| View previous topic :: View next topic |
| Author |
Message |
whyscream
n00b
Joined: 17 Feb 2004
Posts: 46
|
 Posted: Sun Apr 11, 2004 11:44 am Post subject: SElinux 2004.0 bootstrap fails |
 |
|
I'm trying to install Gentoo SELinux on a x86 from scratch, following the SElinux x86 SELinux Installation guide. Everything works fine, until I start the bootstrap.sh script.
Portage emerges ok, but the next package (sys-devel/gettext) aborts after compiling, when it tries '>>> Setting SELinux security labels':
| Code: |
>>> Completed installing into /var/tmp/portage/gettext-0.12.1/image
>>> Merging sys-devel/gettext-0.12.1 to /
sfperms
selinux
>>> Setting SELinux security labels
/usr/sbin/setfiles: read 525 specifications
/usr/sbin/setfiles: labeling files, pretending /var/tmp/portage/gettext-0.12.1/image is /
/usr/sbin/setfiles: labeling files under /var/tmp/portage/gettext-0.12.1/image/
/var/tmp/portage/gettext-0.12.1/image/usr: Operation not permitted
/usr/sbin/setfiles: unable to obtain attribute for file /var/tmp/portage/gettext-0.12.1/image/usr
/usr/sbin/setfiles: error while labeling files under /var/tmp/portage/gettext-0.12.1/image/
!!! ERROR: sys-devel/gettext-0.12.1 failed
!!! function dyn_preinst, line 909, Exitcode 1
!!! Failed to set SELinux security labels.
!!! Failed preinst: 1
|
I'm using 'experimental/x86/livecd/x86/livecd-2004.0-x86-selinux-nostages-20040227.iso' install cd booted in permissive mode, and 'experimental/x86/stages/x86/stage1-x86-selinux-20040211.tar.bz2' stage1 tarball.
I found a thread in the forums regarding loading the default policy, but the manual doesn't state such a thing, and while trying it according the beforementioned post, there seems to be no policy whatsoever:
| Code: |
livecd policy # pwd
/etc/security/selinux/src/policy
livecd policy # ls
file_contexts
livecd policy # make policy
make: *** No rule to make target `policy'. Stop.
|
And this is my 'emerge info':
| Code: |
livecd root # emerge info
Portage 2.0.50-r3 (selinux-x86-1.4, gcc-3.3.2, glibc-2.3.2-r9, 2.6.3-gentoo-r1-livecd)
=================================================================
System uname: 2.6.3-gentoo-r1-livecd i686 Pentium III (Coppermine)
Gentoo Base System version 1.4.3.13
Autoconf:
Automake:
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-march=pentium3 -O3 -pipe -fomit-frame-pointer -fstack-protector"
CHOST="i686-pc-linux-gnu"
COMPILER="gcc3"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d"
CXXFLAGS="-march=pentium3 -O3 -pipe -fomit-frame-pointer -fstack-protector"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache fixpackages sandbox sfperms strict userpriv"
GENTOO_MIRRORS="ftp://ftp.snt.utwente.nl/pub/os/linux/gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/local/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="acl acpi berkdb crypt hardened mysql ncurses nls pam python readline samba selinux ssl tcpd vhosts x86 zlib"
|
Does anyone see what I'm missing here? |
|
| Back to top |
|
 |
nixnut
Bodhisattva
Joined: 09 Apr 2004
Posts: 10974
Location: the dutch mountains
|
| Posted: Sun Apr 11, 2004 4:37 pm Post subject: |
|
|
| Are you installing on a filesystem that supports extended attributes (i.e. ext2, ext3 or reiserfs)? |
|
| Back to top |
|
|
whyscream
n00b
Joined: 17 Feb 2004
Posts: 46
|
| Posted: Sun Apr 11, 2004 6:18 pm Post subject: |
|
|
Yes, all partitions are ext3. I did make more partitions than the manual suggests, but i don't see where this should interfere with my installation:
| Code: |
livecd root # mount
/dev/ram0 on / type ext2 (rw)
/dev/hdd on /mnt/cdrom type iso9660 (ro)
/dev/loop0 on /mnt/loop type ext2 (ro)
/dev/loop0 on /sbin type ext2 (ro)
/dev/loop0 on /lib type ext2 (ro)
/dev/loop0 on /boot type ext2 (ro)
/dev/loop0 on /usr type ext2 (ro)
/dev/loop0 on /opt type ext2 (ro)
/dev/loop0 on /bin type ext2 (ro)
none on /proc type proc (rw)
none on /sys type sysfs (rw)
none on /dev/pts type devpts (rw,gid=5,mode=620)
none on /selinux type selinuxfs (rw)
none on /proc/bus/usb type usbfs (rw)
/dev/hda2 on /mnt/gentoo type ext3 (rw)
/dev/hda1 on /mnt/gentoo/boot type ext3 (rw)
/dev/hda3 on /mnt/gentoo/usr type ext3 (rw)
/dev/hda5 on /mnt/gentoo/var type ext3 (rw)
/dev/hda6 on /mnt/gentoo/tmp type ext3 (rw)
proc on /mnt/gentoo/proc type proc (rw)
none on /mnt/gentoo/selinux type selinuxfs (rw)
none on /mnt/gentoo/var/tmp type tmpfs (rw,size=900M)
|
|
|
| Back to top |
|
|
nixnut
Bodhisattva
Joined: 09 Apr 2004
Posts: 10974
Location: the dutch mountains
|
| Posted: Sun Apr 11, 2004 6:44 pm Post subject: |
|
|
Hmm, that looks fine.
