I use Gentoo Hardened with musl. I have added selinux profile. # cat /etc/portage/make.profile/parent gentoo:hardened/linux/musl/amd64 gentoo:features/selinux But sys-apps/policycoreutils-2.6-r1 requires glibc. I tried to modify ebuild: - >=sys-libs/glibc-2.4 + elibc_glibc? ( >=sys-libs/glibc-2.4 ) but compile fails with error: copying sepolicy/help/transition_from_boolean_2.png -> build/lib/sepolicy/help copying sepolicy/help/transition_to.png -> build/lib/sepolicy/help copying sepolicy/help/users.png -> build/lib/sepolicy/help warning: build_py: byte-compiling is disabled, skipping. make[1]: Leaving directory '/var/tmp/portage/sys-apps/policycoreutils-2.6-r1/work/policycoreutils-2.6-python2_7/sepolicy' make[1]: Entering directory '/var/tmp/portage/sys-apps/policycoreutils-2.6-r1/work/policycoreutils-2.6-python2_7/setfiles' x86_64-gentoo-linux-musl-gcc -march=native -O2 -pipe -I/usr/include -c -o setfiles.o setfiles.c x86_64-gentoo-linux-musl-gcc -march=native -O2 -pipe -I/usr/include -c -o restore.o restore.c x86_64-gentoo-linux-musl-gcc -march=native -O2 -pipe -I/usr/include -c -o restorecon_xattr.o restorecon_xattr.c restore.c: In function 'process_glob': restore.c:78:22: error: 'GLOB_TILDE' undeclared (first use in this function) errors = glob(name, GLOB_TILDE | GLOB_PERIOD | ^ restore.c:78:22: note: each undeclared identifier is reported only once for each function it appears in restore.c:79:21: error: 'GLOB_BRACE' undeclared (first use in this function) GLOB_NOCHECK | GLOB_BRACE, NULL, &globbuf); ^ make[1]: *** [<builtin>: restore.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/var/tmp/portage/sys-apps/policycoreutils-2.6-r1/work/policycoreutils-2.6-python2_7/setfiles' make: *** [Makefile:10: all] Error 1 make: Leaving directory '/var/tmp/portage/sys-apps/policycoreutils-2.6-r1/work/policycoreutils-2.6-python2_7' * ERROR: sys-apps/policycoreutils-2.6-r1::local failed (compile phase): * emake failed * * If you need support, post the output of `emerge --info '=sys-apps/policycoreutils-2.6-r1::local'` I tried to apply https://git.alpinelinux.org/cgit/aports/tree/testing/policycoreutils pathes. Package compiles success, but semodule binary broken: it is impossible to create /etc/selinux/<TYPE>/policy/policy.30, /etc/selinux/<TYPE>/contexts/files/file_contexts and other by `semodule -B -n -s <TYPE>` Reproducible: Always Steps to Reproduce: 1. Install Gentoo Hardened Musl stage3 2. Add SELiunx feature to profile 3. emerge sys-apps/policycoreutils Actual Results: a) Blocked because of require glibc. b) Failed to compile if remove ebuild glibc dependency. c) When apply Alpine Linux patches compile success, but `semodule` binary does not work properly. Expected Results: Correct working SELINUX with musl # emerge --info '=sys-apps/policycoreutils-2.6-r1::local' Portage 2.3.3 (python 2.7.12-final-0, hardened/linux/musl/amd64, gcc-5.4.0, musl-1.1.16, 4.9.24-hardened-fitlet x86_64) ================================================================= System Settings ================================================================= System uname: Linux-4.9.24-hardened-fitlet-x86_64-AMD_A10_Micro-6700T_APU+AMD_Radeon_R6_Graphics-with-gentoo-2.3 KiB Mem: 8061384 total, 148628 free KiB Swap: 0 total, 0 free Timestamp of repository gentoo: Sun, 07 May 2017 03:00:01 +0000 sh bash 4.3_p48-r1 ld GNU ld (Gentoo 2.26.1 p1.0) 2.26.1 app-shells/bash: 4.3_p48-r1::gentoo dev-lang/perl: 5.24.1-r1::gentoo dev-lang/python: 2.7.12::gentoo, 3.4.5::gentoo dev-util/cmake: 3.7.2::gentoo