Bug 127374

Summary:	Current buildpkg logic isn't selinux aware.
Product:	Portage Development	Reporter:	Stephen Bennett (RETIRED) <spb>
Component:	Core	Assignee:	Portage team <dev-portage>
Status:	RESOLVED FIXED
Severity:	normal	Keywords:	InVCS, REGRESSION
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	115839
Attachments:	patch to create tbz2 directly in ${PKGDIR}/All patch to create tbz2 directly in ${PKGDIR}/All

Description Stephen Bennett (RETIRED) gentoo-dev

2006-03-23 19:51:54 UTC

Currently (portage-2.1_pre6-r5), portage's buildpkg logic creates a binary package in /var/tmp/portage, and then uses `mv` to move it to the package dir. On SELinux systems, this will cause one of two problems: either the resulting package will be labeled incorrectly as a portage temporary file, or sandbox violations will occur as mv tries to write to /proc/self/attr/fscreate in order to create the destination file with the original context.

Possible solutions were discussed in #gentoo-portage, including using the existing Python code for moving files in SELinux. The desired result, though, is that the package after moving to $PKGDIR has the same label as $PKGDIR itself.

Comment 1 Zac Medico gentoo-dev

2006-03-24 00:38:49 UTC

Created attachment 82986 [details, diff]
patch to create tbz2 directly in ${PKGDIR}/All

Please test this patch which creates the tbz2 package directly in ${PKGDIR}/All so that it will hopefully get the proper label automatically.  As an added benefit, it avoids the intermediate temporary file, for better efficiency.  This is in svn r2986.

Comment 2 Zac Medico gentoo-dev

2006-03-24 00:48:40 UTC

Created attachment 82987 [details, diff]
patch to create tbz2 directly in ${PKGDIR}/All

This patch applies cleanly against 2.1_pre6-r6.

Comment 3 Zac Medico gentoo-dev

2006-03-24 20:12:15 UTC

Released in 2.1_pre6-r7.  Thanks for reporting.