Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 64401 - basepolicy: gnupg fails to compile
Summary: basepolicy: gnupg fails to compile
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Hardened (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Chris PeBenito (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-09-17 07:17 UTC by Sören Lorenz
Modified: 2004-09-22 19:24 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sören Lorenz 2004-09-17 07:17:26 UTC 
gnupg fails to compile in enforcing mode with base-policy-20040906:

../tools/mk-tdata  9000  >data-9000
chmod 755 ./gpg_dearmor
../tools/mk-tdata 32000  >data-32000
../tools/mk-tdata 80000  >data-80000
cat ./../doc/HACKING \
    ./../doc/DETAILS \
    ./../doc/FAQ         >plain-large
./gpg_dearmor > ./pubring.gpg < ./pubring.asc
gpg: fatal: can't disable core dumps: Permission denied
secmem usage: 0/0 bytes in 0/0 blocks of pool 0/0
make[2]: *** [pubring.gpg] Error 2
make[2]: *** Waiting for unfinished jobs....
make[2]: Leaving directory `/var/tmp/portage/gnupg-1.2.4/work/gnupg-1.2.4/checks'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/var/tmp/portage/gnupg-1.2.4/work/gnupg-1.2.4'
make: *** [all] Error 2

!!! ERROR: app-crypt/gnupg-1.2.4 failed.
!!! Function src_compile, Line 99, Exitcode 2
!!! (no error message)

I got two avc-denials during the emerge, the second one leads to the error:

avc:  denied  { ipc_lock } for  pid=12835 capability=14 scontext=root:sysadm_r:portage_t tcontext=root:sysadm_r:portage_t tclass=capability

avc:  denied  { setrlimit } for  pid=32249 exe=/var/tmp/portage/gnupg-1.2.4/work/gnupg-1.2.4/g10/gpg scontext=root:sysadm_r:portage_t tcontext=root:sysadm_r:portage_t tclass=process
Comment 1 petre rodan (RETIRED) gentoo-dev 2004-09-17 08:06:05 UTC 
Chris:
g10/misc.c disable_core_dumps() creates the second avc deny that crashes the make

Lorenz: pls try
echo 'allow portage_t self:process { setrlimit };' >> /etc/security/selinux/src/policy/domains/program/my.te
touch /etc/security/selinux/src/policy/file_contexts/program/my.fc
make -C /etc/security/selinux/src/policy reload

until we will sort out the problem.
Comment 2 Chris PeBenito (RETIRED) gentoo-dev 2004-09-22 19:24:10 UTC 
fix in policy cvs.  I'm gonna leave ipc_lock denied for now; it doesnt fail the build, and its rare anyway.