while trying to setup selinux under selinux profile Reproducible: Didn't try Steps to Reproduce: 1.emerge portage ln -sf /usr/portage/profiles/selinux/v2refpolicy/amd64/server /etc/make.profile 2.emerge --info Actual Results: server1 selinux # emerge -1 checkpolicy policycoreutils --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -app-admin/setools --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -dev-python/python-selinux --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -dev-python/sepolgen --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sys-apps/checkpolicy --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sys-apps/policycoreutils --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sys-libs/libselinux --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sys-libs/libsemanage --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-acpi --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-apache --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-arpwatch --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-asterisk --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-audio-entropyd --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-avahi --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-base-policy --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-bind --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-bluez --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-clamav --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-clockspeed --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-courier-imap --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-cups --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-cyrus-sasl --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-daemontools --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-dante --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-dbus --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-desktop --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-dhcp --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-distcc --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-djbdns --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-dnsmasq --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-ftpd --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-games --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-gnupg --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-gpm --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-hal --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-inetd --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-ipsec-tools --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-jabber-server --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-kerberos --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-logrotate --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-lpd --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-munin --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-mysql --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-nfs --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-ntop --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-ntp --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-openldap --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-openvpn --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-pcmcia --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-portmap --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-postfix --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-postgresql --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-ppp --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-privoxy --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-procmail --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-publicfile --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-pyzor --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-qmail --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-razor --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-samba --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-screen --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-snmpd --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-snort --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-spamassassin --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-squid --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-stunnel --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-sudo --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-tcpd --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-tftpd --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-ucspi-tcp --- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-wireshark FEATURES variable contains unknown value(s): loadpolicy * IMPORTANT: 1 news items need reading for repository 'gentoo'. * Use eselect news to read news items. Calculating dependencies... done! !!! All ebuilds that could satisfy "sys-apps/checkpolicy" have been masked. !!! One of the following masked packages is required to complete your request: - sys-apps/checkpolicy-2.0.19 (masked by: package.mask) /usr/portage/profiles/package.mask: # Diego E. Pettenò <flameeyes@gentoo.org> (25 Apr 2010) # on behalf of QA team <qa@gentoo.org # # Mask SElinux packages on all the profile and unmask it only for # selinux itself; automagic dependencies can break systems otherwise # # Please keep this mask in sync between profiles/package.mask and # selinux/package.mask (with - prefix there). - sys-apps/checkpolicy-2.0.16 (masked by: package.mask) For more information, see the MASKED PACKAGES section in the emerge man page or refer to the Gentoo Handbook. Expected Results: Aren't all these packages unmasked in the package.mask file under the selinux profile?
Created attachment 247081 [details] contains emerge info created with ms wordpad
Unable to emerge any selinux packages while on the amd64 selinux server profile. I would use Hardened packages but my vm is preprovisioned by a 3rd party company and it would be too much work to convert to hardened.
I have the related problem The message "selinux profile FEATURES variable contains unknown value(s): loadpolicy" appeared after update from portage 2.1.8.* to 2.1.9.*
(In reply to comment #3) > I have the related problem > The message "selinux profile FEATURES variable contains unknown value(s): > loadpolicy" appeared after update from portage 2.1.8.* to 2.1.9.* Once I unmounted /selinux directory I was able to continue with the installation and setup of selinux, however the loadpolicy error was still there, this just enabled me to be able to emerge software again.
(In reply to comment #4) > Once I unmounted /selinux directory I was able to continue with the > installation and setup of selinux, however the loadpolicy error was still > there, this just enabled me to be able to emerge software again. I can emerge software, I have only the loadpolicy error.
I get the the loadpolicy error on selinux/2007.0/amd64.
