Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 548264

Summary: dev-libs/apr : should RDEPEND on selinux? sec-policy/selinux-apache
Product: Gentoo Linux Reporter: Matthias Dahl <ua_gentoo_bugzilla>
Component: SELinuxAssignee: Lars Wendler (Polynomial-C) (RETIRED) <polynomial-c>
Status: RESOLVED FIXED    
Severity: normal CC: selinux
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 527868    

Description Matthias Dahl 2015-04-30 15:38:58 UTC 
As part of a larger apache emerge, several packages failed to compile w/ permission denied errors due to /usr/share/build-1/libtool which is owned by dev-libs/apr.

Further investigation showed that the file was wrongfully labelled:

EXPECTED: system_u:object_r:bin_t
GOT     : system_u:object_r:usr_t

Checking the logs showed that the appropriate policy was defined in apache.pp which belongs to sec-policy/selinux-apache which in turn was emerged _after_ dev-libs/apr and thus the file ended up with the wrong label.

Re-emerging or re-labeling the file naturally fixed the problem.

IMHO thus dev-libs/apr should already pull in the appropriate policy file since it is affected by it.

Reproducible: Always

Steps to Reproduce:
1. make sure sec-policy/apache is not yet installed
2. emerge dev-libs/apr (either alone or by emerging apache for example)

Actual Results:  
/usr/share/build-1/libtool is labeled system_u:object_r:usr_t (causing build failure for packages making use of it)

Expected Results:  
/usr/share/build-1/libtool should be labeled system_u:object_r:bin_t
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2015-05-30 14:26:43 UTC 
+  30 May 2015; Lars Wendler <polynomial-c@gentoo.org> apr-1.5.0-r2.ebuild,
+  apr-1.5.1-r1.ebuild, apr-1.5.2.ebuild:
+  Added selinux dependency (bug #548264). Removed _elibtoolize kludge now that
+  bug #527506 is fixed.
+