126711 – SVN r2834 broke SELinux support

Bug 126711 - SVN r2834 broke SELinux support

Summary: SVN r2834 broke SELinux support

Status:	RESOLVED FIXED

Alias:	None

Product:	Portage Development
Classification:	Unclassified
Component:	Core (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Portage team

URL:
Whiteboard:
Keywords:	InVCS, REGRESSION

Depends on:
Blocks:	115839
	Show dependency tree

Reported:	2006-03-18 12:47 UTC by Stephen Bennett (RETIRED)
Modified:	2006-03-19 00:05 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
fix regressions from r2834 (fix_r2834.patch,1.83 KB, patch) 2006-03-18 15:47 UTC, Zac Medico	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stephen Bennett (RETIRED) gentoo-dev

2006-03-18 12:47:40 UTC

Recent 2.1_pre portage versions (_pre6 at least, possibly others) are running phases under the SELinux-enforced sandbox that shouldn't be. As a result, files are merged to $ROOT with the wrong label (due to the preinst phase running in the wrong context), and so are inaccessible to most user domains. zmedico's recent patch has fixed fetching, but preinst at least is still broken.

Comment 1 Zac Medico gentoo-dev

2006-03-18 15:47:42 UTC

Created attachment 82503 [details, diff]
fix regressions from r2834

This patch should fix both of the regressions from r2834:

1) Use the correct context for fetching.
2) Reset the security context before returning from spawn.

I plan to release this in 2.1_pre6-r4 today.  Thanks for reporting.

Comment 2 Zac Medico gentoo-dev

2006-03-19 00:05:24 UTC

Released in 2.1_pre6-r4.