Bug 804222

Created attachment 726972 [details]
Extract of /var/log/audit.log from the merge phase (uncompressed size 1.7M)

During copying files to /, the relabelto permission is denied to the portage_t domain. The full log will be attached but here's a summary generated by audit2allow:

#============= gcc_config_t ==============
allow gcc_config_t self:capability dac_read_search;

#============= kmod_t ==============
allow kmod_t portage_tmp_t:dir search;

#============= portage_t ==============
allow portage_t dmesg_exec_t:file relabelto;
allow portage_t etc_runtime_t:file relabelto;
allow portage_t etc_t:file relabelto;
allow portage_t fsadm_exec_t:file relabelto;
allow portage_t gcc_config_t:process { noatsecure rlimitinh siginh };
allow portage_t kmod_exec_t:file relabelto;
allow portage_t kmod_t:process { noatsecure rlimitinh siginh };
allow portage_t ld_so_t:file relabelto;
allow portage_t ldconfig_t:process { noatsecure rlimitinh siginh };
allow portage_t modules_dep_t:file relabelto;
allow portage_t modules_object_t:file relabelto;
allow portage_t mount_exec_t:file relabelto;
allow portage_t portage_tmp_t:chr_file create;
allow portage_t self:netlink_route_socket nlmsg_write;
allow portage_t setfiles_t:process { noatsecure rlimitinh siginh };
allow portage_t shell_exec_t:file relabelto;
allow portage_t udev_exec_t:file relabelto;
allow portage_t udev_rules_t:file relabelto;
allow portage_t udevadm_exec_t:file relabelto;
allow portage_t usr_t:dir relabelto;
allow portage_t usr_t:file relabelto;

#============= setfiles_t ==============
allow setfiles_t sysctl_kernel_t:dir search;

Whilst this particular log and errorset is for sys-kernel/gentoo-kernel, I also experienced a similar failure when merging sys-fs/zfs-kmod. However, I did not see merge failures with sys-process/htop (although there were some AVC denials for { noatsecure rlimitinh siginh } ).

emerge --info to follow