Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Mivz <mivz@×××××××××××××.net>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] portage proc problem?
Date: Sun, 05 Feb 2006 14:16:12
Message-Id: 43E607E3.3040801@alpha.spugium.net
In Reply to: Re: [gentoo-hardened] portage proc problem? by Netopyr
1 Netopyr wrote:
2
3 > I am upgrading as sysadm_r indeed in permissive mode.
4 > my dmesg gives me the following output.
5 >
6 > audit(1138995159.751:9524): avc: denied { create } for pid=11198
7 > comm="mknod" name="null" scontext=root:sysadm_r:portage_t
8 > tcontext=root:object_r:portage_tmp_t tclass=chr_file
9 > audit(1138995159.755:9525): avc: denied { getattr } for pid=11199
10 > comm="chmod" name="null" dev=hda3 ino=6427517
11 > scontext=root:sysadm_r:portage_t tcontext=root:object_r:portage_tmp_t
12 > tclass=chr_file
13 > audit(1138995159.755:9526): avc: denied { setattr } for pid=11199
14 > comm="chmod" name="null" dev=hda3 ino=6427517
15 > scontext=root:sysadm_r:portage_t tcontext=root:object_r:portage_tmp_t
16 > tclass=chr_file
17 > audit(1138995159.763:9527): avc: denied { write } for pid=11200
18 > comm="touch" name="null" dev=hda3 ino=6427517
19 > scontext=root:sysadm_r:portage_t tcontext=root:object_r:portage_tmp_t
20 > tclass=chr_file
21 > audit(1138995159.827:9528): avc: denied { mknod } for pid=11210
22 > comm="udevd" capability=27 scontext=root:staff_r:staff_t
23 > tcontext=root:staff_r:staff_t tclass=capability
24 >
25 > but what do you mean by "Do you have the portage_t enabeld?" if I need
26 > it how can I enable it.
27 > Coudn't find anything about it in the docs..
28
29
30 You don't need it. It's a role you can enable in tunables, wich enabels
31 you to emerge as portage_r instead of sysadm_r.
32
33 But the last line in your dmesg says root:staff_r:staff_t, sure your in
34 sysadm_r?
35 It is a access problem, so something is blocking.
36 Mabey you need to relabel you filesystem.
37
38 >
39 > regards Netopyr
40 >
41 >
42 > On Wed, 2006-02-01 at 17:18 +0100, Mivz wrote:
43 >
44 >>Netopyr wrote:
45 >>
46 >>> Hello,I am running a selinux enabled kernel already for a long time
47 >>> withoud problems but since my last -uD world I got problems installing
48 >>> anything.
49 >>> my SElinux won;t allow me to install any program anymore since it got
50 >>> access violations on my proc filesystem (at least I think).
51 >>> The output at the end of this message will give you more information.
52 >>> can someone help me out please?
53 >>>
54 >>> Kind regards,
55 >>>
56 >>> Netopyr
57 >>>
58 >>> -- Example updating udev ---
59 >>> >>> Source compiled.
60 >>> >>> Test phase [not enabled]: sys-fs/udev-081-r1
61 >>>
62 >>> >>> Install udev-081-r1 into /var/tmp/portage/udev-081-r1/image/
63 >>> category sys-fsACCESS DENIED open_wr: /proc/self/attr/fscreate
64 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
65 >>> Permission denied
66 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
67 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
68 >>> Permission denied
69 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
70 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
71 >>> Permission denied
72 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
73 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
74 >>> Permission denied
75 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
76 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
77 >>> Permission denied
78 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
79 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
80 >>> Permission denied
81 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
82 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
83 >>> Permission denied
84 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
85 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
86 >>> Permission denied
87 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
88 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
89 >>> Permission denied
90 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
91 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
92 >>> Permission denied
93 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
94 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
95 >>> Permission denied
96 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
97 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
98 >>> Permission denied
99 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
100 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
101 >>> Permission denied
102 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
103 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
104 >>> Permission denied
105 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
106 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
107 >>> Permission denied
108 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
109 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
110 >>> Permission denied
111 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
112 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
113 >>> Permission denied
114 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
115 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
116 >>> Permission denied
117 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
118 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
119 >>> Permission denied
120 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
121 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
122 >>> Permission denied
123 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
124 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
125 >>> Permission denied
126 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
127 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
128 >>> Permission denied
129 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
130 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
131 >>> Permission denied
132 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
133 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
134 >>> Permission denied
135 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
136 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
137 >>> Permission denied
138 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
139 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
140 >>> Permission denied
141 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
142 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
143 >>> Permission denied
144 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
145 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
146 >>> Permission denied
147 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
148 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
149 >>> Permission denied
150 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
151 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
152 >>> Permission denied
153 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
154 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
155 >>> Permission denied
156 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
157 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
158 >>> Permission denied
159 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
160 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
161 >>> Permission denied
