Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 417821 - Loading policy fails with "libsemanage.semanage_make_sandbox: Could not copy files to sandbox /etc/selinux/strict/modules/tmp. (Permission denied)"
Summary: Loading policy fails with "libsemanage.semanage_make_sandbox: Could not copy ...
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Hardened (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Sven Vermeulen (RETIRED)
Whiteboard: sec-policy r11
Depends on:
Reported: 2012-05-27 17:49 UTC by Sven Vermeulen (RETIRED)
Modified: 2012-07-30 16:35 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sven Vermeulen (RETIRED) gentoo-dev 2012-05-27 17:49:59 UTC
When a new SELinux policy is build (or the policy is reloaded), the following failure occurs:

libsemanage.semanage_make_sandbox: Could not copy files to sandbox /etc/selinux/strict/modules/tmp. (Permission denied)

This is due to a change in policy for semanage between r9 and r10. In r10, the "modules" directory is assumed to be created using a named file transition into "semanage_store_t". On existing systems however, the directory is already available (and with selinux_config_t).

The following simple fix resolves this issue, and will also be in r11.

semanage fcontext -a -t semanage_store_t /etc/selinux/strict/modules
restorecon -R /etc/selinux/strict/modules

Reproducible: Always
Comment 1 Sven Vermeulen (RETIRED) gentoo-dev 2012-05-28 09:15:17 UTC
In hardened-dev overlay, rev 11
Comment 2 Sven Vermeulen (RETIRED) gentoo-dev 2012-06-27 21:57:05 UTC
In main tree, ~arched
Comment 3 Sven Vermeulen (RETIRED) gentoo-dev 2012-07-30 16:35:28 UTC