Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 472098 - sys-auth/polkit-0.111 + =sys-apps/systemd-204 : the active users haven't enough permissions when CONFIG_GRKERNSEC_PROC is active
Summary: sys-auth/polkit-0.111 + =sys-apps/systemd-204 : the active users haven't enou...
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: The Gentoo Linux Hardened Team
URL:
Whiteboard:
Keywords:
: 455938 (view as bug list)
Depends on:
Blocks:
 
Reported: 2013-06-02 12:55 UTC by Agostino Sarubbo
Modified: 2016-02-11 15:29 UTC (History)
8 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-06-02 12:55:44 UTC
During the test of systemd due to bug 465870, I just see that my current user has not enough permissions. Infact, I can't manage networkmanager connections, I can't suspend, I can't mount via udisks but loginctl says that I'm an active user.

ago@arcadia ~ $ loginctl --no-pager show-session $XDG_SESSION_ID | grep Active
Active=yes

I completely killed consolekit and I have -consolekit +systemd globally.

Portage 2.1.11.62 (default/linux/amd64/13.0/no-multilib, gcc-4.6.3, glibc-2.15-r3, 3.2.42-hardened-r1 x86_64)
=================================================================
System uname: Linux-3.2.42-hardened-r1-x86_64-Intel-R-_Atom-TM-_CPU_N455_@_1.66GHz-with-gentoo-2.2
KiB Mem:     1009124 total,     92036 free
KiB Swap:    2047996 total,   2047996 free
Timestamp of tree: Fri, 24 May 2013 19:30:01 +0000
ld GNU ld (GNU Binutils) 2.22
app-shells/bash:          4.2_p45
dev-lang/python:          2.7.3-r3
dev-util/cmake:           2.8.10.2-r2
dev-util/pkgconfig:       0.28
sys-apps/baselayout:      2.2
sys-apps/openrc:          0.11.8
sys-apps/sandbox:         2.5                                                                                                                  
sys-devel/autoconf:       2.13, 2.69                                                                                                           
sys-devel/automake:       1.11.6, 1.12.6                                                                                                       
sys-devel/binutils:       2.22-r1                                                                                                              
sys-devel/gcc:            4.6.3                                                                                                                
sys-devel/gcc-config:     1.7.3                                                                                                                
sys-devel/libtool:        2.4-r1                                                                                                               
sys-devel/make:           3.82-r4                                                                                                              
sys-kernel/linux-headers: 3.7 (virtual/os-headers)                                                                                             
sys-libs/glibc:           2.15-r3                                                                                                              
Repositories: gentoo ago x-portage                                                                                                             
ACCEPT_KEYWORDS="amd64"                                                                                                                        
ACCEPT_LICENSE="*"                                                                                                                             
CBUILD="x86_64-pc-linux-gnu"                                                                                                                   
CFLAGS="-O2 -pipe -march=atom -mtune=atom"                                                                                                     
CHOST="x86_64-pc-linux-gnu"                                                                                                                    
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/polkit-1/actions /usr/share/themes/oxygen-gtk/gtk-2.0 /usr/share/themes/oxygen-gtk/gtk-3.0"                                                                                                                  
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"                                                                                                                              
CXXFLAGS="-O2 -pipe -march=atom -mtune=atom"                                                                                                   
DISTDIR="/media/dati/portage/distfiles"                                                                                                        
EMERGE_DEFAULT_OPTS="--with-bdeps y"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs collision-protect config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync multilib-strict news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="it_IT.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu"
MAKEOPTS="-j2"
PKGDIR="/media/dati/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/media/dati/portage"
PORTDIR_OVERLAY="/var/lib/layman/ago /usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X aac acl alsa amd64 berkdb bzip2 cairo cli cracklib crypt custom-cflags cxx dri fortran gdbm gpm iconv jpeg jpeg2k kde lame mmx modules mp3 mudflap ncurses networkmanager nptl ogg opengl openmp pam pcre png qt3support qt4 readline session sse sse2 ssl symlink systemd tcpd tiff unicode vorbis zlib" ABI_X86="64" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev synaptics" KERNEL="linux" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en en_GB" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-3" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" VIDEO_CARDS="intel"
USE_PYTHON="2.7"
Comment 1 Ray Griffin (rorgoroth) 2013-06-02 13:13:51 UTC
Do you have: 
session         optional        pam_loginuid.so
in /etc/pam.d/system-auth ?

