Hi. Firstly, please attach the output of "emerge --info" to this bug. Secondly, assuming that /usr/src/linux is a symlink to a freshly emerged hardened-sources tree, could you please run the following command and convey the contents? If the file turns out to be very large then it would probably be better if you bzip it and attach it to the bug as an octet-stream.

# find /usr/src/linux -follow -printf '%m  %p\n' | grep -Ev '^(644|755)' > /tmp/linux-tree-perms.out

Gentoo Base System version 1.6.14
Portage 2.0.54 (selinux/2005.1/x86/hardened, gcc-3.4.5, glibc-2.3.5-r2, 2.6.15-gentoo-r1 i686)
=================================================================
System uname: 2.6.15-gentoo-r1 i686 Intel(R) Pentium(R) 4 CPU 3.06GHz
dev-lang/python:     2.3.5, 2.4.2
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-Os -fomit-frame-pointer -march=i486 -mtune=pentium -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d"
CXXFLAGS="-Os -fomit-frame-pointer -march=i486 -mtune=pentium -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks sandbox selinux sfperms strict"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="berkdb bzip2 cdr crypt dlloader expat gd gdbm gmp hardened ncurses nls pam pcre perl pic png python readline selinux ssl truetype udev usb x86 zlib userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS, PORTDIR_OVERLAY

The find command produced a 0 length file.

the emerge --info output will be a little skewed because it's from a chroot environment.

Comment 5 solar (RETIRED) 2006-03-10 17:07:36 UTC

I bet this is an selinu/policy thing disallowing a part of portage from reading 
permissions correctly which is leading to a false error msg.

Switching security@ to CC: and assigning to selinux@ cuz I can't reproduce this 
bug in anyway. If I am in error please reassign.

It's interesting because at the start of 'emerge hardened-sources' I get this....

>>> Source unpacked.
>>> Test phase [not enabled]: sys-kernel/hardened-sources-2.6.14-r5
 >>> Install hardened-sources-2.6.14-r5 into /var/tmp/portage/hardened-sources-2.6.14-r5/image/ category sys-kernel
>>> Copying sources ... 
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory 
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
man: 
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory 
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
prepallstrip: 
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
find: cannot get current directory: No such file or directory

and then all the security messages start bleeting out.

Comment 7 petre rodan (RETIRED) 2006-05-24 05:45:51 UTC

so, to sum up, the bug summary is:
'hardened-sources-2.6.14-r5 produces world writable files'

(comment #1)
# find /usr/src/linux -follow -printf '%m  %p\n' | grep -Ev '^(644|755)' > /tmp/linux-tree-perms.out
(comment #3)
The find command produced a 0 length file.

so this bug has no valid basis to begin with.

(comment #6)
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory 

are you enforcing there? if yes, what are the exact avc denies you get?

Closing this as hardened-sources-2.6.16-r11 works fine.