On Sunday 12 August 2007 02:27:03 Mohammed El-Afifi wrote:
> Just one last question: is there a way to make ldconfig work with
> SELinux in the enforcing mode, for example by updating the glibc
> package(which provides ldconfig) or alternatively updating SELinux
> packages? I'm currently having version 2.6-3 of glibc installed on
> my system.
Depending on the reason for the failure under selinux, you need to add
or modify a selinux policy and/or re-label directories and/or files.
I haven't had time to figure out how to do that, though.
I'm pretty sure that my problem comes from me using a program called
depot to manage the contents of my /usr/local directory. I install
programs in another directory and depot links them to the /usr/local
hierarchy. It's a kind of "poor man's" package manager for software I
build myself. Anyway, the directory I install software into is
labeled user_u:object_r:user_home_t:s0, just like my home directory.
I added /usr/local to my ldconfig configuration so ldconfig attempts
to read or search a "home" directory and is prevented from doing so by
selinux.
I guess for me, my real fix is to learn how to make my own rpm
packages from software I build instead of using the kludge I've been
using for years. (That sounds like a more scalable solution for me
than re-labeling every directory I build software into.)
One more thing: I believe the silent failure of ldconfig is a bug.
The only bugs I could find are against selinux-policy-targeted,
though. For example:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248703
--
Garry T. Williams --- +1 678 656-4579
