gnupg fails to compile in enforcing mode with base-policy-20040906: ../tools/mk-tdata 9000 >data-9000 chmod 755 ./gpg_dearmor ../tools/mk-tdata 32000 >data-32000 ../tools/mk-tdata 80000 >data-80000 cat ./../doc/HACKING \ ./../doc/DETAILS \ ./../doc/FAQ >plain-large ./gpg_dearmor > ./pubring.gpg < ./pubring.asc gpg: fatal: can't disable core dumps: Permission denied secmem usage: 0/0 bytes in 0/0 blocks of pool 0/0 make[2]: *** [pubring.gpg] Error 2 make[2]: *** Waiting for unfinished jobs.... make[2]: Leaving directory `/var/tmp/portage/gnupg-1.2.4/work/gnupg-1.2.4/checks' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/var/tmp/portage/gnupg-1.2.4/work/gnupg-1.2.4' make: *** [all] Error 2 !!! ERROR: app-crypt/gnupg-1.2.4 failed. !!! Function src_compile, Line 99, Exitcode 2 !!! (no error message) I got two avc-denials during the emerge, the second one leads to the error: avc: denied { ipc_lock } for pid=12835 capability=14 scontext=root:sysadm_r:portage_t tcontext=root:sysadm_r:portage_t tclass=capability avc: denied { setrlimit } for pid=32249 exe=/var/tmp/portage/gnupg-1.2.4/work/gnupg-1.2.4/g10/gpg scontext=root:sysadm_r:portage_t tcontext=root:sysadm_r:portage_t tclass=process
Chris: g10/misc.c disable_core_dumps() creates the second avc deny that crashes the make Lorenz: pls try echo 'allow portage_t self:process { setrlimit };' >> /etc/security/selinux/src/policy/domains/program/my.te touch /etc/security/selinux/src/policy/file_contexts/program/my.fc make -C /etc/security/selinux/src/policy reload until we will sort out the problem.
fix in policy cvs. I'm gonna leave ipc_lock denied for now; it doesnt fail the build, and its rare anyway.