Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 657510 - dev-cpp/libxsd-frontend & dev-cpp/xsd on SELinux: '/bin/sh: /usr/include/build-0.3/c/gnu/dep: Permission denied' and '/bin/sh: /usr/include/build-0.3/git/gitignore: Permission denied'
Summary: dev-cpp/libxsd-frontend & dev-cpp/xsd on SELinux: '/bin/sh: /usr/include/buil...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: SELinux (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: SE Linux Bugs
URL:
Whiteboard:
Keywords: PMASKED
Depends on:
Blocks:
 
Reported: 2018-06-07 07:20 UTC by Doppler
Modified: 2021-08-24 12:39 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments
dev-cpp/xsd build log (file_657510.txt,90.47 KB, text/plain)
2018-06-07 07:24 UTC, Doppler
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Doppler 2018-06-07 07:20:36 UTC
While trying to build the package with SELinux set to enforcing, I am greeted with some permission denied errors in the build logs as well as matching ones in my audit logs:
type=AVC msg=audit(1528355573.499:738): avc:  denied  { execute } for  pid=20947 comm="sh" name="dep" dev="sda3" ino=39341288 scontext=staff_u:sysadm_r:portage_sandbox_t tcontext=system_u:object_r:usr_t tclass=file permissive=0
type=AVC msg=audit(1528355573.779:739): avc:  denied  { execute } for  pid=21031 comm="sh" name="gitignore" dev="sda3" ino=39341296 scontext=staff_u:sysadm_r:portage_sandbox_t tcontext=system_u:object_r:usr_t tclass=file permissive=0

Allowing portage_sandbox_t to execute usr_t files or setting SELinux to permissive works, though this does not seem like a proper solution to this.
Comment 1 Doppler 2018-06-07 07:23:07 UTC
(actually, dev-cpp/xsd has the exact same problem)
Comment 2 Doppler 2018-06-07 07:24:47 UTC
Created attachment 535172 [details]
dev-cpp/xsd build log
Comment 3 Jason Zaman gentoo-dev 2018-06-08 11:37:48 UTC
wat. why are there executable files in /usr/include?

does it work if you do:
chcon -R -t bin_t /usr/include/build-0.3
Comment 4 Doppler 2018-06-08 21:24:14 UTC
Beats me, ask the people behind dev-util/build
Anyways, yeah, that worked. And xsd + libxsd-frontend are the only packages I have that depend on it.
Comment 5 Larry the Git Cow gentoo-dev 2021-07-26 05:14:36 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0d6d7857f65b41057bce971d6c30923179cc2c53

commit 0d6d7857f65b41057bce971d6c30923179cc2c53
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-07-26 04:46:56 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-07-26 05:13:19 +0000

    profiles: last-rite dev-cpp/libxsd-frontend
    
    Bug: https://bugs.gentoo.org/787113
    Bug: https://bugs.gentoo.org/735714
    Bug: https://bugs.gentoo.org/657510
    Signed-off-by: Sam James <sam@gentoo.org>

 profiles/package.mask | 6 ++++++
 1 file changed, 6 insertions(+)
Comment 6 Larry the Git Cow gentoo-dev 2021-08-24 12:39:20 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f9898a7201e1941a79bd29a44baf765389f3f033

commit f9898a7201e1941a79bd29a44baf765389f3f033
Author:     Jakov Smolic <jakov.smolic@sartura.hr>
AuthorDate: 2021-08-24 12:38:38 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2021-08-24 12:38:38 +0000

    dev-cpp/libxsd-frontend: Remove last-rited package
    
    Closes: https://bugs.gentoo.org/735714
    Closes: https://bugs.gentoo.org/787113
    Closes: https://bugs.gentoo.org/657510
    Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr>
    Signed-off-by: David Seifert <soap@gentoo.org>

 dev-cpp/libxsd-frontend/Manifest                   |  1 -
 .../libxsd-frontend-2.0.0-r1.ebuild                | 87 ----------------------
 dev-cpp/libxsd-frontend/metadata.xml               |  5 --
 profiles/package.mask                              |  6 --
 4 files changed, 99 deletions(-)