410955 – Portage /var/lib/portage/config is an ldconfig cache file (SELinux)

Bug 410955 - Portage /var/lib/portage/config is an ldconfig cache file (SELinux)

Summary: Portage /var/lib/portage/config is an ldconfig cache file (SELinux)

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Hardened (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	SE Linux Bugs

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2012-04-05 21:04 UTC by Sven Vermeulen (RETIRED)
Modified:	2012-08-15 15:23 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sven Vermeulen (RETIRED) gentoo-dev

2012-04-05 21:04:33 UTC

When portage works on /var/lib/portage/config, it easily marks it (SELinux-wise) as portage_cache_t. However, this should be ldconfig_cache_t as it is ldconfig that works on it, and there is no reason for portage to have it as portage_cache_t.

We need to figure out which domain is writing this file and see if it can either use setfscreate() to use the proper context (and patch the policies to use the proper context) or, if plausible, update the policy with a named file transition on it.

Reproducible: Always

Comment 1 Sven Vermeulen (RETIRED) gentoo-dev

2012-08-15 15:23:00 UTC

So I was wrong, this is not about ldconfig_cache_t.