At installation of a package app-emulation/emul-linux-x86-compat-1.0-r3 there is a mistake of access rights. Reproducible: Always Steps to Reproduce: emerge emul-linux-x86-compat Actual Results: >>> Emerging (1 of 2) app-emulation/emul-linux-x86-compat-1.0-r3 >>> Install emul-linux-x86-compat-1.0-r3 into /var/tmp/portage/app-emulation/emul-linux-x86-compat-1.0-r3/image/ category app-emulation ACCESS DENIED open_wr: /proc/self/task/5612/attr/fscreate cp: cannot set setfscreatecon `root:object_r:portage_tmp_t': Отказано в доступе >>> Completed installing emul-linux-x86-compat-1.0-r3 into /var/tmp/portage/app-emulation/emul-linux-x86-compat-1.0-r3/image/ --------------------------- ACCESS VIOLATION SUMMARY --------------------------- LOG FILE = "/var/log/sandbox/sandbox-app-emulation_-_emul-linux-x86-compat-1.0-r3-5594.log" open_wr: /proc/self/task/5612/attr/fscreate (symlink to /proc/5612/task/5612/attr/fscreate) -------------------------------------------------------------------------------- emerge --info Portage 2.1.2.2 (hardened/amd64/multilib, gcc-3.4.6, glibc-2.5-r4, 2.6.20-hardened-r5 x86_64) ================================================================= System uname: 2.6.20-hardened-r5 x86_64 Intel(R) Xeon(R) CPU E5345 @ 2.33GHz Gentoo Base System release 1.12.9 Timestamp of tree: Mon, 30 Jul 2007 01:47:01 +0000 dev-lang/python: 2.4.4-r4 dev-python/pycrypto: 2.0.1-r6 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.17 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.23b virtual/os-headers: 2.6.21 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=nocona -O2 -pipe -fforce-addr" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-march=nocona -O2 -pipe -fforce-addr" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks loadpolicy metadata-transfer parallel-fetch sandbox selinux sfperms strict" GENTOO_MIRRORS="http://gd.tuwien.ac.at/opsys/linux/gentoo/ http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo" LANG="ru_RU.UTF-8" LINGUAS="ru en" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X amd64 berkdb cracklib crypt gif glib gnome gtk hardened jpeg justify ldap midi ncurses nls nptl nptlonly pam pic png python readline selinux server slang ssl symlink tcpd tiff unicode urandom userlocales vnc xorg zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="ru en" USERLAND="GNU" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: permissive Policy version: 21 Policy from config file: strict emerge --search selinux-base-policy * sec-policy/selinux-base-policy Latest version available: 20070329 Latest version installed: 20070329
With the added kernel parameter selinux=0, installation passes successfully with the remark: * QA Notice: The following files contain runtime text relocations * Text relocations force the dynamic linker to perform extra * work at startup, waste system resources, and may pose a security * risk. On some architectures, the code may not even function * properly, if at all. * For more information, see http://hardened.gentoo.org/pic-fix-guide.xml * Please include this file in your report: * /var/tmp/portage/app-emulation/emul-linux-x86-compat-1.0-r3/temp/scanelf-textrel.log * TEXTREL usr/lib32/libstdc++.so.2.7.2.8 TEXTREL usr/lib32/libg++.so.2.7.2.8 * QA Notice: The following shared libraries lack NEEDED entries * /var/tmp/portage/app-emulation/emul-linux-x86-compat-1.0-r3/image/usr/lib32/libc.so.5 and after application(ex: firefox) is started normally, though with selinux=0, though with selinux=1.
You must use a SELinux profile on SELinux systems. If you want hardened gcc and SELinux than you must use the selinux/2007.0/amd64/hardened profile.