libc.so.6: Cannot open shared object file: Permission denied
Toralf Lund
toralf at procaptura.com
Mon Aug 22 09:33:03 UTC 2005
Paul Howarth wrote:
> Toralf Lund wrote:
>
>> Paul Howarth wrote:
>>
>>> If you have ever booted with SELinux disabled (or share a Linux
>>> partition with a different distro that doesn't use SELinux), you will
>>> have unlabelled files on your system. Accesses to these files from
>>> SELinux-protected apps won't work properly.
>>>
>> So /sbin/kmodule (which didn't work) would be an SELinux-protected
>> app, and ls, cat etc. unprotected?
>
>
> Sounds possible. Whether commands are protected or not sometimes
> depends on the contexts they are run from. For instance, if httpd is
> started from the initscript, it's protected, but if you start it
> yourself from the command line, it isn't.
Right...
>
>> Maybe the problem is that the upgrade I did also enabled SELinux?
>> Seems to me that if it did, it also ought to ensure it installed
>> files with the right labels, though...
>
>
> It *will* install files with correct labels, but if you're doing an
> upgrade then you will already have lots of unlabelled files.
Of course. However, I would have expected it to install new versions of
everything that was involved in this case.
> I do think that the installer should advise a relabel if you're
> upgrading a systen that wasn't previously using SELinux to be an
> SELinux-enabled one though.
Definitely.
Also, I have to admit that I don't even *know* if I enabled SELinux.
I've never consciously done anything to enable it, nor disable it, in
the past. Not that I can remember, anyway... It may or may have been on
under FC3 - I've never really taken notice of it. And I'm 100% sure that
I didn't set up anything in particular related to security during the
upgrade - simply because the upgrade installer doesn't ask about these
things.
- Toralf
More information about the fedora-list
mailing list