Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 117672

Summary: emerge cmd5checkpw: cannot rewrite password file
Product: Gentoo Linux Reporter: Radoslaw Dlugosz <rdlugosz>
Component: New packagesAssignee: SE Linux Bugs <selinux>
Status: RESOLVED INVALID    
Severity: normal CC: selinux
Priority: High    
Version: 2005.1   
Hardware: x86   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Radoslaw Dlugosz 2006-01-03 15:35:38 UTC 
I'm trying to install qmail on a hardened system. One of it's deps is cmd5checkpw. This is what I get trying to emerge it:
 * Adding user 'cmd5checkpw' to your system ...
 *  - Userid: 212
 *  - Shell: /bin/false
 *  - Home: /dev/null
 *  - Groups: bin
useradd: cannot rewrite password file

!!! ERROR: net-mail/cmd5checkpw-0.30 failed.
!!! Function enewuser, Line 614, Exitcode 1
!!! enewuser failed
!!! If you need support, post the topmost build error, NOT this status message.

My emerge info:
Portage 2.0.53 (selinux/2005.1/x86/hardened, gcc-3.4.4, glibc-2.3.5-r2, 2.6.14-hardened-r1 i686)
=================================================================
System uname: 2.6.14-hardened-r1 i686 Intel(R) Pentium(R) 4 CPU 2.80GHz
Gentoo Base System version 1.6.13
ccache version 2.3 [enabled]
dev-lang/python:     2.3.5, 2.4.2
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.20
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache distlocks loadpolicy sandbox selinux sfperms strict"
GENTOO_MIRRORS="ftp://gentoo.po.opole.pl ftp://ftp.tu-clausthal.de/pub/linux/gentoo/ ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://gd.tuwien.ac.at/opsys/linux/gentoo/ ftp://ftp.sh.cvut.cz/MIRRORS/gentoo/gentoo"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="acpi apache2 apm bash-completion berkdb bzip2 crypt dlloader expat hardened hardenedphp jpeg libwww maildir memlimit mhash mmx mysql ncurses nls nptl pam pcre perl php pic png postgres python readline selinux sse ssl threads udev usb x86 zlib userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY
Comment 1 petre rodan (RETIRED) gentoo-dev 2006-01-04 03:53:48 UTC 
make sure your filesystem is labeled correctly and try again.

make -C /etc/security/selinux/src/policy clean reload relabel
dmesg -c
emerge cmd5checkpw

if it still fails, attach the avc messages from dmesg
Comment 2 Radoslaw Dlugosz 2006-01-04 07:35:05 UTC 
(In reply to comment #1)
> make sure your filesystem is labeled correctly and try again.
> 
> make -C /etc/security/selinux/src/policy clean reload relabel
> dmesg -c
> emerge cmd5checkpw
> 
> if it still fails, attach the avc messages from dmesg
> 
I've spent some time digging and found that we have a policy problem on that machine. I haven't solved it yet, but after a reboot the package installed without complaining.