libc.so.6: Cannot open shared object file: Permission denied

[Toralf Lund]

Paul Howarth wrote:

> Toralf Lund wrote:
>
>> Paul Howarth wrote:
>>
>>> If you have ever booted with SELinux disabled (or share a Linux
>>> partition with a different distro that doesn't use SELinux), you will
>>> have unlabelled files on your system. Accesses to these files from
>>> SELinux-protected apps won't work properly.
>>>
>> So /sbin/kmodule (which didn't work) would be an SELinux-protected 
>> app, and ls, cat etc. unprotected?
>
>
> Sounds possible. Whether commands are protected or not sometimes 
> depends on the contexts they are run from. For instance, if httpd is 
> started from the initscript, it's protected, but if you start it 
> yourself from the command line, it isn't.

Right...

>
>> Maybe the problem is that the upgrade I did also enabled SELinux? 
>> Seems to me that if it did, it also ought to ensure it installed 
>> files with the right labels, though...
>
>
> It *will* install files with correct labels, but if you're doing an 
> upgrade then you will already have lots of unlabelled files.

Of course. However, I would have expected it to install new versions of 
everything that was involved in this case.

> I do think that the installer should advise a relabel if you're 
> upgrading a systen that wasn't previously using SELinux to be an 
> SELinux-enabled one though.

Definitely.

Also, I have to admit that I don't even *know* if I enabled SELinux. 
I've never consciously done anything to enable it, nor disable it, in 
the past. Not that I can remember, anyway... It may or may have been on 
under FC3 - I've never really taken notice of it. And I'm 100% sure that 
I didn't set up anything in particular related to security during the 
upgrade - simply because the upgrade installer doesn't ask about these 
things.

- Toralf