Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Netopyr <NoMiS@×××××××××××.com>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] portage proc problem?
Date: Fri, 10 Feb 2006 17:46:20
Message-Id: 1139593422.9752.2.camel@localhost
In Reply to: Re: [gentoo-hardened] portage proc problem? by Mivz
1 I filed this problem as a bug and Pebenito solved my problem:
2
3 ------- Comment #1 from pebenito@g.o 2006-02-10 06:38 PST
4 -------
5 this is not a policy problem. you must have coreutils 5.93. please
6 remerge
7 coreutils with FEATURES="-sandbox"
8
9 This solved my problem but I pasted the solution for anyone who have the
10 same problems had.
11
12
13
14
15
16 On Mon, 2006-02-06 at 18:29 +0100, Mivz wrote:
17
18 > I do not run the experimental release.
19 > But that's probably the problem, you should try the latest stable
20 > release. If that one does install correct, you could file a bug on the
21 > experimental release. But whit more info then this post has... I would
22 > keep that in mind, guessing costs a lot of time.
23 >
24 > Netopyr wrote:
25 >
26 > > It's really weird all this, as far I can see the dmesg result's don't
27 > > have anything to do with the the error messages I got.
28 >
29 > Sins your error's start at setfscreatecon, a SELinux specific function,
30 > the problem probably lies whit selinux or it's policy.
31 > dmesg reports access blocks by selinux, your udev won't build because of
32 > it's access is blocked. So if the selinux policy blocks your ebuild, it
33 > would be there. That's why.
34 >
35 > > I am absolutely in the role of sysadm_r
36 > >
37 > > id = uid=0(root) gid=0(root)
38 > > groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video),35(games)
39 > > context=root:sysadm_r:sysadm_t
40 > >
41 > > The first time I saw these dmesg error's but whatever I install after
42 > > it I never saw it again, it just didn't gave me any information then
43 > > the error messages I supplied.
44 > > is there any way to so I can give you guy's more info to solve my
45 > > problem...
46 > > I did a relabel of my filesystem already without any success.
47 > > probably I have to mention I am using the ~x86 arch so maybe there is
48 > > a problem there.
49 > >
50 > >
51 > >
52 > > On Sun, 2006-02-05 at 15:12 +0100, Mivz wrote:
53 > >
54 > >>Netopyr wrote:
55 > >>
56 > >>> I am upgrading as sysadm_r indeed in permissive mode.
57 > >>> my dmesg gives me the following output.
58 > >>>
59 > >>> audit(1138995159.751:9524): avc: denied { create } for pid=11198
60 > >>> comm="mknod" name="null" scontext=root:sysadm_r:portage_t
61 > >>> tcontext=root:object_r:portage_tmp_t tclass=chr_file
62 > >>> audit(1138995159.755:9525): avc: denied { getattr } for pid=11199
63 > >>> comm="chmod" name="null" dev=hda3 ino=6427517
64 > >>> scontext=root:sysadm_r:portage_t tcontext=root:object_r:portage_tmp_t
65 > >>> tclass=chr_file
66 > >>> audit(1138995159.755:9526): avc: denied { setattr } for pid=11199
67 > >>> comm="chmod" name="null" dev=hda3 ino=6427517
68 > >>> scontext=root:sysadm_r:portage_t tcontext=root:object_r:portage_tmp_t
69 > >>> tclass=chr_file
70 > >>> audit(1138995159.763:9527): avc: denied { write } for pid=11200
71 > >>> comm="touch" name="null" dev=hda3 ino=6427517
72 > >>> scontext=root:sysadm_r:portage_t tcontext=root:object_r:portage_tmp_t
73 > >>> tclass=chr_file
74 > >>> audit(1138995159.827:9528): avc: denied { mknod } for pid=11210
75 > >>> comm="udevd" capability=27 scontext=root:staff_r:staff_t
76 > >>> tcontext=root:staff_r:staff_t tclass=capability
77 > >>>
78 > >>> but what do you mean by "Do you have the portage_t enabeld?" if I need
79 > >>> it how can I enable it.
80 > >>> Coudn't find anything about it in the docs..