I recall a user having issues like this before and they had not set the above.
Comment 2 Ray Griffin (rorgoroth) 2013-06-02 13:14:52 UTC
(In reply to Ray Griffin from comment #1)
*facepalm*
I meant: 
"session         optional        pam_systemd.so"
Highlighted the wrong line, sorry for the confusion/extra noise.
Comment 3 Agostino Sarubbo gentoo-dev 2013-06-02 13:18:14 UTC
(In reply to Ray Griffin from comment #2)
> (In reply to Ray Griffin from comment #1)
> *facepalm*
> I meant: 
> "session         optional        pam_systemd.so"
> Highlighted the wrong line, sorry for the confusion/extra noise.

np, yes I have it
Comment 4 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2013-06-02 14:08:59 UTC
It may be something related to polkit and the whole newbie fun stuff.

While at it, it would be good to find out why my user has only partial bluetooth access :). Funny enough, on my laptop it all worked out of the box...
Comment 5 Agostino Sarubbo gentoo-dev 2013-06-02 17:13:23 UTC
I tried this .pkla

[Allow Everything Dammit]
Identity=unix-user:ago
Action=*
ResultAny=yes
ResultInactive=yes
ResultActive=yes

or this .rules

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.udisks2.filesystem-mount" &&
        subject.user == "ago" {
        return "yes";
    }
});


I'm not a polkit expert, but I seriously guess that polkit does not work propely with systemd, at least here.
Comment 6 Samuli Suominen gentoo-dev 2013-06-04 15:44:24 UTC
(In reply to Agostino Sarubbo from comment #5)
> I tried this .pkla

.pkla is a obsolete format and no longer supported by current sys-auth/polkit, (except if you hack around with sys-auth/polkit-pkla-compat)

> polkit.addRule(function(action, subject) {
>     if (action.id == "org.freedesktop.udisks2.filesystem-mount" &&
>         subject.user == "ago" {
>         return "yes";
>     }
> });

Shouldn't that be

return polkit.Result.YES;

instead of

return "yes";

like shown in the `man 8 polkit` page examples?
Comment 7 Agostino Sarubbo gentoo-dev 2013-06-04 15:52:41 UTC
(In reply to Samuli Suominen from comment #6)
> Shouldn't that be
> 
> return polkit.Result.YES;
> 
> instead of
> 
> return "yes";
> 
> like shown in the `man 8 polkit` page examples?

It does not work too with that syntax.
Comment 8 Pacho Ramos gentoo-dev 2013-07-20 14:53:17 UTC
I have no problem with 205 :/
Comment 9 Agostino Sarubbo gentoo-dev 2013-07-20 14:59:39 UTC
(In reply to Pacho Ramos from comment #8)
> I have no problem with 205 :/

I can reproduce with 204. An hint on where start to debug would be great.
Comment 10 Pacho Ramos gentoo-dev 2013-07-20 15:01:32 UTC
I would look at journalctl output (specially just after hitting a problem)
Comment 11 Agostino Sarubbo gentoo-dev 2013-07-21 07:38:31 UTC
This problem is caused by grsecurity by the module CONFIG_GRKERNSEC_PROC

If I disable it, it works perfectly.
Comment 12 Alexander Tsoy 2013-07-23 16:02:36 UTC
See also bug 455938
Comment 13 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2013-07-30 12:38:25 UTC
Do you maybe have a quick & sane way of reproducing it? Preferably one having least additional deps & factors.
Comment 14 Agostino Sarubbo gentoo-dev 2013-07-30 12:50:42 UTC
(In reply to Michał Górny from comment #13)
> Do you maybe have a quick & sane way of reproducing it? Preferably one
> having least additional deps & factors.

1) emerge hardened-sources:3.2.48-r1
2) In the menuconfig go to security options -> grsecurity.
3) Configuration Method (Automatic)
4) Usage Type (Desktop)

Check that CONFIG_GRKERNSEC_PROC is enabled. Compile and boot. That's enough.
Comment 15 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2013-07-30 13:05:50 UTC
(In reply to Agostino Sarubbo from comment #14)
> (In reply to Michał Górny from comment #13)
> > Do you maybe have a quick & sane way of reproducing it? Preferably one
> > having least additional deps & factors.
> 
> 1) emerge hardened-sources:3.2.48-r1
> 2) In the menuconfig go to security options -> grsecurity.
> 3) Configuration Method (Automatic)
> 4) Usage Type (Desktop)
> 
> Check that CONFIG_GRKERNSEC_PROC is enabled. Compile and boot. That's enough.

