why does `emerge baselayout` still try to install a new /etc/shadow and /etc/passwd on a system that has been installed long ago ?!?? correct me if I'm wrong but I guess nobody needs this 'feature'. Those files should be only shipped with the gentoo stages. shadow_t:file r_file_perms is a neverallow for ~auth* on my selinux ... >>> /etc/init.d/runscript.sh -> ../../sbin/runscript.sh >>> /etc/init.d/functions.sh -> ../../sbin/functions.sh >>> /etc/inittab >>> /etc/inputrc >>> /etc/issue >>> /etc/issue.logo >>> /etc/networks >>> /etc/nsswitch.conf >>> /etc/passwd >>> /etc/profile >>> /etc/protocols >>> /etc/rc.conf >>> /etc/services Traceback (most recent call last): File "/usr/bin/emerge", line 2595, in ? mydepgraph.merge(mydepgraph.altlist()) File "/usr/bin/emerge", line 1551, in merge retval=portage.doebuild(y,"merge",myroot,self.pkgsettings,edebug) File "/usr/lib/portage/pym/portage.py", line 2361, in doebuild return merge(mysettings["CATEGORY"],mysettings["PF"],mysettings["D"],mysettings["BUILDDIR"]+"/build-info",myroot,mysettings,myebuild=mysettings["EBUILD"]) File "/usr/lib/portage/pym/portage.py", line 2483, in merge return mylink.merge(pkgloc,infloc,myroot,myebuild) File "/usr/lib/portage/pym/portage.py", line 5902, in merge return self.treewalk(mergeroot,myroot,inforoot,myebuild,cleanup=cleanup) File "/usr/lib/portage/pym/portage.py", line 5532, in treewalk if self.mergeme(srcroot,destroot,outfile,secondhand,"",cfgfiledict,mymtime): File "/usr/lib/portage/pym/portage.py", line 5809, in mergeme if self.mergeme(srcroot,destroot,outfile,secondhand,offset+x+"/",cfgfiledict,thismtime): File "/usr/lib/portage/pym/portage.py", line 5813, in mergeme mymd5=perform_md5(mysrc) File "/usr/lib/portage/pym/portage.py", line 2479, in perform_md5 return perform_checksum(x, calc_prelink)[0] File "/usr/lib/portage/pym/portage.py", line 354, in perform_checksum return fchksum.fmd5t(filename) IOError: [Errno 13] Permission denied: '/var/tmp/portage/baselayout-1.8.6.13/image/etc/shadow' spawner etc # ls -al --context /var/tmp/portage/baselayout-1.8.6.13/image/etc/shadow -rw------- root root system_u:object_r:shadow_t /var/tmp/portage/baselayout-1.8.6.13/image/etc/shadow
This already allowed in the current policy. You'll have to lobby Azarah and the other base-system people about what baselayout installs.
I cannot see how it is baselayout specific (except that it contains that files), as CONFIG_PROTECT should install ._cfg* files ... How does portage test if a file exist/whatever?
This is just some misunderstanding. Portage couldnt do its config protect thing because it got denied from SELinux. Just a SELinux policy that needed to be updated.
Ok, I understood wrong. We must assume in src_install() that those files do not exist, else things might get sticky (especially for binary packages). You will however see that in pkg_postinst() we check if those files exist in the ROOT fs, and if so we 'rm /etc/._cfg????shadow', etc, so we will not even install config-protected versions of them ....
