:26:34AM -0500, Stephen Smalley wrote:
On Thu, 2004-12-09 at 08:19, Stephen Smalley wrote:
The 'ls' output indicates that the libpcre shared object is labeled correctly, so I wonder if he had already relabeled it via fixfiles or restorecon prior to running that ls.
The prelink.log file does include some 'Could not get security context" errors (with errno ENODATA), which is interesting, but peculiar that there is no such error for the libpcre shared object, since that is the one that is triggering this denial. The lack of any context on those files is very odd unless he ran with SELinux disabled for a while (in which case the files would indeed end up with no context if they were updated while SELinux was disabled and he failed to relabel when he re-enabled SELinux).
Note: I added a comment to the bugzilla entry with this information and also asked the bug reporter several follow-up questions.
Thanks Stephen. If you'd rather I just CC you immediately the next time this is reported, or if you have some new questions I should be asking people, then just let me know.
joe