Yes, I did that. Now what should be failing for me? Preferably without the need to install GNOME :P.
Comment 16 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2013-07-30 17:27:54 UTC
Ok, unless I'm missing something I think I am able to reproduce it with 'systemctl reboot'. The message is: Unix process subject does not have uid set.

I'm going to investigate further.
Comment 17 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2013-07-30 17:55:18 UTC
$ dbus-send --print-reply --system --dest=org.freedesktop.login1 \
  /org/freedesktop/login1 org.freedesktop.login1.Manager.Reboot \
  boolean:false

Error org.freedesktop.PolicyKit1.Error.Failed: Unix process subject does not have uid set

Looks like it's an issue in polkit rather than systemd itself.
Comment 18 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2013-07-30 18:08:02 UTC
Yep, 100% polkit issue. polkit tries to obtain some user information from procfs, and since it is running as 'polkitd' it doesn't see other users' processes.

I was able to work-around this through adding 'polkitd' to 'wheel' but I doubt that's the correct solution.
Comment 19 Agostino Sarubbo gentoo-dev 2013-07-30 18:44:35 UTC
this does not happen on openrc. Please restore the summary and the assignee.
Comment 20 Alexander Tsoy 2013-07-30 18:55:00 UTC
(In reply to Michał Górny from comment #18)
> I was able to work-around this through adding 'polkitd' to 'wheel' but I
> doubt that's the correct solution.

This is a solution which I described in bug 455938

$ sudo zgrep CONFIG_GRKERNSEC_PROC_GID /proc/config.gz 
CONFIG_GRKERNSEC_PROC_GID=666
$ getent group 666
procr:x:666:root,user1,polkitd

Does it work for you?
Comment 21 Alexandre Rostovtsev (RETIRED) gentoo-dev 2013-07-30 19:01:47 UTC
(In reply to Agostino Sarubbo from comment #19)
> this does not happen on openrc. Please restore the summary and the assignee.

The bug only happens on systemd, but that does not imply that the cause of the bug is in systemd itself, or that the bug must be assigned to the systemd team.

After all, it also happens only on hardened kernels, but that does not imply that hardened@g.o should automatically be the assignee.
Comment 22 Agostino Sarubbo gentoo-dev 2013-07-30 19:09:26 UTC
(In reply to Alexander Tsoy from comment #20)
> (In reply to Michał Górny from comment #18)
> > I was able to work-around this through adding 'polkitd' to 'wheel' but I
> > doubt that's the correct solution.
> 
> This is a solution which I described in bug 455938
> 
> $ sudo zgrep CONFIG_GRKERNSEC_PROC_GID /proc/config.gz 
> CONFIG_GRKERNSEC_PROC_GID=666
> $ getent group 666
> procr:x:666:root,user1,polkitd
> 
> Does it work for you?

this is a workaround, not a real fix
Comment 23 Alexandre Rostovtsev (RETIRED) gentoo-dev 2013-07-30 20:21:44 UTC
*** Bug 455938 has been marked as a duplicate of this bug. ***
Comment 24 Alexander Tsoy 2013-07-30 20:51:32 UTC
Seems this is not a polkit problem. polkit[systemd] links against libsystemd-login.so. Here Lennart describes why sd-login need to call sd_pid_get_owner_uid() and sd_pid_get_session() so that access to /proc is required:

http://lists.freedesktop.org/archives/systemd-devel/2012-October/006860.html
Comment 25 Alexander Tsoy 2013-07-30 20:56:44 UTC
If systemd can't be fixed, then solution from comment 20 looks like a real fix. =P
Comment 26 Alexander Tsoy 2013-07-30 21:02:05 UTC
(In reply to Alexander Tsoy from comment #24)
> so that access to /proc is required

/proc/1/cgroup, to be more precise
Comment 27 Alexandre Rostovtsev (RETIRED) gentoo-dev 2013-07-30 21:03:17 UTC
(In reply to Alexander Tsoy from comment #24)
> http://lists.freedesktop.org/archives/systemd-devel/2012-October/006860.html

Thank you for tracking this down.