I haven't got a clue, sorry to say  . I installed from scratch too this week using the exact same files as you. No problems whatsoever (installing that is  ).
Mail the problem to gentoo-hardened list too: http://www.gentoo.org/main/en/lists.xml. Maybe somebody there knows what's going on. |
|
| Back to top |
|
|
whyscream
n00b
Joined: 17 Feb 2004
Posts: 46
|
| Posted: Sun Apr 11, 2004 7:33 pm Post subject: |
|
|
After reading your reply I tried to test the original setup and only used the '/' (root) and swap partitions. Strangely enough it works, and it just got past the gettext and sed compilations without problems. But insofar I don't see what was the problem in the first place...
I'll send it to the mailinglist anyway, to find out what was going on (and how I can still use all the partitions I want).
Thanks for the hint anyway :) |
|
| Back to top |
|
|
nixnut
Bodhisattva
Joined: 09 Apr 2004
Posts: 10974
Location: the dutch mountains
|
| Posted: Sun Apr 11, 2004 8:35 pm Post subject: |
|
|
Hmmm, on second thought...
this line looks suspicious:
| Code: | | none on /mnt/gentoo/var/tmp type tmpfs (rw,size=900M) |
I don't suppose you've bothered to save a mount output of the second run, just before executing bootstrap.sh? That would give us something to compare.
| Quote: | Thanks for the hint anyway  |
u zijt wellekome |
|
| Back to top |
|
|
whyscream
n00b
Joined: 17 Feb 2004
Posts: 46
|
| Posted: Sun Apr 11, 2004 9:50 pm Post subject: |
|
|
Someone on the gentoo-hardened mailinglist confirmed that the problem is the tmpfs mounted on /var/tmp. It doesn't support labeling, so emerge bailed out.
Bootstrapping succesfully on the original setup now :) |
|
| Back to top |
|
|
odessit
Apprentice
Joined: 01 Feb 2004
Posts: 180
Location: Current Residency - Server Room - Caution - Frostbite Imminent!
|
| Posted: Wed Jul 21, 2004 6:50 pm Post subject: |
|
|
| how exactly whas this fixed? I am into the same problem. |
|
| Back to top |
|
|
whyscream
n00b
Joined: 17 Feb 2004
Posts: 46
|
| Posted: Thu Jul 22, 2004 1:13 am Post subject: |
|
|
| The problem with tmpfs is that it doesn't support labeling. So there isn't exactly a fix, you should (can) only use filesystems that support labeling (last time I checked, it was only supported by ext2/ext3). |
|
| Back to top |
|
|
odessit
Apprentice
Joined: 01 Feb 2004
Posts: 180
Location: Current Residency - Server Room - Caution - Frostbite Imminent!
|
| Posted: Thu Jul 22, 2004 1:18 am Post subject: |
|
|
| my entire drive is formatted as EXT3, what else would I need? |
|
| Back to top |
|
|
whyscream
n00b
Joined: 17 Feb 2004
Posts: 46
|
| Posted: Thu Jul 22, 2004 9:43 am Post subject: |
|
|
| Can you post a more detailed explanation of your problem? If you are using ext3, your problem is different from the one above |
|
| Back to top |
|
|
odessit
Apprentice
Joined: 01 Feb 2004
Posts: 180
Location: Current Residency - Server Room - Caution - Frostbite Imminent!
|
| Posted: Thu Jul 22, 2004 4:04 pm Post subject: |
|
|
it did not like the -fomit-frame-pointer CFLAG for my P2
looks like it is being compiled now fine.
Thanks! |
|
| Back to top |
|
|
|
Installing Gentoo
