Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 410761 - Emerge with sandbox fails due to /sys/fs/selinux
Summary: Emerge with sandbox fails due to /sys/fs/selinux
Status: RESOLVED DUPLICATE of bug 410687
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] baselayout (show other bugs)
Hardware: AMD64 Linux
: Normal normal (vote)
Assignee: The Gentoo Linux Hardened Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-04-04 10:42 UTC by Paul de Vrieze (RETIRED)
Modified: 2012-04-05 15:44 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Paul de Vrieze (RETIRED) gentoo-dev 2012-04-04 10:42:30 UTC 
The current selinux feature adds an ADD_WRITE for /selinux, but on my system (amd64 with openrc-0.9.9.3 and kernel 3.3.0) it is actually also mounted to /sys/fs/selinux and the system seems to prioritize that (according to sestatus).
Adding an exception for /sys/fs/selinux to make.conf fixes it, but the exception should probably be in /usr/portage/features/selinux/profile.bashrc
Comment 1 Tomáš "tpruzina" Pružina (amd64 [ex]AT) 2012-04-05 11:27:02 UTC 
I ran into this as well on my system (mixed, 3.3.0:hardened-dev).
Comment 2 Jory A. Pratt gentoo-dev 2012-04-05 13:42:35 UTC 
emerge --info and selinux-base-policy info needs to be added, this should be fixed already in 20120215
Comment 3 Sven Vermeulen (RETIRED) gentoo-dev 2012-04-05 15:44:12 UTC 

*** This bug has been marked as a duplicate of bug 410687 ***