So the best solution might be to make a list of systemd and polkit executables that need to access /proc/1 and install them with whatever capability bits or paxctl flags that are needed to do their job when GRKERNSEC_PROC is enabled or /proc is mounted with hidepid.
Comment 28 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2013-07-30 21:56:24 UTC
Maybe we should try to convince the hardened guys to give an option to make PID 1 visible to everyone? Assuming that would help.
Comment 29 Alexander Tsoy 2013-07-30 21:57:08 UTC
(In reply to Alexandre Rostovtsev from comment #27)

With GRKERNSEC_PROC enabled processess of other users completely hidden by the kernel. So I have no idea how this can be handled by the caps or psxctl flags.

user2@host $ ls -ld /proc/[0-9]*
dr-xr-x--- 8 user2 procr 0 Jul 31 01:51 /proc/2068
Comment 30 Alexandre Rostovtsev (RETIRED) gentoo-dev 2013-07-30 22:30:58 UTC
(In reply to Alexander Tsoy from comment #29)
> With GRKERNSEC_PROC enabled processess of other users completely hidden by
> the kernel. So I have no idea how this can be handled by the caps or psxctl
> flags.

You are right, it seems that the hardened patch makes the kernel check only for the process's uid == 0 or gid == GRKERNSEC_PROC_GID when accessing /proc, completely ignoring capabilities :/

Alternative solution - add a tiny suid-root program that reads /proc/1/cgroup, and patch systemd's sd_pid_get_owner_uid() to call that program instead of reading /proc/1/cgroup directly?
Comment 31 abandoned account disabled email 2015-09-02 15:02:30 UTC
I'm using openrc only  and have this issue, with hardened kernel and grsec.
openrc-0.17

Tried to start it manually here:

# /usr/lib/polkit-1/polkitd
Successfully changed to user polkitd
Killed

dmesg says:
[ 1864.475910] grsec: From 10.0.2.2: chdir to /var/lib/polkit-1 by /usr/lib64/polkit-1/polkitd[polkitd:16619] uid/euid:102/102 gid/egid:245/245, parent /bin/bash[bash:16548] uid/euid:0/0 gid/egid:0/0
[ 1864.539922] grsec: From 10.0.2.2: denied RWX mmap of <anonymous mapping> by /usr/lib64/polkit-1/polkitd[polkitd:16619] uid/euid:102/102 gid/egid:245/245, parent /bin/bash[bash:16548] uid/euid:0/0 gid/egid:0/0
[ 1864.541373] polkitd[16619]: segfault at 10 ip 0000036e56cd7ce7 sp 000003ca9ced1cb0 error 4 in libpthread-2.21.so[36e56cce000+18000]
[ 1864.541428] grsec: From 10.0.2.2: Segmentation fault occurred at 0000000000000010 in /usr/lib64/polkit-1/polkitd[polkitd:16619] uid/euid:102/102 gid/egid:245/245, parent /bin/bash[bash:16548] uid/euid:0/0 gid/egid:0/0
[ 1864.541580] grsec: From 10.0.2.2: bruteforce prevention initiated due to crash of /usr/lib64/polkit-1/polkitd against uid 102, banning suid/sgid execs for 15 minutes.  Please investigate the crash report for /usr/lib64/polkit-1/polkitd[polkitd:16619] uid/euid:102/102 gid/egid:245/245, parent /bin/bash[bash:16548] uid/euid:0/0 gid/egid:0/0
...
# gdb /lib64/libpthread-2.21.so
...
(gdb) info symbol 0x0000036e56cd7ce7-0x36e56cce000
pthread_mutex_lock + 23 in section .text
(gdb) list *pthread_mutex_lock+23
0x9ce7 is in __GI___pthread_mutex_lock (../nptl/pthread_mutex_lock.c:67).
62	__pthread_mutex_lock (mutex)
63	     pthread_mutex_t *mutex;
64	{
65	  assert (sizeof (mutex->__size) >= sizeof (mutex->__data));
66	
67	  unsigned int type = PTHREAD_MUTEX_TYPE_ELISION (mutex);
68	
69	  LIBC_PROBE (mutex_entry, 1, mutex);
70	
71	  if (__builtin_expect (type & ~(PTHREAD_MUTEX_KIND_MASK_NP
...

Any ideas? I wonder how I could get it to dump a 'core' file (having 
*               soft    core            unlimited
 in /etc/security/limits.conf is not doing it(nor # ulimit -c unlimited ) - but works fine for firefox for example) Does anyone know?

