Gentoo Archives: gentoo-hardened

From:	Zac Medico <zmedico@g.o>
To:	gentoo-hardened@l.g.o
Subject:	Re: [gentoo-hardened] portage updated, now selinux forbids portage_t.fetch usage of wget
Date:	Tue, 22 May 2007 02:47:49
Message-Id:	`46525967.2010805@gentoo.org`
In Reply to:	[gentoo-hardened] portage updated, now selinux forbids portage_t.fetch usage of wget by Justin Heesemann

1	-----BEGIN PGP SIGNED MESSAGE-----
2	Hash: SHA1
3
4	Justin Heesemann wrote:
5	> I've just updated portage, (2.1.2.7) and now portage seems unable to download
6	> anything.
7	>
8	> audit(1179767691.954:1414): avc: denied { entrypoint } for pid=26274
9	> comm="emerge" name="wget" dev=dm-1 ino=17219
10	> scontext=root:sysadm_r:portage_t.fetch tcontext=system_u:object_r:bin_t
11	> tclass=file
12	>
13	>
14	> # ls -lZ /usr/bin/wget
15	> rwxr-xr-x root root system_u:object_r:bin_t /usr/bin/wget
16	>
17	>
18
19	I think the attached patch will solve the problem for you. Could
20	you test it please?
21
22	Thanks,
23	Zac
24	-----BEGIN PGP SIGNATURE-----
25	Version: GnuPG v2.0.4 (GNU/Linux)
26
27	iD8DBQFGUlll/ejvha5XGaMRAmG7AJ9JOC+hb+wPrW8wAxcqm+odggfRqACgh3gG
28	SgjUSR7XMQfnIWEoc76j9NQ=
29	=LE4g
30	-----END PGP SIGNATURE-----

File name	MIME type
selinux_fetch.patch	text/plain
selinux_fetch.patch.sig	application/octet-stream

Subject	Author
Re: [gentoo-hardened] portage updated, now selinux forbids portage_t.fetch usage of wget	Justin Heesemann <jh@××××××.org>