If I in any way use 'CONFIG_SELINUX=y' for busybox (even if I compile by hand) I got the message below. Changeing this option to # 'CONFIG_SELINUX is not set' allows the compilation to finish, however I think this is set by purpose on my SELinux-enabled system... CC util-linux/umount.o AR util-linux/lib.a LINK busybox_unstripped coreutils/lib.a(id.o): In function `id_main': id.c:(.text.id_main+0x17f): undefined reference to `is_selinux_enabled' id.c:(.text.id_main+0x1ae): undefined reference to `getcon' id.c:(.text.id_main+0x1e4): undefined reference to `freecon' coreutils/lib.a(ls.o): In function `my_stat': ls.c:(.text.my_stat+0x33): undefined reference to `is_selinux_enabled' ls.c:(.text.my_stat+0xb1): undefined reference to `is_selinux_enabled' ls.c:(.text.my_stat+0x100): undefined reference to `lgetfilecon' ls.c:(.text.my_stat+0x112): undefined reference to `getfilecon' coreutils/lib.a(ls.o): In function `showfiles': ls.c:(.text.showfiles+0x389): undefined reference to `freecon' init/lib.a(init.o): In function `init_main': init.c:(.text.init_main+0x6a7): undefined reference to `selinux_init_load_policy' loginutils/lib.a(login.o): In function `login_main': login.c:(.text.login_main+0x7f8): undefined reference to `is_selinux_enabled' login.c:(.text.login_main+0x820): undefined reference to `get_default_context' login.c:(.text.login_main+0x83f): undefined reference to `getfilecon' login.c:(.text.login_main+0x875): undefined reference to `security_compute_relabel' login.c:(.text.login_main+0x894): undefined reference to `setfilecon' libbb/lib.a(run_shell.o): In function `set_current_security_context': run_shell.c:(.text.set_current_security_context+0x10): undefined reference to `freecon' libbb/lib.a(run_shell.o): In function `run_shell': run_shell.c:(.text.run_shell+0xcb): undefined reference to `setexeccon' run_shell.c:(.text.run_shell+0x121): undefined reference to `freecon' collect2: ld returned 1 exit status distcc[13138] ERROR: compile (null) on localhost failed make: *** [busybox_unstripped] Error 1 !!! ERROR: sys-apps/busybox-1.3.1 failed. Call stack: ebuild.sh, line 1593: Called dyn_compile ebuild.sh, line 951: Called src_compile busybox-1.3.1.ebuild, line 182: Called die !!! build failed !!! If you need support, post the topmost build error, and the call stack if relevant. Portage 2.1.2_rc4-r7 (selinux/x86/2006.1, gcc-4.1.1, glibc-2.5-r0, 2.6.19-hardened-r3 i686) ================================================================= System uname: 2.6.19-hardened-r3 i686 Pentium III (Coppermine) Gentoo Base System version 1.13.0_alpha10 Last Sync: Mon, 08 Jan 2007 08:50:01 +0000 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled] ccache version 2.4 [enabled] dev-lang/python: 2.4.4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r6 sys-apps/sandbox: 1.2.18.1 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.17.50.0.9 sys-devel/gcc-config: 1.3.14 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.19 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium3 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /opt/glftpd/etc /opt/glftpd/ftp-data" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O2 -march=pentium3 -pipe -fvisibility-inlines-hidden" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="" FEATURES="autoconfig ccache distcc distlocks loadpolicy parallel-fetch sandbox selinux sesandbox sfperms strict test userfetch userpriv usersandbox" GENTOO_MIRRORS="ftp://ftp.sunet.se/pub/os/Linux/distributions/gentoo http://ftp.du.se/pub/os/gentoo http://ds.thn.htu.se/linux/gentoo " LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu -Wl,-z,now -Wl,-z,relro" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage /usr/portage/local/layman/webapps-experimental" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="apache2 bash-completion berkdb bzip2 crypt cups glibc-omitfp hardened ipv6 jpeg logrotate mysql ncurses nls nptl nptlonly offensive pam pic png python readline selinux sensord serial sse ssl tcpd test tiff udev unicode unzip x86 xinetd zip zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" USERLAND="GNU" VIDEO_CARDS="none" Unset: CTARGET, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS
still true for sys-apps/busybox-1.4.1-r1
The same bug with 1.3.1 and 1.4.1-r1. Latest stable 1.2.2.1
Had some time to look at some things and the following commando does pass so somewhere in a Makefile there is something missing: make clean && LDFLAGS="-lselinux" make and no errors.
Bug upstream: http://busybox.net/bugs/view.php?id=1239 However patching Makefile.flags to include ifeq ($(CONFIG_SELINUX),y) LDFLAGS += -lselinux -lsepol endif works manually but not when compiling from ebuild.
Yep, still a problem with the latest stable. IMO, >=busybox-1.3 needs to be masked for selinux until this can get fixed.
busybox-1.5.0 seems to include a rework of SELinux. As the current stable (1.2.2.1) does not compile (bug #169830) it would be nice to see busybox-1.5.0 in the tree even if www.busybox.net says unstable to test if it works better...