I also get the the loadpolicy error on selinux/2007.0/amd64. localhost linux # emerge --info FEATURES variable contains unknown value(s): loadpolicy Portage 2.1.9.25 (selinux/2007.0/amd64/hardened, gcc-4.4.4, glibc-2.11.2-r3, 2.6.35-gentoo-r12 x86_64) ================================================================= System uname: Linux-2.6.35-gentoo-r12-x86_64-AMD_Phenom-tm-_II_X3_705e_Processor-with-gentoo-2.0.1 Timestamp of tree: Tue, 28 Dec 2010 15:30:18 +0000 app-shells/bash: 4.1_p7 dev-lang/python: 2.6.5-r3, 3.1.2-r4 dev-util/cmake: 2.8.1-r2 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 9999 sys-apps/sandbox: 2.4 sys-devel/autoconf: 2.13, 2.65-r1 sys-devel/automake: 1.9.6-r2, 1.10.3, 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.4.4-r2 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.10 sys-devel/make: 3.81-r2 virtual/os-headers: 2.6.30-r1 (sys-kernel/linux-headers) ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests binpkg-logs distlocks fixlafiles fixpackages loadpolicy news parallel-fetch protect-owned sandbox selinux sesandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" GENTOO_MIRRORS="http://distfiles.gentoo.org/ " LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j6" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/db/old_ebuilds" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X acl acpi amd64 berkdb bindist cairo cli cracklib crypt cxx dbus dri evdev fortran fuse gimp glitz gnutls gtk hardened iconv iso14755 jpeg modules mudflap ncurses nls opengl openmp pam pcre perl pic png pppd python qt4 readline selinux session ssl svg tcpd tiff truetype udev virtualbox xcb xorg xvmc zlib" ALSA_CARDS="maestro3 usb-usx2y wavefront" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS localhost linux #
I'm getting this when trying to emerge mysql. Here's emerge --info emerge --info FEATURES variable contains unknown value(s): loadpolicy Portage 2.1.9.25 (selinux/v2refpolicy/x86/server, gcc-4.4.4, glibc-2.11.2-r3, 2.6.34-gentoo-r12 i686) ================================================================= System uname: Linux-2.6.34-gentoo-r12-i686-Intel-R-_Celeron-R-_CPU_2.80GHz-with-gentoo-1.12.14 Timestamp of tree: Wed, 12 Jan 2011 00:15:01 +0000 app-shells/bash: 4.1_p7 dev-lang/python: 2.6.5-r3, 3.1.2-r4 sys-apps/baselayout: 1.12.14-r1 sys-apps/sandbox: 2.3-r1 sys-devel/autoconf: 2.65-r1 sys-devel/automake: 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.4.4-r2 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.10 sys-devel/make: 3.81-r2 virtual/os-headers: 2.6.30-r1 (sys-kernel/linux-headers) ACCEPT_KEYWORDS="x86" ACCEPT_LICENSE="* -@EULA" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -march=i686 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests binpkg-logs distlocks fixlafiles fixpackages loadpolicy news parallel-fetch protect-owned sandbox selinux sesandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" GENTOO_MIRRORS="http://gentoo.arcticnetwork.ca/ http://gentoo.gossamerhost.com http://mirror.the-best-hosting.net http://gentoo.mirrors.tera-byte.com/ http://mirror.csclub.uwaterloo.ca/gentoo-distfiles/" LDFLAGS="-Wl,-O1 -Wl,--as-needed" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.ca.gentoo.org/gentoo-portage" USE="berkdb cli cracklib crypt cxx dri fortran iconv ipv6 modules mudflap ncurses nls openmp pam pcre pppd readline selinux session snmp ssl tcpd truetype x86 xml xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nouveau nv r128 radeon savage sis tdfx trident vesa dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, MAKEOPTS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
You can temporarily unset it in make.conf (FEATURES="-loadpolicy"); if you use the hardened-dev overlay this isn't used anymore. Once pushed, the profile should be altered not to include FEATURES="loadpolicy" anymore.
Fixed in selinux-policy-2.eclass git commit 8992c5ad738ef507a56a24b0746baf1c46fe2d7a on hardened-development overlay. Can we close this?
The fix is now also available in the official portage tree