162 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
163 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
164 >>> Permission denied
165 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
166 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
167 >>> Permission denied
168 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
169 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
170 >>> Permission denied
171 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
172 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
173 >>> Permission denied
174 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
175 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
176 >>> Permission denied
177 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
178 >>> install: cannot set setfscreatecon `root:object_r:portage_ebuild_t':
179 >>> Permission denied
180 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
181 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
182 >>> Permission denied
183 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
184 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
185 >>> Permission denied
186 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
187 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
188 >>> Permission denied
189 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
190 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
191 >>> Permission denied
192 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
193 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
194 >>> Permission denied
195 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
196 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
197 >>> Permission denied
198 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
199 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
200 >>> Permission denied
201 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
202 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
203 >>> Permission denied
204 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
205 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
206 >>> Permission denied
207 >>> ACCESS DENIED open_wr: /proc/self/attr/fscreate
208 >>> install: cannot set setfscreatecon `root:object_r:portage_tmp_t':
209 >>> Permission denied
210 >>> man:
211 >>> prepallstrip:
212 >>> strip: i686-pc-linux-gnu-strip --strip-unneeded
213 >>> /usr/bin/udevinfo
214 >>> /usr/bin/udevtest
215 >>> /usr/bin/udevmonitor
216 >>> /sbin/udev
217 >>> /sbin/udevd
218 >>> /sbin/udevsend
219 >>> /sbin/udevstart
220 >>> /sbin/udevcontrol
221 >>> /sbin/udev_run_devd
222 >>> /sbin/udev_run_hotplugd
223 >>> /sbin/ata_id
224 >>> /sbin/vol_id
225 >>> /sbin/scsi_id
226 >>> /sbin/usb_id
227 >>> /sbin/cdrom_id
228 >>> /sbin/create_floppy_devices
229 >>> /sbin/firmware_helper
230 >>> >>> Completed installing udev-081-r1 into
231 >>> /var/tmp/portage/udev-081-r1/image/
232 >>>
233 >>> --------------------------- ACCESS VIOLATION SUMMARY
234 >>> ---------------------------LOG FILE =
235 >>> "/var/log/sandbox/sandbox-sys-fs_-_udev-081-r1-23054.log"
236 >>>
237 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23080/attr/fscreate)
238 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23082/attr/fscreate)
239 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23084/attr/fscreate)
240 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23087/attr/fscreate)
241 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23089/attr/fscreate)
242 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23091/attr/fscreate)
243 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23093/attr/fscreate)
244 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23095/attr/fscreate)
245 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23097/attr/fscreate)
246 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23099/attr/fscreate)
247 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23101/attr/fscreate)
248 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23103/attr/fscreate)
249 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23105/attr/fscreate)
250 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23107/attr/fscreate)
251 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23109/attr/fscreate)
252 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23111/attr/fscreate)
253 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23113/attr/fscreate)
254 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23115/attr/fscreate)
255 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23118/attr/fscreate)
256 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23124/attr/fscreate)
257 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23130/attr/fscreate)
258 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23135/attr/fscreate)
259 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23137/attr/fscreate)
260 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23146/attr/fscreate)
261 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23151/attr/fscreate)
262 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23155/attr/fscreate)
263 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23159/attr/fscreate)
264 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23163/attr/fscreate)
265 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23167/attr/fscreate)
266 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23171/attr/fscreate)
267 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23175/attr/fscreate)
268 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23180/attr/fscreate)
269 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23185/attr/fscreate)
270 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23190/attr/fscreate)
271 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23195/attr/fscreate)
272 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23200/attr/fscreate)
273 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23205/attr/fscreate)
274 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23212/attr/fscreate)
275 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23214/attr/fscreate)
276 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23217/attr/fscreate)
277 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23219/attr/fscreate)
278 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23221/attr/fscreate)
279 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23223/attr/fscreate)
280 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23225/attr/fscreate)
281 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23228/attr/fscreate)
282 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23230/attr/fscreate)
283 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23233/attr/fscreate)
284 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23235/attr/fscreate)
285 >>> open_wr: /proc/self/attr/fscreate (symlink to /proc/23241/attr/fscreate)
286 >>> --------------------------------------------------------------------------------
287 >>
288 >>
289 >>Did you do this as root in sysadm_r?
290 >>Do you have the portage_t enabeld?
291 >>What does dmesg gives as output on the denies?
292 >>Tryed upgrading in permissive mode?
293 >>
294 >>
295 >>
296
297 --
298 gentoo-hardened@g.o mailing list

Replies

Subject Author
Re: [gentoo-hardened] portage proc problem? Netopyr <NoMiS@×××××××××××.com>
Report Message
Find on MARC Find on Google Groups