fixed in 1.4.1-r2 and 1.4.2
Still almost identical error-message (and, yes. I have dubbel-checked that I am using the fixed version). LINK busybox_unstripped coreutils/lib.a(id.o): In function `id_main': id.c:(.text.id_main+0x1ab): undefined reference to `is_selinux_enabled' id.c:(.text.id_main+0x1df): undefined reference to `getcon' id.c:(.text.id_main+0x220): undefined reference to `freecon' coreutils/lib.a(ls.o): In function `my_stat': ls.c:(.text.my_stat+0x59): undefined reference to `is_selinux_enabled' ls.c:(.text.my_stat+0xf8): undefined reference to `is_selinux_enabled' ls.c:(.text.my_stat+0x153): undefined reference to `lgetfilecon' ls.c:(.text.my_stat+0x16f): undefined reference to `getfilecon' coreutils/lib.a(ls.o): In function `showfiles': ls.c:(.text.showfiles+0x3d1): undefined reference to `freecon' init/lib.a(init.o): In function `init_main': init.c:(.text.init_main+0x6f3): undefined reference to `selinux_init_load_policy' loginutils/lib.a(login.o): In function `login_main': login.c:(.text.login_main+0x83e): undefined reference to `is_selinux_enabled' login.c:(.text.login_main+0x860): undefined reference to `get_default_context' login.c:(.text.login_main+0x87c): undefined reference to `getfilecon' login.c:(.text.login_main+0x8a9): undefined reference to `security_compute_relabel' login.c:(.text.login_main+0x8c5): undefined reference to `setfilecon' libbb/lib.a(run_shell.o): In function `set_current_security_context': run_shell.c:(.text.set_current_security_context+0x34): undefined reference to `freecon' libbb/lib.a(run_shell.o): In function `run_shell': run_shell.c:(.text.run_shell+0xec): undefined reference to `setexeccon' run_shell.c:(.text.run_shell+0x14f): undefined reference to `freecon' libbb/lib.a(run_shell.o): In function `renew_current_security_context': run_shell.c:(.text.renew_current_security_context+0x29): undefined reference to `freecon' run_shell.c:(.text.renew_current_security_context+0x37): undefined reference to `getcon' collect2: ld returned 1 exit status make: *** [busybox_unstripped] Error 1 !!! ERROR: sys-apps/busybox-1.4.2 failed.
i dont have any selinux systems so you need to debug why the patch isnt working
Well fire away, I am all yours for experiment. As I could see portage applies the patch but ignores the Makefile.flags. But as busybox does not output the compile options I can't see if it really adds -lselinux and -lsepol to the command.
indeed, in one case it does (USE=-static) ... fixed in cvs now, thanks for pointing that out
Created attachment 114847 [details] Buildlog for 1.4.2 and USE="-static" Sorry but that does not seems to fix it here either. It comes one step closer, but then just some additionals warnings before the errormessage comes. AR util-linux/lib.a LINK busybox_unstripped ***Here it broke before LD applets/built-in.o LINK busybox_unstripped True for both 1.4.2 and 1.5.0. And there seems to be no diffrense for USE="static" and USE="-static"
Forgot to reopen
strange. MAKEOPTS="-n" ebuild busybox-1.4.2.ebuild tells me it has -lselinux and -lsepol but fails anyway... echo ' LINK busybox_unstripped'; /var/tmp/portage/sys-apps/busybox-1.5.0/work/busybox-1.5.0/scripts/tryl-gnu-gcc -Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu -static -lselinux -lsepol -o busybox_unstripped -Wl,-Mn -Wl,--sort-common -Wl,--start-group applets/built-in.o archival/lib.a archival/libunarchive/lib.a conscoreutils/lib.a coreutils/libcoreutils/lib.a debianutils/lib.a e2fsprogs/lib.a editors/lib.a findutils/ libbb/lib.a libpwdgrp/lib.a loginutils/lib.a miscutils/lib.a modutils/lib.a networking/lib.a networkb.a networking/udhcp/lib.a procps/lib.a runit/lib.a selinux/lib.a shell/lib.a sysklogd/lib.a util-linl/built-in.o archival/libunarchive/built-in.o console-tools/built-in.o coreutils/built-in.o coreutils/liin.o debianutils/built-in.o e2fsprogs/built-in.o editors/built-in.o findutils/built-in.o init/built-in..o libpwdgrp/built-in.o loginutils/built-in.o miscutils/built-in.o modutils/built-in.o networking/built/libiproute/built-in.o networking/udhcp/built-in.o procps/built-in.o runit/built-in.o selinux/built-in.oo sysklogd/built-in.o util-linux/built-in.o -Wl,--end-group echo 'cmd_busybox_unstripped := /var/tmp/portage/sys-apps/busybox-1.5.0/work/busybox-1.5.0/scripts/trylink igcc -Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu -static -lselinux -lsepol -o busybox_unstripped -Wl,-M -Wl,,--sort-common -Wl,--start-group applets/built-in.o archival/lib.a archival/libunarchive/lib.a console-ttils/lib.a coreutils/libcoreutils/lib.a debianutils/lib.a e2fsprogs/lib.a editors/lib.a findutils/lib.abb/lib.a libpwdgrp/lib.a loginutils/lib.a miscutils/lib.a modutils/lib.a networking/lib.a networking/lnetworking/udhcp/lib.a procps/lib.a runit/lib.a selinux/lib.a shell/lib.a sysklogd/lib.a util-linux/lilt-in.o archival/libunarchive/built-in.o console-tools/built-in.o coreutils/built-in.o coreutils/libcore debianutils/built-in.o e2fsprogs/built-in.o editors/built-in.o findutils/built-in.o init/built-in.o liibpwdgrp/built-in.o loginutils/built-in.o miscutils/built-in.o modutils/built-in.o networking/built-in.oproute/built-in.o networking/udhcp/built-in.o procps/built-in.o runit/built-in.o selinux/built-in.o shesklogd/built-in.o util-linux/built-in.o -Wl,--end-group' > ./.busybox_unstripped.cmd rm -f .old_version
the order is funked ... ive fixed this upstream and in our versions ... thanks for testing
Thanks, busybox-1.4.2 emerged just fine! Maybe a patch for 1.5.0 or mask it until 1.5.1 (wich I pressume is fixed) is released?
err, i fixed trunk, not the branch ... but ive rectified that so 1.5.1 will include the fix ... thanks for reminding me ;)