1 |
Hello again, |
2 |
|
3 |
I'm hitting symptoms as described in the "Policy Store is Corrupt" section |
4 |
of the troubleshooting page ( |
5 |
http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=2&chap=6 |
6 |
) |
7 |
|
8 |
msi erik # semodule -n -B |
9 |
libsemanage.semanage_link_sandbox: Could not access sandbox base file |
10 |
/etc/selinux/strict/modules/tmp/base.pp. (No such file or directory). |
11 |
semodule: Failed! |
12 |
|
13 |
As directed, I re-emerge my sec-policy packages: |
14 |
... |
15 |
FEATURES="-selinux" emerge -1av $(qlist -IC sec-policy) |
16 |
... |
17 |
|
18 |
however selinux-base-policy fails. It gets through the sandbox install but |
19 |
fails at the merge with: |
20 |
|
21 |
Error opening /etc/selinux/strict/contexts/files/file_contexts.local: No |
22 |
such file or directory |
23 |
libsemanage.sefcontext_compile: sefcontext_compile returned error code 255. |
24 |
Compiling /etc/selinux/strict/contexts/files/file_contexts.local |
25 |
libsemanage.semanage_install_active: Could not copy |
26 |
/etc/selinux/strict/modules/active/file_contexts.homedirs to |
27 |
/etc/selinux/strict/contexts/files/file_contexts.homedirs. (No such file or |
28 |
directory) |
29 |
semodule: failed! |
30 |
|
31 |
Any ideas? I'm sure this package merged successfully a couple days ago. |
32 |
|
33 |
My 'emerge --info' is below. The build log isn't preserved (a cruel |
34 |
portage lie). |
35 |
|
36 |
Thanks in advance, |
37 |
Erik |
38 |
|
39 |
|
40 |
msi erik # emerge --info |
41 |
'=sec-policy/selinux-base-policy-2.20130424-r4::gentoo' |
42 |
Portage 2.2.8-r1 (hardened/linux/amd64/selinux, gcc-4.8.2, glibc-2.18-r1, |
43 |
3.13.4-gentoo x86_64) |
44 |
================================================================= |
45 |
System Settings |
46 |
================================================================= |
47 |
System uname: Linux-3.13.4-gentoo-x86_64-Intel-R-_Core-TM-_i5_CPU_M_480_@ |
48 |
_2.67GHz-with-gentoo-2.2 |
49 |
KiB Mem: 5896244 total, 4990876 free |
50 |
KiB Swap: 0 total, 0 free |
51 |
Timestamp of tree: Wed, 26 Feb 2014 00:45:01 +0000 |
52 |
ld GNU ld (GNU Binutils) 2.24 |
53 |
app-shells/bash: 4.2_p45-r1 |
54 |
dev-java/java-config: 2.2.0 |
55 |
dev-lang/python: 2.7.6, 3.3.4 |
56 |
dev-util/cmake: 2.8.12.2 |
57 |
dev-util/pkgconfig: 0.28 |
58 |
sys-apps/baselayout: 2.2 |
59 |
sys-apps/openrc: 0.12.4 |
60 |
sys-apps/sandbox: 2.6-r1 |
61 |
sys-devel/autoconf: 2.13, 2.69 |
62 |
sys-devel/automake: 1.14.1 |
63 |
sys-devel/binutils: 2.24-r2 |
64 |
sys-devel/gcc: 4.8.2 |
65 |
sys-devel/gcc-config: 1.8 |
66 |
sys-devel/libtool: 2.4.2 |
67 |
sys-devel/make: 4.0-r1 |
68 |
sys-kernel/linux-headers: 3.13 (virtual/os-headers) |
69 |
sys-libs/glibc: 2.18-r1 |
70 |
Repositories: gentoo |
71 |
ACCEPT_KEYWORDS="amd64 ~amd64" |
72 |
ACCEPT_LICENSE="* -@EULA google-chrome" |
73 |
CBUILD="x86_64-pc-linux-gnu" |
74 |
CFLAGS="-O2 -pipe" |
75 |
CHOST="x86_64-pc-linux-gnu" |
76 |
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt" |
77 |
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d |
78 |
/etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild |
79 |
/etc/sandbox.d /etc/terminfo" |
80 |
CXXFLAGS="-O2 -pipe" |
81 |
DISTDIR="/usr/portage/distfiles" |
82 |
FCFLAGS="-O2 -pipe" |
83 |
FEATURES="assume-digests binpkg-logs candy config-protect-if-modified |
84 |
distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch |
85 |
preserve-libs protect-owned sandbox selinux sesandbox sfperms strict |
86 |
unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv |
87 |
usersandbox usersync webrsync-gpg xattr" |
88 |
FFLAGS="-O2 -pipe" |
89 |
GENTOO_MIRRORS="http://distfiles.gentoo.org" |
90 |
LANG="en_US.utf8" |
91 |
LDFLAGS="-Wl,-O1 -Wl,--as-needed" |
92 |
MAKEOPTS="-j5" |
93 |
PKGDIR="/usr/portage/packages" |
94 |
PORTAGE_CONFIGROOT="/" |
95 |
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times |
96 |
--omit-dir-times --compress --force --whole-file --delete --stats |
97 |
--human-readable --timeout=180 --exclude=/distfiles --exclude=/local |
98 |
--exclude=/packages" |
99 |
PORTAGE_TMPDIR="/var/tmp" |
100 |
PORTDIR="/usr/portage" |
101 |
PORTDIR_OVERLAY="" |
102 |
USE="amd64 berkdb bindist bzip2 cleartype cli corefonts cracklib crypt cxx |
103 |
dri gdbm hardened iconv ipv6 justify mmx modules multilib ncurses nls nptl |
104 |
open_perms openmp pam pcre readline selinux session sse sse2 ssl tcpd |
105 |
truetype type1 unicode urandom xtpax zlib" ABI_X86="64" ALSA_CARDS="ali5451 |
106 |
als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 |
107 |
es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio |
108 |
via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core |
109 |
socache_shmcb unixd actions alias auth_basic authn_alias authn_anon |
110 |
authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile |
111 |
authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs |
112 |
dav_lock deflate dir disk_cache env expires ext_filter file_cache filter |
113 |
headers include info log_config logio mem_cache mime mime_magic negotiation |
114 |
rewrite setenvif speling status unique_id userdir usertrack vhost_alias" |
115 |
CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon |
116 |
braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load |
117 |
memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm |
118 |
earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip |
119 |
navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 |
120 |
timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="keyboard mouse evdev" |
121 |
KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 |
122 |
lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console |
123 |
presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" |
124 |
PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" |
125 |
PYTHON_TARGETS="python2_7 python3_3" RUBY_TARGETS="ruby19 ruby18" |
126 |
USERLAND="GNU" VIDEO_CARDS="intel nouveau i965" XTABLES_ADDONS="quota2 psd |
127 |
pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition |
128 |
tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" |
129 |
Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, |
130 |
PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, |
131 |
PORTAGE_RSYNC_EXTRA_OPTS, SYNC, USE_PYTHON |
132 |
|
133 |
================================================================= |
134 |
Package Settings |
135 |
================================================================= |
136 |
|
137 |
sec-policy/selinux-base-policy-2.20130424-r4 was built with the following: |
138 |
USE="(multilib) (selinux) unconfined" ABI_X86="64" |