2017-12-16 20:42 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0008787CentOS-7selinux-policypublic2017-11-09 10:10
Reportersomngi 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusnewResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0008787: SELinux is preventing /usr/sbin/ldconfig from 'write' accesses on the directory etc.
DescriptionDescription of problem:
SELinux is preventing /usr/sbin/ldconfig from 'write' accesses on the directory etc.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that ldconfig should be allowed write access on the etc directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep ldconfig /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context unconfined_u:system_r:ldconfig_t:s0
Target Context unconfined_u:object_r:initrc_tmp_t:s0
Target Objects etc [ dir ]
Source ldconfig
Source Path /usr/sbin/ldconfig
Port <Unknown>
Host (removed)
Source RPM Packages glibc-2.17-78.el7.x86_64
Target RPM Packages filesystem-3.2-18.el7.x86_64
                              createrepo-0.9.9-23.el7.noarch
                              yum-3.4.3-125.el7.centos.noarch
Policy RPM selinux-policy-3.13.1-23.el7_1.7.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-229.4.2.el7.x86_64 #1 SMP
                              Wed May 13 10:06:09 UTC 2015 x86_64 x86_64
Alert Count 11
First Seen 2015-05-26 19:55:56 ICT
Last Seen 2015-05-27 10:51:23 ICT
Local ID a5f5fe1f-a219-423a-83b6-e7f2dc45bea6

Raw Audit Messages
type=AVC msg=audit(1432698683.911:526): avc: denied { write } for pid=10891 comm="ldconfig" name="etc" dev="dm-1" ino=202476439 scontext=unconfined_u:system_r:ldconfig_t:s0 tcontext=unconfined_u:object_r:initrc_tmp_t:s0 tclass=dir


type=SYSCALL msg=audit(1432698683.911:526): arch=x86_64 syscall=open success=no exit=EACCES a0=2237dc0 a1=20241 a2=180 a3=10 items=0 ppid=4771 pid=10891 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=4 comm=ldconfig exe=/usr/sbin/ldconfig subj=unconfined_u:system_r:ldconfig_t:s0 key=(null)

Hash: ldconfig,ldconfig_t,initrc_tmp_t,dir,write
Additional Informationreporter: libreport-2.1.11
hashmarkername: setroubleshoot
kernel: 3.10.0-229.4.2.el7.x86_64
type: libreport
TagsNo tags attached.
abrt_hash862d99e66a250dc3c2f5ac2d249379ce91897c8ad9b02dd954f257fac5efb4e9
URL
Attached Files

-Relationships
+Relationships

-Notes

~0030550

JLambrecht (reporter)

Another user experienced a similar problem:

unclear what specific write this is about, /etc/ld.so.cache should be a legitimate write destination, not /etc

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 4.13.10-1.el7.elrepo.x86_64
package: selinux-policy-3.13.1-166.el7_4.5.noarch
reason: SELinux is preventing /usr/sbin/ldconfig from 'write' accesses on the directory etc.
reproducible: Not sure how to reproduce the problem
type: libreport
+Notes

-Issue History
Date Modified Username Field Change
2015-05-27 11:21 somngi New Issue
2017-11-09 10:10 JLambrecht Note Added: 0030550
+Issue History