81 > >>
82 > >>
83 > >>You don't need it. It's a role you can enable in tunables, wich enabels
84 > >>you to emerge as portage_r instead of sysadm_r.
85 > >>
86 > >>But the last line in your dmesg says root:staff_r:staff_t, sure your in
87 > >>sysadm_r?
88 > >>It is a access problem, so something is blocking.
89 > >>Mabey you need to relabel you filesystem.
90 > >>
91 > >>>
92 > >>> regards Netopyr
93 > >>>
94 > >>>
95 > >>> On Wed, 2006-02-01 at 17:18 +0100, Mivz wrote:
96 > >>>
97 > >>>>Netopyr wrote:
98 > >>>>
99 > >>>>> Hello,I am running a selinux enabled kernel already for a long time
100 > >>>>> withoud problems but since my last -uD world I got problems installing
101 > >>>>> anything.
102 > >>>>> my SElinux won;t allow me to install any program anymore since it got
103 > >>>>> access violations on my proc filesystem (at least I think).
104 > >>>>> The output at the end of this message will give you more information.
105 > >>>>> can someone help me out please?
106 > >>>>>
107 > >>>>> Kind regards,
108 > >>>>>
109 > >>>>> Netopyr
110 > >>>>>
111 > >>>>> -- Example updating udev ---
112 > >>>>> >>> Source compiled.
113 > >>>>> >>> Test phase [not enabled]: sys-fs/udev-081-r1
114 > >>>>>
115 > >>>>> >>> Install udev-081-r1 into /var/tmp/portage/udev-081-r1/image/
116 > >>>>> category sys-fsACCESS DENIED open_wr: /proc/self/attr/fscreate
117 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
118 > >>>>> Permission denied
119 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
120 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
121 > >>>>> Permission denied
122 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
123 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
124 > >>>>> Permission denied
125 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
126 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
127 > >>>>> Permission denied
128 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
129 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
130 > >>>>> Permission denied
131 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
132 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
133 > >>>>> Permission denied
134 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
135 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
136 > >>>>> Permission denied
137 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
138 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
139 > >>>>> Permission denied
140 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
141 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
142 > >>>>> Permission denied
143 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
144 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
145 > >>>>> Permission denied
146 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
147 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
148 > >>>>> Permission denied
149 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
150 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
151 > >>>>> Permission denied
152 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
153 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
154 > >>>>> Permission denied
155 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
156 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
157 > >>>>> Permission denied
158 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
159 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
160 > >>>>> Permission denied
161 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
162 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
163 > >>>>> Permission denied
164 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
165 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
166 > >>>>> Permission denied
167 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
168 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
169 > >>>>> Permission denied
170 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
171 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
172 > >>>>> Permission denied
173 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
174 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
175 > >>>>> Permission denied
176 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
177 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
178 > >>>>> Permission denied
179 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
180 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
181 > >>>>> Permission denied
182 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
183 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
184 > >>>>> Permission denied
185 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
186 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
187 > >>>>> Permission denied
188 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
189 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
190 > >>>>> Permission denied
191 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
192 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
193 > >>>>> Permission denied
194 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
195 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
196 > >>>>> Permission denied
197 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
198 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
199 > >>>>> Permission denied
200 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
201 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
202 > >>>>> Permission denied
203 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
204 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
205 > >>>>> Permission denied
206 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
207 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
208 > >>>>> Permission denied
209 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
210 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
211 > >>>>> Permission denied
212 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
213 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
214 > >>>>> Permission denied
215 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
216 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
217 > >>>>> Permission denied
218 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
219 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
220 > >>>>> Permission denied
221 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
222 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
223 > >>>>> Permission denied
224 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
225 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
226 > >>>>> Permission denied
227 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
228 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
