| Summary: | dev-cpp/libxsd-frontend & dev-cpp/xsd on SELinux: '/bin/sh: /usr/include/build-0.3/c/gnu/dep: Permission denied' and '/bin/sh: /usr/include/build-0.3/git/gitignore: Permission denied' | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Doppler <sevener.gentoo> |
| Component: | SELinux | Assignee: | SE Linux Bugs <selinux> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | Keywords: | PMASKED |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: | dev-cpp/xsd build log | ||
(actually, dev-cpp/xsd has the exact same problem) Created attachment 535172 [details]
dev-cpp/xsd build log
wat. why are there executable files in /usr/include? does it work if you do: chcon -R -t bin_t /usr/include/build-0.3 Beats me, ask the people behind dev-util/build Anyways, yeah, that worked. And xsd + libxsd-frontend are the only packages I have that depend on it. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0d6d7857f65b41057bce971d6c30923179cc2c53 commit 0d6d7857f65b41057bce971d6c30923179cc2c53 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-07-26 04:46:56 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-07-26 05:13:19 +0000 profiles: last-rite dev-cpp/libxsd-frontend Bug: https://bugs.gentoo.org/787113 Bug: https://bugs.gentoo.org/735714 Bug: https://bugs.gentoo.org/657510 Signed-off-by: Sam James <sam@gentoo.org> profiles/package.mask | 6 ++++++ 1 file changed, 6 insertions(+) The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f9898a7201e1941a79bd29a44baf765389f3f033 commit f9898a7201e1941a79bd29a44baf765389f3f033 Author: Jakov Smolic <jakov.smolic@sartura.hr> AuthorDate: 2021-08-24 12:38:38 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-08-24 12:38:38 +0000 dev-cpp/libxsd-frontend: Remove last-rited package Closes: https://bugs.gentoo.org/735714 Closes: https://bugs.gentoo.org/787113 Closes: https://bugs.gentoo.org/657510 Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr> Signed-off-by: David Seifert <soap@gentoo.org> dev-cpp/libxsd-frontend/Manifest | 1 - .../libxsd-frontend-2.0.0-r1.ebuild | 87 ---------------------- dev-cpp/libxsd-frontend/metadata.xml | 5 -- profiles/package.mask | 6 -- 4 files changed, 99 deletions(-) |
While trying to build the package with SELinux set to enforcing, I am greeted with some permission denied errors in the build logs as well as matching ones in my audit logs: type=AVC msg=audit(1528355573.499:738): avc: denied { execute } for pid=20947 comm="sh" name="dep" dev="sda3" ino=39341288 scontext=staff_u:sysadm_r:portage_sandbox_t tcontext=system_u:object_r:usr_t tclass=file permissive=0 type=AVC msg=audit(1528355573.779:739): avc: denied { execute } for pid=21031 comm="sh" name="gitignore" dev="sda3" ino=39341296 scontext=staff_u:sysadm_r:portage_sandbox_t tcontext=system_u:object_r:usr_t tclass=file permissive=0 Allowing portage_sandbox_t to execute usr_t files or setting SELinux to permissive works, though this does not seem like a proper solution to this.