Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 187728 - emul-linux-x86-compat install failure
Summary: emul-linux-x86-compat install failure
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Hardened (show other bugs)
Hardware: x86 Linux
: High critical (vote)
Assignee: The Gentoo Linux Hardened Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-08-04 13:52 UTC by Kazankov Alexander
Modified: 2007-08-04 14:08 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kazankov Alexander 2007-08-04 13:52:21 UTC 
At installation of a package app-emulation/emul-linux-x86-compat-1.0-r3 there is a mistake of access rights.

Reproducible: Always

Steps to Reproduce:
emerge emul-linux-x86-compat

Actual Results:  
>>> Emerging (1 of 2) app-emulation/emul-linux-x86-compat-1.0-r3

>>> Install emul-linux-x86-compat-1.0-r3 into 
/var/tmp/portage/app-emulation/emul-linux-x86-compat-1.0-r3/image/ category 
app-emulation
ACCESS DENIED  open_wr:   /proc/self/task/5612/attr/fscreate
cp: cannot set setfscreatecon `root:object_r:portage_tmp_t': Отказано в доступе
>>> Completed installing emul-linux-x86-compat-1.0-r3 into 
/var/tmp/portage/app-emulation/emul-linux-x86-compat-1.0-r3/image/

--------------------------- ACCESS VIOLATION SUMMARY ---------------------------
LOG FILE = 
"/var/log/sandbox/sandbox-app-emulation_-_emul-linux-x86-compat-1.0-r3-5594.log"

open_wr:   /proc/self/task/5612/attr/fscreate (symlink to 
/proc/5612/task/5612/attr/fscreate)
--------------------------------------------------------------------------------


emerge --info
Portage 2.1.2.2 (hardened/amd64/multilib, gcc-3.4.6, glibc-2.5-r4, 
2.6.20-hardened-r5 x86_64)
=================================================================
System uname: 2.6.20-hardened-r5 x86_64 Intel(R) Xeon(R) CPU E5345 @ 2.33GHz
Gentoo Base System release 1.12.9
Timestamp of tree: Mon, 30 Jul 2007 01:47:01 +0000
dev-lang/python:     2.4.4-r4
dev-python/pycrypto: 2.0.1-r6
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.23b
virtual/os-headers:  2.6.21
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=nocona -O2 -pipe -fforce-addr"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=nocona -O2 -pipe -fforce-addr"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks loadpolicy metadata-transfer parallel-fetch sandbox 
selinux sfperms strict"
GENTOO_MIRRORS="http://gd.tuwien.ac.at/opsys/linux/gentoo/ 
http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo"
LANG="ru_RU.UTF-8"
LINGUAS="ru en"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress 
--force --whole-file --delete --delete-after --stats --timeout=180 
--exclude=/distfiles --exclude=/local --exclude=/packages 
--filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X amd64 berkdb cracklib crypt gif glib gnome gtk hardened jpeg justify ldap 
midi ncurses nls nptl nptlonly pam pic png python readline selinux server slang 
ssl symlink tcpd tiff unicode urandom userlocales vnc xorg zlib" 
ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks 
iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share 
shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" 
LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses 
text" LINGUAS="ru en" USERLAND="GNU"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, 
PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, 
PORTDIR_OVERLAY

sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          permissive
Policy version:                 21
Policy from config file:        strict

emerge --search selinux-base-policy
 
*  sec-policy/selinux-base-policy
      Latest version available: 20070329
      Latest version installed: 20070329
Comment 1 Kazankov Alexander 2007-08-04 14:06:58 UTC 
With the added kernel parameter selinux=0, installation passes successfully with the remark:

* QA Notice: The following files contain runtime text relocations
 *  Text relocations force the dynamic linker to perform extra
 *  work at startup, waste system resources, and may pose a security
 *  risk.  On some architectures, the code may not even function
 *  properly, if at all.
 *  For more information, see http://hardened.gentoo.org/pic-fix-guide.xml
 *  Please include this file in your report:
 *  
/var/tmp/portage/app-emulation/emul-linux-x86-compat-1.0-r3/temp/scanelf-textrel.log
 * TEXTREL usr/lib32/libstdc++.so.2.7.2.8
TEXTREL usr/lib32/libg++.so.2.7.2.8


 * QA Notice: The following shared libraries lack NEEDED entries
 *  
/var/tmp/portage/app-emulation/emul-linux-x86-compat-1.0-r3/image/usr/lib32/libc.so.5

 and after application(ex: firefox) is started normally, though with selinux=0, though with selinux=1.
Comment 2 Chris PeBenito (RETIRED) gentoo-dev 2007-08-04 14:08:10 UTC 
You must use a SELinux profile on SELinux systems.  If you want hardened gcc
and SELinux than you must use the selinux/2007.0/amd64/hardened profile.