229 > >>>>> Permission denied
230 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
231 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_ebuild_t':
232 > >>>>> Permission denied
233 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
234 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
235 > >>>>> Permission denied
236 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
237 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
238 > >>>>> Permission denied
239 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
240 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
241 > >>>>> Permission denied
242 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
243 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
244 > >>>>> Permission denied
245 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
246 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
247 > >>>>> Permission denied
248 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
249 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
250 > >>>>> Permission denied
251 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
252 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
253 > >>>>> Permission denied
254 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
255 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
256 > >>>>> Permission denied
257 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
258 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
259 > >>>>> Permission denied
260 > >>>>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
261 > >>>>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
262 > >>>>> Permission denied
263 > >>>>> man:
264 > >>>>> prepallstrip:
265 > >>>>> strip: i686-pc-linux-gnu-strip --strip-unneeded
266 > >>>>> /usr/bin/udevinfo
267 > >>>>> /usr/bin/udevtest
268 > >>>>> /usr/bin/udevmonitor
269 > >>>>> /sbin/udev
270 > >>>>> /sbin/udevd
271 > >>>>> /sbin/udevsend
272 > >>>>> /sbin/udevstart
273 > >>>>> /sbin/udevcontrol
274 > >>>>> /sbin/udev_run_devd
275 > >>>>> /sbin/udev_run_hotplugd
276 > >>>>> /sbin/ata_id
277 > >>>>> /sbin/vol_id
278 > >>>>> /sbin/scsi_id
279 > >>>>> /sbin/usb_id
280 > >>>>> /sbin/cdrom_id
281 > >>>>> /sbin/create_floppy_devices
282 > >>>>> /sbin/firmware_helper
283 > >>>>> >>> Completed installing udev-081-r1 into
284 > >>>>> /var/tmp/portage/udev-081-r1/image/
285 > >>>>>
286 > >>>>> --------------------------- ACCESS VIOLATION SUMMARY
287 > >>>>> ---------------------------LOG FILE =
288 > >>>>> "/var/log/sandbox/sandbox-sys-fs_-_udev-081-r1-23054.log"
289 > >>>>>
290 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23080/attr/fscreate)
291 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23082/attr/fscreate)
292 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23084/attr/fscreate)
293 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23087/attr/fscreate)
294 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23089/attr/fscreate)
295 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23091/attr/fscreate)
296 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23093/attr/fscreate)
297 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23095/attr/fscreate)
298 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23097/attr/fscreate)
299 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23099/attr/fscreate)
300 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23101/attr/fscreate)
301 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23103/attr/fscreate)
302 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23105/attr/fscreate)
303 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23107/attr/fscreate)
304 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23109/attr/fscreate)
305 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23111/attr/fscreate)
306 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23113/attr/fscreate)
307 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23115/attr/fscreate)
308 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23118/attr/fscreate)
309 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23124/attr/fscreate)
310 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23130/attr/fscreate)
311 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23135/attr/fscreate)
312 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23137/attr/fscreate)
313 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23146/attr/fscreate)
314 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23151/attr/fscreate)
315 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23155/attr/fscreate)
316 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23159/attr/fscreate)
317 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23163/attr/fscreate)
318 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23167/attr/fscreate)
319 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23171/attr/fscreate)
320 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23175/attr/fscreate)
321 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23180/attr/fscreate)
322 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23185/attr/fscreate)
323 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23190/attr/fscreate)
324 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23195/attr/fscreate)
325 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23200/attr/fscreate)
326 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23205/attr/fscreate)
327 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23212/attr/fscreate)
328 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23214/attr/fscreate)
329 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23217/attr/fscreate)
330 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23219/attr/fscreate)
331 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23221/attr/fscreate)
332 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23223/attr/fscreate)
333 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23225/attr/fscreate)
334 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23228/attr/fscreate)
335 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23230/attr/fscreate)
336 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23233/attr/fscreate)
337 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23235/attr/fscreate)
338 > >>>>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23241/attr/fscreate)
339 > >>>>> --------------------------------------------------------------------------------
340 > >>>>
341 > >>>>
342 > >>>>Did you do this as root in sysadm_r?
343 > >>>>Do you have the portage_t enabeld?
344 > >>>>What does dmesg gives as output on the denies?
345 > >>>>Tryed upgrading in permissive mode?
346 > >>>>
347 > >>>>
348 > >>>>
349 > >>
350 > >>
351 > >>
352 >
Report Message
Find on MARC Find on Google Groups