117672 – emerge cmd5checkpw: cannot rewrite password file

Bug 117672 - emerge cmd5checkpw: cannot rewrite password file

Summary: emerge cmd5checkpw: cannot rewrite password file

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	x86 Linux

Importance:	High normal (vote)
Assignee:	SE Linux Bugs

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-01-03 15:35 UTC by Radoslaw Dlugosz
Modified:	2006-01-04 07:35 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Radoslaw Dlugosz 2006-01-03 15:35:38 UTC

I'm trying to install qmail on a hardened system. One of it's deps is cmd5checkpw. This is what I get trying to emerge it:
 * Adding user 'cmd5checkpw' to your system ...
 *  - Userid: 212
 *  - Shell: /bin/false
 *  - Home: /dev/null
 *  - Groups: bin
useradd: cannot rewrite password file

!!! ERROR: net-mail/cmd5checkpw-0.30 failed.
!!! Function enewuser, Line 614, Exitcode 1
!!! enewuser failed
!!! If you need support, post the topmost build error, NOT this status message.

My emerge info:
Portage 2.0.53 (selinux/2005.1/x86/hardened, gcc-3.4.4, glibc-2.3.5-r2, 2.6.14-hardened-r1 i686)
=================================================================
System uname: 2.6.14-hardened-r1 i686 Intel(R) Pentium(R) 4 CPU 2.80GHz
Gentoo Base System version 1.6.13
ccache version 2.3 [enabled]
dev-lang/python:     2.3.5, 2.4.2
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.20
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache distlocks loadpolicy sandbox selinux sfperms strict"
GENTOO_MIRRORS="ftp://gentoo.po.opole.pl ftp://ftp.tu-clausthal.de/pub/linux/gentoo/ ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://gd.tuwien.ac.at/opsys/linux/gentoo/ ftp://ftp.sh.cvut.cz/MIRRORS/gentoo/gentoo"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="acpi apache2 apm bash-completion berkdb bzip2 crypt dlloader expat hardened hardenedphp jpeg libwww maildir memlimit mhash mmx mysql ncurses nls nptl pam pcre perl php pic png postgres python readline selinux sse ssl threads udev usb x86 zlib userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY

Comment 1 petre rodan (RETIRED) gentoo-dev

2006-01-04 03:53:48 UTC

make sure your filesystem is labeled correctly and try again.

make -C /etc/security/selinux/src/policy clean reload relabel
dmesg -c
emerge cmd5checkpw

if it still fails, attach the avc messages from dmesg

Comment 2 Radoslaw Dlugosz 2006-01-04 07:35:05 UTC

(In reply to comment #1)
> make sure your filesystem is labeled correctly and try again.
> 
> make -C /etc/security/selinux/src/policy clean reload relabel
> dmesg -c
> emerge cmd5checkpw
> 
> if it still fails, attach the avc messages from dmesg
> 
I've spent some time digging and found that we have a policy problem on that machine. I haven't solved it yet, but after a reboot the package installed without complaining.