Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 337027 - selinux profile FEATURES variable contains unknown value(s): loadpolicy
Summary: selinux profile FEATURES variable contains unknown value(s): loadpolicy
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Eclasses (show other bugs)
Hardware: AMD64 Linux
: High normal with 1 vote (vote)
Assignee: SE Linux Bugs
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-09-12 23:33 UTC by Chris
Modified: 2011-02-06 15:37 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
contains emerge info (emergeinfo.rtf,11.25 KB, text/plain)
2010-09-12 23:36 UTC, Chris
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Chris 2010-09-12 23:33:17 UTC
while trying to setup selinux under selinux profile

Reproducible: Didn't try

Steps to Reproduce:
1.emerge portage
ln -sf /usr/portage/profiles/selinux/v2refpolicy/amd64/server /etc/make.profile
2.emerge --info

Actual Results:  
server1 selinux # emerge -1 checkpolicy policycoreutils
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -app-admin/setools
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -dev-python/python-selinux
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -dev-python/sepolgen
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sys-apps/checkpolicy
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sys-apps/policycoreutils
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sys-libs/libselinux
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sys-libs/libsemanage
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-acpi
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-apache
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-arpwatch
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-asterisk
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-audio-entropyd
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-avahi
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-base-policy
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-bind
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-bluez
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-clamav
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-clockspeed
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-courier-imap
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-cups
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-cyrus-sasl
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-daemontools
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-dante
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-dbus
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-desktop
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-dhcp
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-distcc
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-djbdns
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-dnsmasq
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-ftpd
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-games
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-gnupg
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-gpm
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-hal
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-inetd
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-ipsec-tools
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-jabber-server
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-kerberos
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-logrotate
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-lpd
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-munin
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-mysql
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-nfs
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-ntop
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-ntp
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-openldap
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-openvpn
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-pcmcia
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-portmap
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-postfix
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-postgresql
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-ppp
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-privoxy
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-procmail
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-publicfile
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-pyzor
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-qmail
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-razor
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-samba
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-screen
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-snmpd
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-snort
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-spamassassin
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-squid
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-stunnel
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-sudo
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-tcpd
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-tftpd
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-ucspi-tcp
--- Unmatch removal atom in /usr/portage/profiles/selinux/package.mask: -sec-policy/selinux-wireshark
FEATURES variable contains unknown value(s): loadpolicy

 * IMPORTANT: 1 news items need reading for repository 'gentoo'.
 * Use eselect news to read news items.

Calculating dependencies... done!

!!! All ebuilds that could satisfy "sys-apps/checkpolicy" have been masked.
!!! One of the following masked packages is required to complete your request:
- sys-apps/checkpolicy-2.0.19 (masked by: package.mask)
/usr/portage/profiles/package.mask:
# Diego E. Pettenò <flameeyes@gentoo.org> (25 Apr 2010)
#  on behalf of QA team <qa@gentoo.org
#
# Mask SElinux packages on all the profile and unmask it only for
# selinux itself; automagic dependencies can break systems otherwise
#
# Please keep this mask in sync between profiles/package.mask and
# selinux/package.mask (with - prefix there).

- sys-apps/checkpolicy-2.0.16 (masked by: package.mask)


For more information, see the MASKED PACKAGES section in the emerge
man page or refer to the Gentoo Handbook.


Expected Results:  
Aren't all these packages unmasked in the package.mask file under the selinux profile?
Comment 1 Chris 2010-09-12 23:36:41 UTC
Created attachment 247081 [details]
contains emerge info

created with ms wordpad
Comment 2 Chris 2010-09-13 14:30:18 UTC
Unable to emerge any selinux packages while on the amd64 selinux server profile.
I would use Hardened packages but my vm is preprovisioned by a 3rd party company and it would be too much work to convert to hardened.
Comment 3 Andrei Ruslantsev 2010-10-14 18:55:31 UTC
I have the related problem
The message "selinux profile FEATURES variable contains unknown value(s): loadpolicy" appeared after update from portage 2.1.8.* to 2.1.9.*


Comment 4 Chris 2010-10-14 19:02:14 UTC
(In reply to comment #3)
> I have the related problem
> The message "selinux profile FEATURES variable contains unknown value(s):
> loadpolicy" appeared after update from portage 2.1.8.* to 2.1.9.*

