| Summary: | Portage breakage in selinux | ||
|---|---|---|---|
| Product: | Portage Development | Reporter: | Chris PeBenito (RETIRED) <pebenito> |
| Component: | Unclassified | Assignee: | Nicholas Jones (RETIRED) <carpaski> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | azarah, kronenpj, method |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
By the way, the same thing happens with ebuild. Same fix works too. This one is fixed by the selinux code in 2.0.49. |
Ok, I'm getting breakage, only in selinux, that looks like this: alpha policy-dev # emerge -Uu world Calculating world dependencies ...done! >>> emerge (1 of 1) app-admin/gentoolkit-0.1.23 to / Traceback (most recent call last): File "/usr/bin/emerge", line 1934, in ? mydepgraph.merge(mydepgraph.altlist()) File "/usr/bin/emerge", line 1189, in merge retval=portage.doebuild(y,"clean",myroot,edebug) File "/usr/lib/python2.2/site-packages/portage.py", line 1490, in doebuild myso=getstatusoutput("uname -r") File "/usr/lib/python2.2/commands.py", line 55, in getstatusoutput sts = pipe.close() IOError: [Errno 10] No child processes This is in permissive mode, so the selinux security policy is not enforced, therefore it isn't a policy problem. I created a test script to show the failure: #!/usr/bin/env python2.2 import commands commands.getstatusoutput("uname -r") I did some stracing, and diffed the outputs. The only interesting difference that I found was this: (- is the failing one) @@ -134,7 +134,7 @@ rt_sigaction(SIGALRM, NULL, {SIG_DFL}, 8) = 0 rt_sigaction(SIGTERM, NULL, {SIG_DFL}, 8) = 0 rt_sigaction(SIGSTKFLT, NULL, {SIG_DFL}, 8) = 0 -rt_sigaction(SIGCHLD, NULL, {SIG_IGN}, 8) = 0 +rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0 rt_sigaction(SIGCONT, NULL, {SIG_DFL}, 8) = 0 rt_sigaction(SIGSTOP, NULL, {SIG_DFL}, 8) = 0 rt_sigaction(SIGTSTP, NULL, {SIG_DFL}, 8) = 0 It fails because the SIGCHLD signal is ignored. To verify that this is the case, I changed my test program to this: #!/usr/bin/env python2.2 import commands,signal signal.signal(signal.SIGCHLD,signal.SIG_DFL) commands.getstatusoutput("uname -r") and it ran successfully. I put the signal code into /usr/lib/portage/bin/emerge at the top, and then I was able to run emerge successfully. So the question is, why is portage deciding to ignore SIGCHLD? The thing that is odd, is that I get the breakage running in the sysadm_t and portage_t domains, but not in user_t domain. That makes it sound like it could be a selinux problem, but, again, its running in permissive mode. There aren't any denials either (shows what would have been denied if it was enforcing).