Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 127374 - Current buildpkg logic isn't selinux aware.
Summary: Current buildpkg logic isn't selinux aware.
Status: RESOLVED FIXED
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Core (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Portage team
URL:
Whiteboard:
Keywords: InVCS, REGRESSION
Depends on:
Blocks: 115839
  Show dependency tree
 
Reported: 2006-03-23 19:51 UTC by Stephen Bennett (RETIRED)
Modified: 2006-03-24 20:12 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments
patch to create tbz2 directly in ${PKGDIR}/All (bug_127374_selinux_labels.patch,1.30 KB, patch)
2006-03-24 00:38 UTC, Zac Medico
Details | Diff
patch to create tbz2 directly in ${PKGDIR}/All (1170_r2986_bug_127374_selinux_labels.patch,1.22 KB, patch)
2006-03-24 00:48 UTC, Zac Medico
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Stephen Bennett (RETIRED) gentoo-dev 2006-03-23 19:51:54 UTC
Currently (portage-2.1_pre6-r5), portage's buildpkg logic creates a binary package in /var/tmp/portage, and then uses `mv` to move it to the package dir. On SELinux systems, this will cause one of two problems: either the resulting package will be labeled incorrectly as a portage temporary file, or sandbox violations will occur as mv tries to write to /proc/self/attr/fscreate in order to create the destination file with the original context.

Possible solutions were discussed in #gentoo-portage, including using the existing Python code for moving files in SELinux. The desired result, though, is that the package after moving to $PKGDIR has the same label as $PKGDIR itself.
Comment 1 Zac Medico gentoo-dev 2006-03-24 00:38:49 UTC
Created attachment 82986 [details, diff]
patch to create tbz2 directly in ${PKGDIR}/All

Please test this patch which creates the tbz2 package directly in ${PKGDIR}/All so that it will hopefully get the proper label automatically.  As an added benefit, it avoids the intermediate temporary file, for better efficiency.  This is in svn r2986.
Comment 2 Zac Medico gentoo-dev 2006-03-24 00:48:40 UTC
Created attachment 82987 [details, diff]
patch to create tbz2 directly in ${PKGDIR}/All

This patch applies cleanly against 2.1_pre6-r6.
Comment 3 Zac Medico gentoo-dev 2006-03-24 20:12:15 UTC
Released in 2.1_pre6-r7.  Thanks for reporting.