Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Mivz <mivz@×××××××××××××.net>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] portage proc problem?
Date: Mon, 06 Feb 2006 17:32:30
Message-Id: 43E7876E.6020601@alpha.spugium.net
In Reply to: Re: [gentoo-hardened] portage proc problem? by Netopyr
1 I do not run the experimental release.
2 But that's probably the problem, you should try the latest stable
3 release. If that one does install correct, you could file a bug on the
4 experimental release. But whit more info then this post has... I would
5 keep that in mind, guessing costs a lot of time.
6
7 Netopyr wrote:
8
9 > It's really weird all this, as far I can see the dmesg result's don't
10 > have anything to do with the the error messages I got.
11
12 Sins your error's start at setfscreatecon, a SELinux specific function,
13 the problem probably lies whit selinux or it's policy.
14 dmesg reports access blocks by selinux, your udev won't build because of
15 it's access is blocked. So if the selinux policy blocks your ebuild, it
16 would be there. That's why.
17
18 > I am absolutely in the role of sysadm_r
19 >
20 > id = uid=0(root) gid=0(root)
21 > groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video),35(games)
22 > context=root:sysadm_r:sysadm_t
23 >
24 > The first time I saw these dmesg error's but whatever I install after
25 > it I never saw it again, it just didn't gave me any information then
26 > the error messages I supplied.
27 > is there any way to so I can give you guy's more info to solve my
28 > problem...
29 > I did a relabel of my filesystem already without any success.
30 > probably I have to mention I am using the ~x86 arch so maybe there is
31 > a problem there.
32 >
33 >
34 >
35 > On Sun, 2006-02-05 at 15:12 +0100, Mivz wrote:
36 >
37 >>Netopyr wrote:
38 >>
39 >>> I am upgrading as sysadm_r indeed in permissive mode.
40 >>> my dmesg gives me the following output.
41 >>>
42 >>> audit(1138995159.751:9524): avc: denied { create } for pid=11198
43 >>> comm="mknod" name="null" scontext=root:sysadm_r:portage_t
44 >>> tcontext=root:object_r:portage_tmp_t tclass=chr_file
45 >>> audit(1138995159.755:9525): avc: denied { getattr } for pid=11199
46 >>> comm="chmod" name="null" dev=hda3 ino=6427517
47 >>> scontext=root:sysadm_r:portage_t tcontext=root:object_r:portage_tmp_t
48 >>> tclass=chr_file
49 >>> audit(1138995159.755:9526): avc: denied { setattr } for pid=11199
50 >>> comm="chmod" name="null" dev=hda3 ino=6427517
51 >>> scontext=root:sysadm_r:portage_t tcontext=root:object_r:portage_tmp_t
52 >>> tclass=chr_file
53 >>> audit(1138995159.763:9527): avc: denied { write } for pid=11200
54 >>> comm="touch" name="null" dev=hda3 ino=6427517
55 >>> scontext=root:sysadm_r:portage_t tcontext=root:object_r:portage_tmp_t
56 >>> tclass=chr_file
57 >>> audit(1138995159.827:9528): avc: denied { mknod } for pid=11210
58 >>> comm="udevd" capability=27 scontext=root:staff_r:staff_t
59 >>> tcontext=root:staff_r:staff_t tclass=capability
60 >>>
61 >>> but what do you mean by "Do you have the portage_t enabeld?" if I need
62 >>> it how can I enable it.
63 >>> Coudn't find anything about it in the docs..
64 >>
65 >>
66 >>You don't need it. It's a role you can enable in tunables, wich enabels
67 >>you to emerge as portage_r instead of sysadm_r.
68 >>
69 >>But the last line in your dmesg says root:staff_r:staff_t, sure your in
70 >>sysadm_r?
71 >>It is a access problem, so something is blocking.
72 >>Mabey you need to relabel you filesystem.
73 >>
74 >>>
75 >>> regards Netopyr
76 >>>
77 >>>
78 >>> On Wed, 2006-02-01 at 17:18 +0100, Mivz wrote:
79 >>>
80 >>>>Netopyr wrote:
81 >>>>
82 >>>>> Hello,I am running a selinux enabled kernel already for a long time
83 >>>>> withoud problems but since my last -uD world I got problems installing
84 >>>>> anything.
85 >>>>> my SElinux won;t allow me to install any program anymore since it got
86 >>>>> access violations on my proc filesystem (at least I think).
87 >>>>> The output at the end of this message will give you more information.
88 >>>>> can someone help me out please?
89 >>>>>
90 >>>>> Kind regards,
91 >>>>>
92 >>>>> Netopyr
93 >>>>>
94 >>>>> -- Example updating udev ---
95 >>>>> >>> Source compiled.
