| Summary: | env-update change /etc/ld.so.cache labels | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Alexander Weber <web.alexander> |
| Component: | SELinux | Assignee: | SE Linux Bugs <selinux> |
| Status: | UNCONFIRMED --- | ||
| Severity: | normal | CC: | gentoo |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | AMD64 | ||
| OS: | Linux | ||
| See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=833018 https://bugs.gentoo.org/show_bug.cgi?id=696818 https://bugs.gentoo.org/show_bug.cgi?id=777717 https://bugs.gentoo.org/show_bug.cgi?id=823203 |
||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
I am beginner with selinux, still in permissive mode. After system update I see the next exceptions in dmesg: [554417.234763] audit: type=1400 audit(1612379151.820:3902): avc: denied { map } for pid=27484 comm="exim" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=542639 scontext=system_u:system_r:exim_t tcontext=root:object_r:etc_t tclass=file permissive=1 [554439.302701] audit: type=1400 audit(1612379173.886:3913): avc: denied { map } for pid=27489 comm="sshd" path="/etc/ld.so.cache" dev="mmcblk0p2" ino=542639 scontext=system_u:system_r:sshd_t tcontext=root:object_r:etc_t tclass=file permissive=1 Found out the env-update breaks the labels on /etc/ld.so.cache Reproducible: Always Steps to Reproduce: # ls -lZ /etc/ld.so.cache -rw-r--r--. 1 root root root:object_r:etc_t 39699 3. Feb 20:22 /etc/ld.so.cache # restorecon /etc/ld.so.cache # ls -lZ /etc/ld.so.cache -rw-r--r--. 1 root root root:object_r:ld_so_cache_t 39699 3. Feb 20:22 /etc/ld.so.cache # env-update >>> Regenerating /etc/ld.so.cache... # ls -lZ /etc/ld.so.cache -rw-r--r--. 1 root root root:object_r:etc_t 39699 3. Feb 20:23 /etc/ld.so.cache Actual Results: As you see the label ld_so_cache_t gets lost and replaced by etc_t Expected Results: env-update should keep or restore the ld_so_cache_t label