# emerge --info sys-auth/polkit
Portage 2.2.20.1 (python 3.4.3-final-0, hardened/linux/amd64/no-multilib, gcc-5.2.0, glibc-2.21-r1, 4.1.6-hardened-r1-g45b4b78 x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-4.1.6-hardened-r1-g45b4b78-x86_64-AMD_A6-3400M_APU_with_Radeon-tm-_HD_Graphics-with-gentoo-2.2
KiB Mem:    10809864 total,   9085548 free
KiB Swap:          0 total,         0 free
Timestamp of repository gentoo: Tue, 01 Sep 2015 00:45:02 +0000
sh bash 4.3_p42
ld GNU ld (Gentoo 2.25.1 p1.1) 2.25.1
ccache version 3.2.3 [enabled]
app-shells/bash:          4.3_p42::gentoo
dev-lang/perl:            5.22.0::gentoo
dev-lang/python:          2.7.10::gentoo, 3.4.3::gentoo
dev-util/ccache:          3.2.3::gentoo
dev-util/cmake:           3.3.1-r1::gentoo
dev-util/pkgconfig:       0.28-r3::gentoo
sys-apps/baselayout:      2.2::gentoo
sys-apps/openrc:          0.17::gentoo
sys-apps/sandbox:         2.6-r1::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69-r1::gentoo
sys-devel/automake:       1.13.4::gentoo, 1.14.1::gentoo, 1.15::gentoo
sys-devel/binutils:       2.25.1-r1::gentoo
sys-devel/gcc:            4.8.5::gentoo, 5.2.0::gentoo
sys-devel/gcc-config:     1.8::gentoo
sys-devel/libtool:        2.4.6-r1::gentoo
sys-devel/make:           4.1-r1::gentoo
sys-kernel/linux-headers: 4.1::gentoo (virtual/os-headers)
sys-libs/glibc:           2.21-r1::gentoo
Repositories:

gentoo
    location: /usr/portage
    priority: -1000

ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="@FREE"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=native -ggdb -fvar-tracking-assignments -fno-omit-frame-pointer -ftrack-macro-expansion=2 -fstack-protector-all -fPIC"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -pipe -march=native -ggdb -fvar-tracking-assignments -fno-omit-frame-pointer -ftrack-macro-expansion=2 -fstack-protector-all -fPIC"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs ccache cgroup collision-protect config-protect-if-modified distlocks downgrade-backup ebuild-locks fakeroot fixlafiles force-mirror installsources ipc-sandbox merge-sync multilib-strict network-sandbox news nostrip parallel-fetch parallel-install prelink-checksums preserve-libs sandbox sfperms split-elog split-log strict unknown-features-warn unmerge-backup unmerge-logs userfetch userpriv usersandbox webrsync-gpg"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://ftp.romnet.org/gentoo/ http://tux.rainside.sk/gentoo/ http://de-mirror.org/gentoo/ http://gd.tuwien.ac.at/opsys/linux/gentoo/ http://www.las.ic.unicamp.br/pub/gentoo/"
INSTALL_MASK="/lib/systemd /lib32/systemd /lib64/systemd /usr/lib/systemd /usr/lib32/systemd /usr/lib64/systemd /etc/systemd"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
USE="3dnow 3dnowext X acl amd64 berkdb bindist btrfs bzip2 cli consolekit cracklib crypt cryptsetup cscope cxx dbus device-mapper dri egl extensions gdbm git gpg gpm gtk3 hardened iconv jpeg justify lock mmx mmxext modules mosh-hardening ncurses nptl openmp pam pax_kernel pcre pie policykit pulseaudio qt4 readline seccomp session sse sse2 sse3 ssl ssp startup-notification strong-security system-icu system-jpeg system-libvpx system-sqlite urandom xattr xcomposite xtpax zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="3dnow 3dnowext mmx mmxext sse sse2 sse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="pc" INPUT_DEVICES="keyboard virtualbox evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_4" RUBY_TARGETS="ruby19 ruby20" USERLAND="GNU" VIDEO_CARDS="virtualbox" XFCE_PLUGINS="brightness clock trash battery power" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
USE_PYTHON="2.7"
Unset:  CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

=================================================================
                        Package Settings
=================================================================

sys-auth/polkit-0.113::gentoo was built with the following:
USE="introspection pam -examples -gtk -jit -kde -nls (-selinux) -systemd -test"
CFLAGS="-O2 -pipe -march=native -ggdb -fvar-tracking-assignments -fno-omit-frame-pointer -ftrack-macro-expansion=2 -fstack-protector-all"
CXXFLAGS="-O2 -pipe -march=native -ggdb -fvar-tracking-assignments -fno-omit-frame-pointer -ftrack-macro-expansion=2 -fstack-protector-all"
Comment 32 Mike Gilbert gentoo-dev 2015-09-02 15:59:06 UTC
(In reply to Emanuel Czirai from comment #31)

Please do not hijack unrelated bug reports. File a new bug please.
Comment 33 abandoned account disabled email 2015-09-02 18:15:00 UTC
I apologize. Filed new: https://bugs.gentoo.org/show_bug.cgi?id=559436