0

using strace I have found a behaviour of ldconfig (glibc), I can make no sense of

lstat("/usr/lib/libext2fs.so.2", {st_mode=S_IFLNK|0777, st_size=16, ...}) = 0
unlink("/usr/lib/libext2fs.so.2")       = 0
symlink("libselinux.so.1", "/usr/lib/libext2fs.so.2") = 0

Is there any need to have the shared object library for ext2fs (libext2fs.so.2) to be a symbolic link to libselinux.so.1.

How does ldconfig know what to do? It does not seem logical to me that this static binary /usr/bin/ldconfig would have such a behaviour hardcoded, right. However its configuration file /etc/ld.so.conf does not help me much to clear that mystery.

What makes all of this even more confusing/suspicious with my distros tools (Arch Linux) I cannot find any package the file belongs to.

$ pkgfile /usr/lib/libselinux.so.1

does not show any package, while $ pkgfile /usr/lib/libext2fs.so

outputs core/e2fsprogs

So my question is specifically:

  1. what the role of this libselinux.so.1 is here
  2. how ldconfig comes to decide to create that symlink (which btw. breaks e2fsck)
Rui F Ribeiro
  • 55,929
  • 26
  • 146
  • 227
humanityANDpeace
  • 13,722
  • 13
  • 61
  • 107

1 Answers1

1

Your library was probably renamed by mistake at some time from /usr/lib/libselinux.1 to /usr/lib/libext2fs.so.2 . This doesn't prevent ldconfig to find the expected name from the library's content (rather than the library's file name) and thus link the "correct" name. This can be verified by copying any library to some directory and ask ldconfig to update (only) this directory.

Here the equivalent on Debian 9:

$ mkdir /tmp/foo
$ cp -aL /lib/x86_64-linux-gnu/libselinux.so.1 /tmp/foo/libmytest.so.2
$ ls -l /tmp/foo/*
-rw-r--r-- 1 test test 155400 Sep 24  2017 /tmp/foo/libmytest.so.2
$ /sbin/ldconfig -v -n /tmp/foo
/tmp/foo:
    libselinux.so.1 -> libmytest.so.2 (changed)
$ ls -l /tmp/foo/*
-rw-r--r-- 1 test test 155400 Sep 24  2017 /tmp/foo/libmytest.so.2
lrwxrwxrwx 1 test test     14 Jun  5 23:33 /tmp/foo/libselinux.so.1 -> libmytest.so.2

By the way libselinux is a common library for software dealing with SELinux. Even the ls, cp, mv, ps commands are usually linked with it (for their respective -Z option).

A.B
  • 31,762
  • 2
  • 62
  • 101
  • 1
    Your answer rings true. I have looked `readelf --dynamic /usr/lib` does indeed output ` 0x000000000000000e (SONAME) Library soname: [libext2fs.so.2]`, also I have checked that somewhere burried in .bash_history there is indeed some evidence that the `libselinux.so.1` file was created as a copy of then `libext2fs.so.2` file, making this occurence less likely something malicious (what a relief). I now have to look into how the ldcache works, since the strace suggest that ldconfig did not check the file's content but simply by the values returned by stat ldconfig guessed what to do. – humanityANDpeace Jun 05 '19 at 23:06