prelink and yum conflict

Tom London selinux at gmail.com
Tue Oct 12 15:03:27 UTC 2004 

Sorry to belabor this....but running strict/enforcing,
here is a subset of the messages from 'yum update'
of today's Rawhide:

gnome-vfs2 100 % done 3/161
/sbin/ldconfig: Renaming of /etc/ld.so.cache~ to /etc/ld.so.cache
failed: Permission denied
error: %post(gnome-vfs2-2.8.2-1.i386) scriptlet failed, exit status 1
gail 100 % done 4/161
mozilla-nspr 100 % done 5/161
error: %post(mozilla-nspr-1.7.3-13.i386) scriptlet failed, exit status 1
eel2 100 % done 6/161
rpm-libs 100 % done 7/161
ImageMagick 100 % done 8/161
grep 100 % done 9/161
pam 100 % done 10/161
/sbin/ldconfig: Renaming of /etc/ld.so.cache~ to /etc/ld.so.cache
failed: Permission denied
mozilla-nss 100 % done 11/161
error: %post(mozilla-nss-1.7.3-13.i386) scriptlet failed, exit status 1
mozilla 100 % done 12/161
sane-backends 100 % done 13/161
rpm 100 % done 14/161
/sbin/ldconfig: Renaming of /etc/ld.so.cache~ to /etc/ld.so.cache
failed: Permission denied
cups-libs 100 % done 15/161
libuser 100 % done 16/161
/sbin/ldconfig: Renaming of /etc/ld.so.cache~ to /etc/ld.so.cache
failed: Permission denied
error: %post(libuser-0.52.5-1.i386) scriptlet failed, exit status 1
ImageMagick-c++ 100 % done 17/161
nautilus 100 % done 78/161
/sbin/ldconfig: Renaming of /etc/ld.so.cache~ to /etc/ld.so.cache
failed: Permission denied
nautilus-cd-burner 100 % done 79/161
/sbin/ldconfig: Renaming of /etc/ld.so.cache~ to /etc/ld.so.cache
failed: Permission denied
control-center 100 % done 80/161
/sbin/ldconfig: Renaming of /etc/ld.so.cache~ to /etc/ld.so.cache
failed: Permission denied

rpm -V of the above packages is non-eventful, except for libuser:
.......T. c /etc/libuser.conf
..5....T.   /usr/bin/lchfn
..5....T.   /usr/bin/lchsh
..5....T.   /usr/lib/libuser.so.1.1.1
..5....T.   /usr/lib/libuser/libuser_files.so
..5....T.   /usr/lib/libuser/libuser_ldap.so
..5....T.   /usr/lib/libuser/libuser_shadow.so
S.5....T.   /usr/lib/python2.3/site-packages/libusermodule.so
..5....T.   /usr/sbin/lchage
..5....T.   /usr/sbin/lgroupadd
..5....T.   /usr/sbin/lgroupdel
..5....T.   /usr/sbin/lgroupmod
..5....T.   /usr/sbin/lid
..5....T.   /usr/sbin/lnewusers
..5....T.   /usr/sbin/lpasswd
..5....T.   /usr/sbin/luseradd
..5....T.   /usr/sbin/luserdel
..5....T.   /usr/sbin/lusermod
.......T.   /usr/share/locale/ar/LC_MESSAGES/libuser.mo
<<<SNIP files with just T changes>>>

Is this safe to ignore? Should I reinstall offending packages
running in permissive mode? Other?

tom

On Tue, 12 Oct 2004 10:44:32 -0400, Jeff Johnson <n3npq at nc.rr.com> wrote:
> Stephen Smalley wrote:
> 
> >On Tue, 2004-10-12 at 10:03, Jeff Johnson wrote:
> >
> >
> >>Better still, how about libselinux_execve() clone. no reason why libselinux
> >>should not do the execve as well afaict.
> >>
> >>
> >
> >Hmmm..that lends itself to interface spread, as people will then want
> >libselinux_execl*, libselinux_execvp, ... and possibly even
> >libselinux_popen, as opposed to just a setexeccon-like function that can
> >be called prior to any of those normal calls.  We actually had
> >execve_secure() in the old SELinux API, but were forced to migrate to
> >setexeccon();execve(); as part of mainstream inclusion.
> >
> >
> 
> Interface spread appreciated, but whether application or library does
> execve(2) is
> pehaps not the important issue.
> 
> A hook called afetr fork(2) to permit libselinux to change the execution
> environment opaquely
> is what rpm seeks, execve(2) clone is a rather natural way to define the
> necessary API imho.
> 
> But if you want rpm (or application) to do its own execve(2), well, that
> works too. The issue
> for rpm is opaqueness, i.e. not compiling "rpm_script_t" and the
> decision algorithm into rpmlib.
> 
> 73 de Jeff
> 
> 
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
> 


-- 
Tom London

More information about the fedora-selinux-list mailing list