Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 657510 - dev-cpp/libxsd-frontend & dev-cpp/xsd on SELinux: '/bin/sh: /usr/include/build-0.3/c/gnu/dep: Permission denied' and '/bin/sh: /usr/include/build-0.3/git/gitignore: Permission denied'
Summary: dev-cpp/libxsd-frontend & dev-cpp/xsd on SELinux: '/bin/sh: /usr/include/buil...
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: SELinux (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: SE Linux Bugs
Depends on:
Reported: 2018-06-07 07:20 UTC by Doppler
Modified: 2018-06-08 21:24 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

dev-cpp/xsd build log (file_657510.txt,90.47 KB, text/plain)
2018-06-07 07:24 UTC, Doppler

Note You need to log in before you can comment on or make changes to this bug.
Description Doppler 2018-06-07 07:20:36 UTC
While trying to build the package with SELinux set to enforcing, I am greeted with some permission denied errors in the build logs as well as matching ones in my audit logs:
type=AVC msg=audit(1528355573.499:738): avc:  denied  { execute } for  pid=20947 comm="sh" name="dep" dev="sda3" ino=39341288 scontext=staff_u:sysadm_r:portage_sandbox_t tcontext=system_u:object_r:usr_t tclass=file permissive=0
type=AVC msg=audit(1528355573.779:739): avc:  denied  { execute } for  pid=21031 comm="sh" name="gitignore" dev="sda3" ino=39341296 scontext=staff_u:sysadm_r:portage_sandbox_t tcontext=system_u:object_r:usr_t tclass=file permissive=0

Allowing portage_sandbox_t to execute usr_t files or setting SELinux to permissive works, though this does not seem like a proper solution to this.
Comment 1 Doppler 2018-06-07 07:23:07 UTC
(actually, dev-cpp/xsd has the exact same problem)
Comment 2 Doppler 2018-06-07 07:24:47 UTC
Created attachment 535172 [details]
dev-cpp/xsd build log
Comment 3 Jason Zaman gentoo-dev 2018-06-08 11:37:48 UTC
wat. why are there executable files in /usr/include?

does it work if you do:
chcon -R -t bin_t /usr/include/build-0.3
Comment 4 Doppler 2018-06-08 21:24:14 UTC
Beats me, ask the people behind dev-util/build
Anyways, yeah, that worked. And xsd + libxsd-frontend are the only packages I have that depend on it.