Bug 796182

Summary:	dev-libs/apr-1.7.0-r2: fails to compile with SELinux (locks/unix/proc_mutex.c:1494:28: error: ‘mutex_proc_pthread_methods’ undeclared (first use in this function))
Product:	Gentoo Linux	Reporter:	yesi <yesi>
Component:	Current packages	Assignee:	Lars Wendler (Polynomial-C) (RETIRED) <polynomial-c>
Status:	RESOLVED DUPLICATE
Severity:	major	CC:	sam
Priority:	Normal
Version:	unspecified
Hardware:	AMD64
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Bug Depends on:	738546
Bug Blocks:
Attachments:	build.log

Description yesi 2021-06-15 09:49:13 UTC

Created attachment 716232 [details]
build.log

Hi,

I checked with this bug : https://bugs.gentoo.org/738546
But i did notice nothing to SELinux.
I emerged the package and i auditd the errors from permission but there are no errors.

Steps to Reproduce:
1.update portage tree
2.ensure selinux is in enforcing mode
3.run emerge -uavDN @world
Actual Results:  

locks/unix/proc_mutex.c: In function ‘proc_mutex_choose_method’:
locks/unix/proc_mutex.c:1494:28: error: ‘mutex_proc_pthread_methods’ undeclared (first use in this function); did you mean ‘mutex_posixsem_methods’?
 1494 |         new_mutex->meth = &mutex_proc_pthread_methods;
      |                            ^~~~~~~~~~~~~~~~~~~~~~~~~~
      |                            mutex_posixsem_methods
locks/unix/proc_mutex.c:1494:28: note: each undeclared identifier is reported only once for each function it appears in
locks/unix/proc_mutex.c:1496:27: error: ‘apr_os_proc_mutex_t’ has no member named ‘pthread_interproc’; did you mean ‘psem_interproc’?
 1496 |             if (ospmutex->pthread_interproc == NULL) {
      |                           ^~~~~~~~~~~~~~~~~
      |                           psem_interproc
locks/unix/proc_mutex.c:1499:27: error: ‘apr_os_proc_mutex_t’ has no member named ‘pthread_interproc’; did you mean ‘psem_interproc’?
 1499 |             new_mutex->os.pthread_interproc = ospmutex->pthread_interproc;
      |                           ^~~~~~~~~~~~~~~~~
      |                           psem_interproc
locks/unix/proc_mutex.c:1499:57: error: ‘apr_os_proc_mutex_t’ has no member named ‘pthread_interproc’; did you mean ‘psem_interproc’?
 1499 |             new_mutex->os.pthread_interproc = ospmutex->pthread_interproc;
      |                                                         ^~~~~~~~~~~~~~~~~
      |                                                         psem_interproc


I did not disabled SELinux to compile it.

Portage 3.0.20 (python 3.9.5-final-0, default/linux/amd64/17.1/hardened/selinux, gcc-10.3.0, glibc-2.33, 5.12.9-gentoo x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-5.12.9-gentoo-x86_64-Intel-R-_Core-TM-_i7-5557U_CPU_@_3.10GHz-with-glibc2.33
KiB Mem:    16264180 total,   8329008 free
KiB Swap:    8388604 total,   8387632 free
Timestamp of repository gentoo: Tue, 15 Jun 2021 00:45:01 +0000
Head commit of repository gentoo: ea2db8e25985acf209c827b93e70015c3294b2dd
sh bash 5.1_p8
ld GNU ld (Gentoo 2.35.2 p1) 2.35.2
ccache version 4.3 [enabled]
app-shells/bash:          5.1_p8::gentoo
dev-java/java-config:     2.3.1::gentoo
dev-lang/perl:            5.32.1::gentoo
dev-lang/python:          2.7.18_p10::gentoo, 3.6.13_p5::gentoo, 3.8.10_p2::gentoo, 3.9.5_p2::gentoo
dev-lang/rust:            1.51.0-r2::gentoo
dev-util/ccache:          4.3::gentoo
dev-util/cmake:           3.18.5::gentoo
dev-util/pkgconfig:       0.29.2::gentoo
sys-apps/baselayout:      2.7::gentoo
sys-apps/openrc:          0.42.1-r1::gentoo
sys-apps/sandbox:         2.24::gentoo
sys-devel/autoconf:       2.13-r1::gentoo, 2.69-r5::gentoo
sys-devel/automake:       1.16.3-r1::gentoo
sys-devel/binutils:       2.35.2::gentoo
sys-devel/gcc:            10.3.0::gentoo
sys-devel/gcc-config:     2.4::gentoo
sys-devel/libtool:        2.4.6-r6::gentoo
sys-devel/make:           4.3::gentoo
sys-kernel/linux-headers: 5.10::gentoo (virtual/os-headers)
sys-libs/glibc:           2.33::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://rsync.gentoo.org/gentoo-portage
    priority: -1000
    sync-rsync-extra-opts:
    sync-rsync-verify-jobs: 1
    sync-rsync-verify-metamanifest: yes
    sync-rsync-verify-max-age: 24

