Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 492570

Summary: dev86 fails to build with selinux in enforcing mode
Product: Gentoo Linux Reporter: schmitt953
Component: SELinuxAssignee: SE Linux Bugs <selinux>
Status: RESOLVED NEEDINFO    
Severity: normal CC: darwinskernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: build info

Description schmitt953 2013-11-26 04:58:59 UTC 
dev86-0.16.19 failed to build when SELinux was in enforcing mode. No problems in permissive.

Reproducible: Always

Steps to Reproduce:
1. Have selinux in enforcing mode
2. emerge -1 dev86-0.16.19


Expected Results:  
It should build

make[3]: Entering directory `/var/tmp/portage/sys-devel/dev86-0.16.19/work/dev86-0.16.19/libc'
ncc -c -Mn -O -D__LIBC__ -D__LIBC_VER__='"0.16.19"' -o crt0.o crt0.c
crt0.c:1: CPP-FATAL error: Cannot open output file
Comment 1 schmitt953 2013-11-26 05:06:23 UTC 
Created attachment 363990 [details]
build info

build logs and such too tired to pick and choose files
Comment 2 schmitt953 2013-11-26 05:10:36 UTC 
Nov 25 23:14:55 C6100-Template kernel: [34708.199172] type=1400 audit(1385442895.806:818): avc:  denied  { write } for  pid=14467 comm="bcc-cpp" path="/tmp/$$000014466" dev="sda2" ino=448494 ipaddr=192.168.5.139 scontext=root:sysadm_r:portage_sandbox_t:s0-s0:c0.c1023 tcontext=root:object_r:file_t:s0 tclass=file
Nov 25 23:14:55 C6100-Template kernel: [34708.206134] type=1400 audit(1385442895.812:819): avc:  denied  { remove_name } for  pid=14466 comm="ncc" name="$$000014466" dev="sda2" ino=448494 ipaddr=192.168.5.139 scontext=root:sysadm_r:portage_sandbox_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=dir
Nov 25 23:14:55 C6100-Template kernel: [34708.206177] type=1400 audit(1385442895.812:820): avc:  denied  { unlink } for  pid=14466 comm="ncc" name="$$000014466" dev="sda2" ino=448494 ipaddr=192.168.5.139 scontext=root:sysadm_r:portage_sandbox_t:s0-s0:c0.c1023 tcontext=root:object_r:file_t:s0 tclass=file
Comment 3 schmitt953 2013-11-26 05:12:14 UTC 
vgabios has same error I think it's perhaps a portage problem
Comment 4 Sven Vermeulen (RETIRED) gentoo-dev 2013-12-16 14:03:23 UTC 
Nov 25 23:14:55 C6100-Template kernel: [34708.199172] type=1400 audit(1385442895.806:818): avc:  denied  { write } for  pid=14467 comm="bcc-cpp" path="/tmp/$$000014466" dev="sda2" ino=448494 ipaddr=192.168.5.139 scontext=root:sysadm_r:portage_sandbox_t:s0-s0:c0.c1023 tcontext=root:object_r:file_t:s0 tclass=file

Note the tcontext being a file_t. This means that the target file is not labeled, something that shouldn't occur.

- Is /tmp correctly labeled?
- Which process is creating the file (the context of the process and the context of /tmp should define what the context is of the file).