dev-util/pkgconfig: 0.28-r2::gentoo sys-apps/baselayout: 2.3::gentoo sys-apps/openrc: 0.24.2::gentoo sys-apps/sandbox: 2.10-r3::musl sys-devel/autoconf: 2.69::gentoo sys-devel/automake: 1.15-r2::gentoo sys-devel/binutils: 2.26.1::gentoo sys-devel/gcc: 5.4.0-r3::musl sys-devel/gcc-config: 1.7.3::gentoo sys-devel/libtool: 2.4.6-r3::gentoo sys-devel/make: 4.2.1::gentoo sys-kernel/linux-headers: 4.4::musl (virtual/os-headers) sys-libs/musl: 1.1.16::gentoo Repositories: gentoo location: /usr/portage sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 local location: /usr/local/portage masters: gentoo priority: 0 musl location: /var/lib/layman/musl sync-type: laymansync sync-uri: git://anongit.gentoo.org/proj/musl.git masters: gentoo priority: 50 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-gentoo-linux-musl" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-gentoo-linux-musl" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/php/apache2-php7.0/ext-active/ /etc/php/cgi-php7.0/ext-active/ /etc/php/cli-php7.0/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--jobs=2 " FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox selinux sesandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://distfiles.gentoo.org" INSTALL_MASK="charset.alias" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="acl aio amd64 bzip2 caps cli conntrack cracklib crypt cxx dane dav dav_ext dri ecdsa efi filecaps fortran gccgo gost hardened iconv idn ipv6 jemalloc leaps_timezone logrotate lz4 lzo mmx modern-top modules naxsi ncat ncurses netlink nfsv41 nping nptl nse open_perms openmp pam pax_kernel pcre pcre16 pic readline sasl seccomp secure-delete selinux session smp spdy sse sse2 ssl tcmalloc tcpd threads udev unbound unconfined unicode upload_progress xattr xfs xtpax zlib" ABI_X86="64" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3" ELIBC="musl" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-0" PYTHON_SINGLE_TARGET="python3_4" PYTHON_TARGETS="python2_7 python3_4" QEMU_SOFTMMU_TARGETS="x86_64" QEMU_USER_TARGETS="x86_64" RUBY_TARGETS="ruby21 ruby22" USERLAND="GNU" VIDEO_CARDS="dummy fbdev v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, LANG, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON ================================================================= Package Settings ================================================================= sys-apps/policycoreutils-2.6-r1::local was built with the following: USE="pam -audit -dbus" PYTHON_TARGETS="python2_7 python3_4 -python3_5"
The alpine patches do not seem relevant to the bug of the semodule binary you are seeing. Can you describe the bug in more detail? (What is expected behavior? What does actually happen? Does the program emit any error message?)
(In reply to Felix Janda from comment #1) > Can you describe the bug in more detail? > What is expected behavior? I expect sucessfully install and load selinux-base-policy and other selinux policy packages. > What does actually happen? Package sys-apps/policycoreutils can not be compiled from official gentoo repo. >Does the program emit any error message? Compile error with musl profile: restore.c:78:22: error: 'GLOB_TILDE' undeclared (first use in this function) errors = glob(name, GLOB_TILDE | GLOB_PERIOD |
Hi, Do yo have any progress for the bug?
(In reply to Alexander Miroshnichenko from comment #3) > Hi, > > Do yo have any progress for the bug? 2.7 is in the tree. Can you test that version? I seem to recall some patches relating to musl a while ago.