local
    location: /usr/local/portage
    masters: gentoo
    priority: 10
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="@FREE"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=haswell -O2 -fforce-addr -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=haswell -O2 -fforce-addr -pipe"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--jobs=4 --load-average=4.0 --keep-going=y --with-bdeps=y --complete-graph"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance buildpkg ccache config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch parallel-install preserve-libs protect-owned qa-unresolved-soname-deps sandbox selinux sesandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://URL/gentoo/"
LANG="fr_FR.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j5"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="X acl amd64 branding bzip2 chroot crypt cryptsetup elogind ffmpeg gnutls hardened iconv icu ipv6 jpeg libglvnd libtirpc logrotate lzma mmx modplug multilib ncurses nls nptl opengl openmp pam pax_kernel pcre perl pic pie png python readline seccomp secure_delete selinux snmp split-usr sse sse2 ssl ssp symlink tcpd unicode wavpack webrsync-gpg xattr xml xtpax zlib" ABI_X86="64" ADA_TARGET="gnat_2018" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="load memory syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64" INPUT_DEVICES="libinput" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-3 php7-4" POSTGRES_TARGETS="postgres10 postgres11" PYTHON_SINGLE_TARGET="python3_9" PYTHON_TARGETS="python3_9" QEMU_SOFTMMU_TARGETS="arm x86_64 sparc" QEMU_USER_TARGETS="x86_64" RUBY_TARGETS="ruby26" USERLAND="GNU" VIDEO_CARDS="intel i915 fbdev vesa" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RUSTFLAGS

=================================================================
                        Package Settings
=================================================================

dev-libs/apr-1.7.0-r1::gentoo was built with the following:
USE="(selinux) urandom -doc -older-kernels-compatibility -static-libs" ABI_X86="(64)"
CFLAGS="-march=native -O2 -fforce-addr -pipe"
CXXFLAGS="-march=native -O2 -fforce-addr -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg ccache config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch parallel-install preserve-libs protect-owned qa-unresolved-soname-deps sandbox selinux sesandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"

Comment 1 Sam James archtester

2021-08-04 01:24:04 UTC

This is rather interesting: a user hit this in the past on the forums [0] but it.. stopped once they disabled enforcing.

This does actually seem to be a duplicate of the other, but I'll keep this one open for now I guess to allow easier searching?

[0] https://forums.gentoo.org/viewtopic-p-8493510.html?sid=d44c812aa0fd848c7500bedfbacb6d1e#8493510

Comment 2 yesi 2021-08-10 10:29:28 UTC

(In reply to Sam James from comment #1)
> This is rather interesting: a user hit this in the past on the forums [0]
> but it.. stopped once they disabled enforcing.
> 
> This does actually seem to be a duplicate of the other, but I'll keep this
> one open for now I guess to allow easier searching?
> 
> [0]
> https://forums.gentoo.org/viewtopic-p-8493510.
> html?sid=d44c812aa0fd848c7500bedfbacb6d1e#8493510

I read that forum post before declaring this bug.
And i do not want to disable the enforcing SELinux to compile.

Comment 3 yesi 2021-08-10 11:51:03 UTC

I followed this bug : https://bugs.gentoo.org/738546

The following selinux policy allows dev-libs/apr-1.7.0-r1 to build:

module conftest-local 1.0;

require {
	type zero_device_t;
	type unreserved_port_t;
	type node_t;
	type portage_sandbox_t;
	class chr_file map;
	class tcp_socket { name_connect node_bind };
}

#============= portage_sandbox_t ==============

#!!!! This avc can be allowed using the boolean 'portage_enable_test'
allow portage_sandbox_t node_t:tcp_socket node_bind;

#!!!! This avc can be allowed using the boolean 'portage_enable_test'
allow portage_sandbox_t unreserved_port_t:tcp_socket name_connect;
allow portage_sandbox_t zero_device_t:chr_file map;

Comment 4 yesi 2021-08-10 11:54:16 UTC

I disabled the policies after compiling.

Comment 5 yesi 2021-08-12 14:47:28 UTC

I tested with this policy : it does works

allow portage_sandbox_t zero_device_t:chr_file map;

Comment 6 yesi 2021-08-12 14:54:03 UTC

I close this thread since there is already another one at https://bugs.gentoo.org/738546

*** This bug has been marked as a duplicate of bug 738546 ***