Hi,
I recently noticed some problems when building packages for rawhide
with mock. The mock logs have a log of these:
/sbin/ldconfig: Can't create temporary cache file /etc/ld.so.cache~: Permission denied
error: %postun(glibc-2.6-4.i686) scriptlet failed, exit status 1
The audit messages look like this:
avc: denied { read } for comm="ldconfig" dev=sda2 egid=502 euid=0 exe="/sbin/ldconfig" exit=-13 fsgid=502 fsuid=0 gid=502 items=0 name="lib" pid=4247 scontext=user_u:system_r:ldconfig_t:s0 sgid=502 subj=user_u:system_r:ldconfig_t:s0 suid=0 tclass=dir tcontext=user_u:object_r:var_lib_t:s0 tty=(none) uid=0
avc: denied { write } for comm="ldconfig" dev=sda2 egid=502 euid=0 exe="/sbin/ldconfig" exit=-13 fsgid=502 fsuid=0 gid=502 items=0 name="etc" pid=4247 scontext=user_u:system_r:ldconfig_t:s0 sgid=502 subj=user_u:system_r:ldconfig_t:s0 suid=0 tclass=dir tcontext=user_u:object_r:var_lib_t:s0 tty=(none) uid=0
I'm guessing this has to do with the contexts on etc:
$ ll -dZ /etc/ /var/lib/mock/fedora-development-i386/root/etc/
drwxr-xr-x root root system_u:object_r:etc_t /etc/
drwxrwsr-x build mock user_u:object_r:var_lib_t /var/lib/mock/fedora-development-i386/root/etc/
Is this something that needs to be fixed in mock or in the selinux
policy?