96 >>>>> >>> Test phase [not enabled]: sys-fs/udev-081-r1
97 >>>>>
98 >>>>> >>> Install udev-081-r1 into /var/tmp/portage/udev-081-r1/image/
99 >>>>> category sys-fsACCESS DENIED open_wr: /proc/self/attr/fscreate
100 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
101 >>>>> Permission denied
102 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
103 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
104 >>>>> Permission denied
105 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
106 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
107 >>>>> Permission denied
108 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
109 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
110 >>>>> Permission denied
111 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
112 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
113 >>>>> Permission denied
114 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
115 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
116 >>>>> Permission denied
117 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
118 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
119 >>>>> Permission denied
120 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
121 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
122 >>>>> Permission denied
123 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
124 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
125 >>>>> Permission denied
126 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
127 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
128 >>>>> Permission denied
129 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
130 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
131 >>>>> Permission denied
132 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
133 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
134 >>>>> Permission denied
135 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
136 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
137 >>>>> Permission denied
138 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
139 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
140 >>>>> Permission denied
141 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
142 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
143 >>>>> Permission denied
144 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
145 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
146 >>>>> Permission denied
147 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
148 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
149 >>>>> Permission denied
150 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
151 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
152 >>>>> Permission denied
153 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
154 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
155 >>>>> Permission denied
156 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
157 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
158 >>>>> Permission denied
159 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
160 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
161 >>>>> Permission denied
162 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
163 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
164 >>>>> Permission denied
165 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
166 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
167 >>>>> Permission denied
168 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
169 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
170 >>>>> Permission denied
171 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
172 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
173 >>>>> Permission denied
174 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
175 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
176 >>>>> Permission denied
177 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
178 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
179 >>>>> Permission denied
180 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
181 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
182 >>>>> Permission denied
183 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
184 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
185 >>>>> Permission denied
186 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
187 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
188 >>>>> Permission denied
189 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
190 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
191 >>>>> Permission denied
192 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
193 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
194 >>>>> Permission denied
195 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
196 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
197 >>>>> Permission denied
198 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
199 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
200 >>>>> Permission denied
201 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
202 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
203 >>>>> Permission denied
204 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
205 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
206 >>>>> Permission denied
207 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
208 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
209 >>>>> Permission denied
210 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
211 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
212 >>>>> Permission denied
213 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
214 >>>>> install: cannot set setfscreatecon `root:object_r:portage_ebuild_t':
215 >>>>> Permission denied
216 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
217 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
218 >>>>> Permission denied
219 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
220 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
221 >>>>> Permission denied
222 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
223 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
224 >>>>> Permission denied
225 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
226 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
227 >>>>> Permission denied
228 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
229 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
230 >>>>> Permission denied
231 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
232 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
233 >>>>> Permission denied
234 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
235 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
236 >>>>> Permission denied
237 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
238 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
239 >>>>> Permission denied
240 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
241 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
242 >>>>> Permission denied
243 >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
244 >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
245 >>>>> Permission denied
246 >>>>> man:
247 >>>>> prepallstrip:
248 >>>>> strip: i686-pc-linux-gnu-strip --strip-unneeded
249 >>>>> /usr/bin/udevinfo
250 >>>>> /usr/bin/udevtest
251 >>>>> /usr/bin/udevmonitor
252 >>>>> /sbin/udev
253 >>>>> /sbin/udevd
254 >>>>> /sbin/udevsend
255 >>>>> /sbin/udevstart
256 >>>>> /sbin/udevcontrol
257 >>>>> /sbin/udev_run_devd
258 >>>>> /sbin/udev_run_hotplugd
259 >>>>> /sbin/ata_id
260 >>>>> /sbin/vol_id
261 >>>>> /sbin/scsi_id
262 >>>>> /sbin/usb_id
263 >>>>> /sbin/cdrom_id
264 >>>>> /sbin/create_floppy_devices
265 >>>>> /sbin/firmware_helper
266 >>>>> >>> Completed installing udev-081-r1 into
267 >>>>> /var/tmp/portage/udev-081-r1/image/
268 >>>>>
269 >>>>> --------------------------- ACCESS VIOLATION SUMMARY
270 >>>>> ---------------------------LOG FILE =
271 >>>>> "/var/log/sandbox/sandbox-sys-fs_-_udev-081-r1-23054.log"
272 >>>>>
273 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23080/attr/fscreate)
274 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23082/attr/fscreate)
275 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23084/attr/fscreate)
276 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23087/attr/fscreate)
277 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23089/attr/fscreate)
278 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23091/attr/fscreate)
279 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23093/attr/fscreate)
280 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23095/attr/fscreate)
281 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23097/attr/fscreate)
282 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23099/attr/fscreate)
283 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23101/attr/fscreate)
284 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23103/attr/fscreate)
285 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23105/attr/fscreate)
286 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23107/attr/fscreate)
287 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23109/attr/fscreate)
288 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23111/attr/fscreate)
289 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23113/attr/fscreate)
290 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23115/attr/fscreate)
291 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23118/attr/fscreate)
292 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23124/attr/fscreate)
293 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23130/attr/fscreate)
294 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23135/attr/fscreate)
295 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23137/attr/fscreate)
296 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23146/attr/fscreate)
297 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23151/attr/fscreate)
298 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23155/attr/fscreate)
299 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23159/attr/fscreate)
300 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23163/attr/fscreate)
301 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23167/attr/fscreate)
302 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23171/attr/fscreate)
303 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23175/attr/fscreate)
304 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23180/attr/fscreate)
305 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23185/attr/fscreate)
306 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23190/attr/fscreate)
307 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23195/attr/fscreate)
308 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23200/attr/fscreate)
309 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23205/attr/fscreate)
310 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23212/attr/fscreate)
311 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23214/attr/fscreate)
312 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23217/attr/fscreate)
313 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23219/attr/fscreate)
314 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23221/attr/fscreate)
315 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23223/attr/fscreate)
316 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23225/attr/fscreate)
317 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23228/attr/fscreate)
318 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23230/attr/fscreate)
319 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23233/attr/fscreate)
320 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23235/attr/fscreate)
321 >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23241/attr/fscreate)
322 >>>>> --------------------------------------------------------------------------------
323 >>>>
324 >>>>
325 >>>>Did you do this as root in sysadm_r?
326 >>>>Do you have the portage_t enabeld?
327 >>>>What does dmesg gives as output on the denies?
328 >>>>Tryed upgrading in permissive mode?
329 >>>>
330 >>>>
331 >>>>
332 >>
333 >>
334 >>
335
336 --
337 gentoo-hardened@g.o mailing list

Replies

Subject Author
Re: [gentoo-hardened] portage proc problem? Netopyr <NoMiS@×××××××××××.com>
Report Message
Find on MARC Find on Google Groups