Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
I'm building a system with the /usr/portage/profiles/selinux/2005.1/x86/hardened profile. 'emerge system' installs policycoreutils-1.22; every emerge after that fails because setfiles segfaults during the qmerge phase. After some googling i manually compiled setfiles with the patch at http://marc.theaimsgroup.com/?l=selinux&m=111292011814641&w=2, but it did not fix the problem. After adding some printf statements, I determined that setfiles crashes in the call to matchpathcon_filespec_destroy(), which is located in libselinux. (BTW: I was unable to use gdb, becaue I could not set breakpoints. Is there a trick to it that I don't know about, or should I file a bugreport for that too?)
Created an attachment (id=58369) [edit] My setfiles.c with patch + printf
Please try libselinux-1.22-r1, I believe it has the fix for your problem. As for debugging, you need to enable the gdb debugging in CFLAGS, and have portage not strip your binaries and librares.
It works now. Thank you! As for debugging, I compiled the program manually with CFLAGS="-g". When setting breakpoints I got this type of error: Warning: Cannot insert breakpoint 1. Error accessing memory address 0x702: Input/output error. Anyway, I was wondering wether this is some weird side-effect of selinux/hardened or a genuine bug.
Re comment #3 To properly debug something with USE=hardened enabled try the following # CFLAGS='-g3 -ggdb -fno-stack-protector -nopie' FEATURES='nostrip' emerge buggy $ paxctl -permsx `which buggy` ; (you may need to force selinux to this step?) $ gdb `which buggy` gdb> run gdb> backtrace full gdb> info regs etc.. good luck.
