Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 91921

Summary: setfiles segfaults (problem in libselinux?)
Product: Gentoo Linux Reporter: Daniel Thaler <daniel>
Component: HardenedAssignee: The Gentoo Linux Hardened Team <hardened>
Status: RESOLVED TEST-REQUEST    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: x86   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: My setfiles.c with patch + printf

Description Daniel Thaler 2005-05-08 10:35:29 UTC
I'm building a system with the /usr/portage/profiles/selinux/2005.1/x86/hardened profile.
'emerge system' installs policycoreutils-1.22; every emerge after that fails because setfiles segfaults during the qmerge phase.

After some googling i manually compiled setfiles with the patch at http://marc.theaimsgroup.com/?l=selinux&m=111292011814641&w=2, but it did not fix the problem.

After adding some printf statements, I determined that setfiles crashes in the call to matchpathcon_filespec_destroy(), which is located in libselinux.

(BTW: I was unable to use gdb, becaue I could not set breakpoints. Is there a trick to it that I don't know about, or should I file a bugreport for that too?)
Comment 1 Daniel Thaler 2005-05-08 10:37:06 UTC
Created attachment 58369 [details]
My setfiles.c with patch + printf
Comment 2 Chris PeBenito (RETIRED) gentoo-dev 2005-05-08 16:04:13 UTC
Please try libselinux-1.22-r1, I believe it has the fix for your problem.  As for debugging, you need to enable the gdb debugging in CFLAGS, and have portage not strip your binaries and librares.
Comment 3 Daniel Thaler 2005-05-08 17:05:12 UTC
It works now. Thank you!

As for debugging, I compiled the program manually with CFLAGS="-g". When setting breakpoints I got this type of error:

Warning:
Cannot insert breakpoint 1.
Error accessing memory address 0x702: Input/output error.

Anyway, I was wondering wether this is some weird side-effect of selinux/hardened or a genuine bug.
Comment 4 solar (RETIRED) gentoo-dev 2005-05-08 17:15:59 UTC
Re comment #3

To properly debug something with USE=hardened enabled try the following
# CFLAGS='-g3 -ggdb -fno-stack-protector -nopie' FEATURES='nostrip' emerge buggy
$ paxctl -permsx `which buggy` ; (you may need to force selinux to this step?)
$ gdb `which buggy` 

gdb> run
gdb> backtrace full
gdb> info regs
etc.. good luck.