Bug 591134

Description Sven Vermeulen (RETIRED) 2016-08-12 19:00:57 UTC

During the configuration of a system towards SELinux, there might be a situation where SELinux is active but no valid policy is loaded. If that is the case, then any attempt to execute some SELinux changes (like setexeccon to the portage_fetch_t domain) will fail.

Sadly, FEATURES="-selinux" does not prevent these operations. Portage currently only checks if SELinux is enabled or not. It would be a good idea if FEATURES="-selinux" would be honored here as well.

A reported stacktrace:

Traceback (most recent call last):
  File "/usr/lib64/python2.7/site-packages/portage/util/_async/ForkProcess.py", line 45, in _spawn
    rval = self._run()
  File "/usr/lib64/python2.7/site-packages/_emerge/EbuildFetcher.py", line 172, in _run
    allow_missing_digests=allow_missing):
  File "/usr/lib64/python2.7/site-packages/portage/package/ebuild/fetch.py", line 520, in fetch
    if _userpriv_test_write_file(mysettings, write_test_file):
  File "/usr/lib64/python2.7/site-packages/portage/package/ebuild/fetch.py", line 134, in _userpriv_test_write_file
    returncode = _spawn_fetch(settings, args)
  File "/usr/lib64/python2.7/site-packages/portage/package/ebuild/fetch.py", line 87, in _spawn_fetch
    settings["PORTAGE_FETCH_T"])
  File "/usr/lib64/python2.7/site-packages/portage/_selinux.py", line 122, in __init__
    self._con = settype(selinux_type)
  File "/usr/lib64/python2.7/site-packages/portage/_selinux.py", line 76, in settype
    ret[2] = newtype
IndexError: list assignment index out of range
[31;01m * [39;49;00mFetch failed for 'sys-libs/libutempter-1.1.6-r1', Log file:
[31;01m * [39;49;00m '/var/tmp/portage/sys-libs/libutempter-1.1.6-r1/temp/build.log'


Before patching, we need to try to reproduce this situation, as well as validate if expanding the FEATURES="-selinux" to such calls is logically sound or not.