The following mask changes are necessary to proceed: (see "package.unmask" in the portage(5) man page for more details) # required by sys-apps/policycoreutils-2.7::gentoo # required by =sys-apps/policycoreutils-2.7 (argument) # /usr/portage/profiles/hardened/linux/musl/package.mask: =sys-libs/glibc-2.23-r4 It still requires GLIBC
I have modified ebuild in local portage by removing GLIBC dependency, but compile fails with same error: * Package: sys-apps/policycoreutils-2.7 * Repository: x-portage * Maintainer: selinux@gentoo.org * USE: abi_x86_64 amd64 elibc_musl kernel_linux pam python_targets_python2_7 python_targets_python3_4 userland_GNU * FEATURES: preserve-libs sandbox selinux sesandbox userpriv usersandbox >>> Unpacking source... >>> Unpacking policycoreutils-2.7.tar.gz to /var/tmp/portage/sys-apps/policycoreutils-2.7/work >>> Unpacking policycoreutils-extra-1.36.tar.bz2 to /var/tmp/portage/sys-apps/policycoreutils-2.7/work >>> Source unpacked in /var/tmp/portage/sys-apps/policycoreutils-2.7/work >>> Preparing source in /var/tmp/portage/sys-apps/policycoreutils-2.7/work/policycoreutils-2.7 ... * Applying policycoreutils-2.7-0001-newrole-not-suid.patch ... [ ok ] * Will copy sources from /var/tmp/portage/sys-apps/policycoreutils-2.7/work/policycoreutils-2.7 * python2_7: copying to /var/tmp/portage/sys-apps/policycoreutils-2.7/work/policycoreutils-2.7-python2_7 * python3_4: copying to /var/tmp/portage/sys-apps/policycoreutils-2.7/work/policycoreutils-2.7-python3_4 * Will copy sources from /var/tmp/portage/sys-apps/policycoreutils-2.7/work/policycoreutils-extra * python2_7: copying to /var/tmp/portage/sys-apps/policycoreutils-2.7/work/policycoreutils-extra-python2_7 * python3_4: copying to /var/tmp/portage/sys-apps/policycoreutils-2.7/work/policycoreutils-extra-python3_4 >>> Source prepared. >>> Configuring source in /var/tmp/portage/sys-apps/policycoreutils-2.7/work/policycoreutils-extra ... >>> Source configured. >>> Compiling source in /var/tmp/portage/sys-apps/policycoreutils-2.7/work/policycoreutils-extra ... * python2_7: running building make -j4 -C /var/tmp/portage/sys-apps/policycoreutils-2.7/work/policycoreutils-2.7-python2_7 AUDIT_LOG_PRIVS=y AUDITH=n PAMH=y INOTIFYH=n SESANDBOX=n CC=x86_64-gentoo-linux-musl-gcc PYLIBVER=python2.7 LIBDIR=$(PREFIX)/lib make: Entering directory '/var/tmp/portage/sys-apps/policycoreutils-2.7/work/policycoreutils-2.7-python2_7' make[1]: Entering directory '/var/tmp/portage/sys-apps/policycoreutils-2.7/work/policycoreutils-2.7-python2_7/setfiles' x86_64-gentoo-linux-musl-gcc -march=native -O2 -pipe -c -o setfiles.o setfiles.c x86_64-gentoo-linux-musl-gcc -march=native -O2 -pipe -c -o restore.o restore.c x86_64-gentoo-linux-musl-gcc -march=native -O2 -pipe -c -o restorecon_xattr.o restorecon_xattr.c restore.c: In function 'process_glob': restore.c:79:22: error: 'GLOB_TILDE' undeclared (first use in this function) errors = glob(name, GLOB_TILDE | GLOB_PERIOD | ^ restore.c:79:22: note: each undeclared identifier is reported only once for each function it appears in restore.c:80:21: error: 'GLOB_BRACE' undeclared (first use in this function) GLOB_NOCHECK | GLOB_BRACE, NULL, &globbuf); ^ make[1]: *** [<builtin>: restore.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/var/tmp/portage/sys-apps/policycoreutils-2.7/work/policycoreutils-2.7-python2_7/setfiles' make: *** [Makefile:4: all] Error 1 make: Leaving directory '/var/tmp/portage/sys-apps/policycoreutils-2.7/work/policycoreutils-2.7-python2_7' * ERROR: sys-apps/policycoreutils-2.7::x-portage failed (compile phase): * emake failed * * If you need support, post the output of `emerge --info '=sys-apps/policycoreutils-2.7::x-portage'`, * the complete build log and the output of `emerge -pqv '=sys-apps/policycoreutils-2.7::x-portage'`. * The complete build log is located at '/var/tmp/portage/sys-apps/policycoreutils-2.7/temp/build.log'. * The ebuild environment file is located at '/var/tmp/portage/sys-apps/policycoreutils-2.7/temp/environment'. * Working directory: '/var/tmp/portage/sys-apps/policycoreutils-2.7/work/policycoreutils-extra' * S: '/var/tmp/portage/sys-apps/policycoreutils-2.7/work/policycoreutils-2.7'
Fixed in 2.8.