Once I unmounted /selinux directory I was able to continue with the installation and setup of selinux, however the loadpolicy error was still there, this just enabled me to be able to emerge software again.
Comment 5 Andrei Ruslantsev 2010-10-15 05:55:45 UTC
(In reply to comment #4)
> Once I unmounted /selinux directory I was able to continue with the
> installation and setup of selinux, however the loadpolicy error was still
> there, this just enabled me to be able to emerge software again.
I can emerge software, I have only the loadpolicy error.
Comment 6 Lari Korpi 2010-11-30 08:06:14 UTC
I get the the loadpolicy error on selinux/2007.0/amd64.
Comment 7 darin hensley 2011-01-11 22:00:10 UTC
I also get the the loadpolicy error on selinux/2007.0/amd64.
localhost linux # emerge --info
FEATURES variable contains unknown value(s): loadpolicy
Portage 2.1.9.25 (selinux/2007.0/amd64/hardened, gcc-4.4.4, glibc-2.11.2-r3, 2.6.35-gentoo-r12 x86_64)
=================================================================
System uname: Linux-2.6.35-gentoo-r12-x86_64-AMD_Phenom-tm-_II_X3_705e_Processor-with-gentoo-2.0.1
Timestamp of tree: Tue, 28 Dec 2010 15:30:18 +0000
app-shells/bash:     4.1_p7
dev-lang/python:     2.6.5-r3, 3.1.2-r4
dev-util/cmake:      2.8.1-r2
sys-apps/baselayout: 2.0.1
sys-apps/openrc:     9999
sys-apps/sandbox:    2.4
sys-devel/autoconf:  2.13, 2.65-r1
sys-devel/automake:  1.9.6-r2, 1.10.3, 1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       4.4.4-r2
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.10
sys-devel/make:      3.81-r2
virtual/os-headers:  2.6.30-r1 (sys-kernel/linux-headers)
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=native -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests binpkg-logs distlocks fixlafiles fixpackages loadpolicy news parallel-fetch protect-owned sandbox selinux sesandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
GENTOO_MIRRORS="http://distfiles.gentoo.org/ "
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j6"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/var/db/old_ebuilds"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X acl acpi amd64 berkdb bindist cairo cli cracklib crypt cxx dbus dri evdev fortran fuse gimp glitz gnutls gtk hardened iconv iso14755 jpeg modules mudflap ncurses nls opengl openmp pam pcre perl pic png pppd python qt4 readline selinux session ssl svg tcpd tiff truetype udev virtualbox xcb xorg xvmc zlib" ALSA_CARDS="maestro3 usb-usx2y wavefront" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

localhost linux #
Comment 8 Josh Robinson 2011-01-12 01:14:59 UTC
I'm getting this when trying to emerge mysql. Here's emerge --info 

 emerge --info
FEATURES variable contains unknown value(s): loadpolicy
Portage 2.1.9.25 (selinux/v2refpolicy/x86/server, gcc-4.4.4, glibc-2.11.2-r3, 2.6.34-gentoo-r12 i686)
=================================================================
System uname: Linux-2.6.34-gentoo-r12-i686-Intel-R-_Celeron-R-_CPU_2.80GHz-with-gentoo-1.12.14
Timestamp of tree: Wed, 12 Jan 2011 00:15:01 +0000
app-shells/bash:     4.1_p7
dev-lang/python:     2.6.5-r3, 3.1.2-r4
sys-apps/baselayout: 1.12.14-r1
sys-apps/sandbox:    2.3-r1
sys-devel/autoconf:  2.65-r1
sys-devel/automake:  1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       4.4.4-r2
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.10
sys-devel/make:      3.81-r2
virtual/os-headers:  2.6.30-r1 (sys-kernel/linux-headers)
ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE="* -@EULA"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=i686 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -march=i686 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests binpkg-logs distlocks fixlafiles fixpackages loadpolicy news parallel-fetch protect-owned sandbox selinux sesandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
GENTOO_MIRRORS="http://gentoo.arcticnetwork.ca/ http://gentoo.gossamerhost.com http://mirror.the-best-hosting.net http://gentoo.mirrors.tera-byte.com/ http://mirror.csclub.uwaterloo.ca/gentoo-distfiles/"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.ca.gentoo.org/gentoo-portage"
USE="berkdb cli cracklib crypt cxx dri fortran iconv ipv6 modules mudflap ncurses nls openmp pam pcre pppd readline selinux session snmp ssl tcpd truetype x86 xml xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nouveau nv r128 radeon savage sis tdfx trident vesa dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, MAKEOPTS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Comment 9 Sven Vermeulen 2011-01-29 16:24:23 UTC
You can temporarily unset it in make.conf (FEATURES="-loadpolicy"); if you use the hardened-dev overlay this isn't used anymore. Once pushed, the profile should be altered not to include FEATURES="loadpolicy" anymore.
Comment 10 Chris Richards 2011-02-01 02:32:42 UTC
Fixed in selinux-policy-2.eclass git commit 8992c5ad738ef507a56a24b0746baf1c46fe2d7a on hardened-development overlay.  Can we close this?
Comment 11 Sven Vermeulen 2011-02-06 15:33:43 UTC
The fix is now also available in the official portage tree