Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 492570 - dev86 fails to build with selinux in enforcing mode
Summary: dev86 fails to build with selinux in enforcing mode
Status: RESOLVED NEEDINFO
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: SELinux (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: SE Linux Bugs
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-11-26 04:58 UTC by schmitt953
Modified: 2016-11-14 20:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
build info (sys-devel.tar.xz,805.58 KB, application/x-xz)
2013-11-26 05:06 UTC, schmitt953 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description schmitt953 2013-11-26 04:58:59 UTC 
dev86-0.16.19 failed to build when SELinux was in enforcing mode. No problems in permissive.

Reproducible: Always

Steps to Reproduce:
1. Have selinux in enforcing mode
2. emerge -1 dev86-0.16.19


Expected Results:  
It should build

make[3]: Entering directory `/var/tmp/portage/sys-devel/dev86-0.16.19/work/dev86-0.16.19/libc'
ncc -c -Mn -O -D__LIBC__ -D__LIBC_VER__='"0.16.19"' -o crt0.o crt0.c
crt0.c:1: CPP-FATAL error: Cannot open output file
Comment 1 schmitt953 2013-11-26 05:06:23 UTC 
Created attachment 363990 [details]
build info

build logs and such too tired to pick and choose files
Comment 2 schmitt953 2013-11-26 05:10:36 UTC 
Nov 25 23:14:55 C6100-Template kernel: [34708.199172] type=1400 audit(1385442895.806:818): avc:  denied  { write } for  pid=14467 comm="bcc-cpp" path="/tmp/$$000014466" dev="sda2" ino=448494 ipaddr=192.168.5.139 scontext=root:sysadm_r:portage_sandbox_t:s0-s0:c0.c1023 tcontext=root:object_r:file_t:s0 tclass=file
Nov 25 23:14:55 C6100-Template kernel: [34708.206134] type=1400 audit(1385442895.812:819): avc:  denied  { remove_name } for  pid=14466 comm="ncc" name="$$000014466" dev="sda2" ino=448494 ipaddr=192.168.5.139 scontext=root:sysadm_r:portage_sandbox_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=dir
Nov 25 23:14:55 C6100-Template kernel: [34708.206177] type=1400 audit(1385442895.812:820): avc:  denied  { unlink } for  pid=14466 comm="ncc" name="$$000014466" dev="sda2" ino=448494 ipaddr=192.168.5.139 scontext=root:sysadm_r:portage_sandbox_t:s0-s0:c0.c1023 tcontext=root:object_r:file_t:s0 tclass=file
Comment 3 schmitt953 2013-11-26 05:12:14 UTC 
vgabios has same error I think it's perhaps a portage problem
Comment 4 Sven Vermeulen (RETIRED) gentoo-dev 2013-12-16 14:03:23 UTC 
Nov 25 23:14:55 C6100-Template kernel: [34708.199172] type=1400 audit(1385442895.806:818): avc:  denied  { write } for  pid=14467 comm="bcc-cpp" path="/tmp/$$000014466" dev="sda2" ino=448494 ipaddr=192.168.5.139 scontext=root:sysadm_r:portage_sandbox_t:s0-s0:c0.c1023 tcontext=root:object_r:file_t:s0 tclass=file

Note the tcontext being a file_t. This means that the target file is not labeled, something that shouldn't occur.

- Is /tmp correctly labeled?
- Which process is creating the file (the context of the process and the context of /tmp should define what the context is of the file).