Emerge fails for every package with the following error (minus the package name): >>> Emerging (1 of 1) sys-fs/lvm2-2.02.51-r1 --- Invalid atom in /usr/portage/local/layman/dev-zero/profiles/package.mask: =dev-libs/boost-log-scm Traceback (most recent call last): File "/usr/lib/portage/bin/ebuild", line 254, in <module> debug=debug, tree=mytree) File "/usr/lib/portage/pym/portage/__init__.py", line 7031, in doebuild fetchme, mysettings, listonly=listonly, fetchonly=fetchonly): File "/usr/lib/portage/pym/portage/__init__.py", line 4475, in fetch if _userpriv_test_write_file(mysettings, write_test_file): File "/usr/lib/portage/pym/portage/__init__.py", line 4110, in _userpriv_test_write_file returncode = _spawn_fetch(settings, args) File "/usr/lib/portage/pym/portage/__init__.py", line 4083, in _spawn_fetch rval = spawn_func(args, env=dict(iter(settings.items())), **kwargs) File "/usr/lib/portage/pym/portage/_selinux.py", line 89, in wrapper_func setexec(con) File "/usr/lib/portage/pym/portage/_selinux.py", line 73, in setexec raise OSError(_("setexec: Failed setting exec() context \"%s\".") % ctx) OSError: setexec: Failed setting exec() context "user_u:user_r:portage_fetch_t". * Fetch failed for 'sys-fs/lvm2-2.02.51-r1', Log file: * '/var/log/portage/sys-fs:lvm2-2.02.51-r1:20090926-090708.log' emerge --info: Portage 2.2_rc42 (selinux/2007.0/x86, gcc-4.4.1, glibc-2.10.1-r0, 2.6.31-gentoo i686) ================================================================= System uname: Linux-2.6.31-gentoo-i686-VIA_Esther_processor_1300MHz-with-gentoo-2.0.1 Timestamp of tree: Sat, 26 Sep 2009 08:15:01 +0000 app-shells/bash: 4.0_p33 dev-java/java-config: 2.1.9-r1 dev-lang/python: 2.6.2-r2, 3.1.1-r1 dev-python/pycrypto: 2.0.1-r8 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.4.3-r3 sys-apps/sandbox: 2.1 sys-devel/autoconf: 2.63-r1 sys-devel/automake: 1.10.2, 1.11 sys-devel/binutils: 2.19.1-r1 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.30-r1 ACCEPT_KEYWORDS="x86 ~x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-Os -march=i686 -mmmx -msse -msse2 -msse3 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-Os -march=i686 -mmmx -msse -msse2 -msse3 -pipe" DISTDIR="/mnt/space/gentoo/distfiles" EMERGE_DEFAULT_OPTS="--keep-going" FEATURES="assume-digests buildpkg collision-protect distlocks fixpackages loadpolicy parallel-fetch preserve-libs protect-owned sandbox selinux sesandbox sfperms strict unmerge-logs unmerge-orphans userfetch userpriv usersandbox" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" INSTALL_MASK="*.la" LDFLAGS="-Wl,-O1,--hash-style=gnu,--sort-common,--as-needed" MAKEOPTS="-j1 -s" PKGDIR="/mnt/space/gentoo/packages/chris" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage /usr/portage/local/layman/science /usr/portage/local/layman/x11 /usr/portage/local/layman/java-overlay /usr/portage/local/layman/sunrise /usr/portage/local/layman/stoile /usr/portage/local/layman/nx /usr/portage/local/layman/thousand-parsec /usr/portage/local/layman/gnome /usr/portage/local/layman/kde-testing /usr/portage/local/layman/dev-zero /usr/portage/local/layman/sping /usr/portage/local/layman/perl-experimental /usr/portage/local/layman/mpd /usr/portage/local/layman/pure-funtoo" SYNC="rsync://rsync.de.gentoo.org/gentoo-portage" USE="acl afs apache2 bash-completion berkdb bzip2 caps cli cracklib crypt cups dri fortran gd gdbm git guile hardened iconv idn ipv6 isdnlog jpeg jpeg2k ldap logrotate lua lzo mmx modules mudflap mysql ncurses nls nptl pam pch pcre perl png pppd python readline reflection ruby selinux session snmp spl sqlite3 sse sse2 sse3 ssl subversion tcl tcpd tiff unicode vhosts x86 xattr xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" Unset: CPPFLAGS, CTARGET, FFLAGS, LANG, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
What is the policy configuration?
chris ~ # cat /etc/selinux/config # This file controls the state of SELinux on the system on boot. # SELINUX can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=permissive # SELINUXTYPE can take one of these two values: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=strict chris ~ # cat /selinux/enforce 0
You should be in sysadm_r to use portage. However, since you're in permissive, it should succeed anyway, so I'll also investigate making it succeed anyway in permissive.
dev-portage: please apply the following patch to portage's SELinux code. When SELinux is not enforcing the security policy (permissive mode), errors in setexeccon() should be considered nonfatal errors.
Created attachment 213152 [details, diff] portage-warn-in-permissive.diff
*** Bug 289038 has been marked as a duplicate of this bug. ***
(In reply to comment #5) Please pass identical strings to _(). If you want to use different prefixes of messages ("setexec: " / ""!!! "), then you can use e.g.: raise OSError("setexec: " + _("Failed setting exec() context \"%s\".") % ctx) ... writemsg("!!! " + _("Failed setting exec() context \"%s\".") % ctx + "\n",
(In reply to comment #5) > Created an attachment (id=213152) [details] > portage-warn-in-permissive.diff Thanks, this is in svn r15100(In reply to comment #7) > (In reply to comment #5) > > Please pass identical strings to _(). Thanks, got it.
This is fixed in 2.1.7.15 and 2.2_rc60.
I first read http://bugs.gentoo.org/show_bug.cgi?id=289038 which is marked as duplicate of this report. I think a related issue has cropped up for me. # newrole -r sysadm_r unconfined_u:sysadm_r:sysadm_t is not a valid context # id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video) context=unconfined_u:unconfined_r:insmod_t # emerge --info http://pastebin.com/e3RFDX62 # cat /etc/selinux/config http://pastebin.com/nbfHa8Uz # uname -a Linux bitcoin 2.6.32-hardened-r9 #1 SMP Mon Sep 13 04:59:20 EDT 2010 x86_64 Intel(R) Xeon(R) CPU L5335 @ 2.00GHz GenuineIntel GNU/Linux # gcc-config -l [1] x86_64-pc-linux-gnu-4.1.2 [2] x86_64-pc-linux-gnu-4.3.4 * [3] x86_64-pc-linux-gnu-4.3.4-hardenednopie [4] x86_64-pc-linux-gnu-4.3.4-vanilla [5] x86_64-pc-linux-gnu-4.4.3 # eselect profile list http://pastebin.com/v0HiHB8r Additionally emerge is showing several errors: !!! Failed setting exec() context "unconfined_u:unconfined_r:portage_fetch_t". http://pastebin.com/aCN53Bxi