While trying to emerge the heartbeat-2.0.7-r2 ebuild it stops with a access violation summary. The logfile holds just one line: open_wr: /selinux/access disabling the gentoo sandbox doesn't help. Reproducible: Always Steps to Reproduce: 1. Kernel 2.6.18-hardened #1 SMP with libselinux-1.30 2. emerge -v heartbeat 3. all deps install without probs 4. when ebuild for heartbeat-2.0.7-r2 starts source compiles fine 5. after source compile it results in an access violation error. Actual Results: #> emerge -v heartbeat (...) gmake[1]: Nothing to be done for `all-am'. gmake[1]: Leaving directory `/var/tmp/portage/sys-cluster/heartbeat-2.0.7-r2/work/heartbeat-2.0.7' >>> Source compiled. --------------------------- ACCESS VIOLATION SUMMARY --------------------------- LOG FILE = "/var/log/sandbox/sandbox-sys-cluster_-_heartbeat-2.0.7-r2-32484.log" open_wr: /selinux/access -------------------------------------------------------------------------------- Expected Results: Succesfull installation of the ebuild. #> emerge info *** Deprecated use of action 'info', use '--info' instead Portage 2.1.2.2 (selinux/2005.1/x86/hardened, gcc-3.4.6-hardenednopie, glibc-2.3.6-r5, 2.6.18-hardened i686) ================================================================= System uname: 2.6.18-hardened i686 Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz Gentoo Base System release 1.12.9 Timestamp of tree: Fri, 01 Jun 2007 09:30:08 +0000 dev-lang/python: 2.4.4-r4 dev-python/pycrypto: 2.0.1-r5 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.14 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer -fvisibility-inlines-hidden" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks loadpolicy metadata-transfer sandbox selinux sesandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="apache2 avi crypt cups curl curlwrappers encode fam gd-external gdbm gif hardened hardenedphp imap ipv6 jpeg ldap libg++ midi mmx mmxext ncurses nls nptl nptlonly openssh openssl pam pcre pdflib perl pic png ppds python quotas readline reflection reiser4 reiserfs selinux session sftp soap spell spl sse sse-filters sse2 ssl suhosin tcpd threads truetype udev unicode win32codecs x86 xml xmlrpc zip zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Created attachment 120869 [details] profile.bashrc I'd like to test out a general fix for SELinux users, now that more applications are becoming SELinux aware. Can you try putting this profile.bashrc in /usr/portage/profiles/selinux directory and retry?
This does work like a charm. Does this add any security risks tho?
no, sandbox is a development tool, SELinux will still do the enforcement
