Hello again,
I'm hitting symptoms as described in the "Policy Store is Corrupt" section
of the troubleshooting page (
http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=2&chap=6
)
msi erik # semodule -n -B
libsemanage.semanage_link_sandbox: Could not access sandbox base file
/etc/selinux/strict/modules/tmp/base.pp. (No such file or directory).
semodule: Failed!
As directed, I re-emerge my sec-policy packages:
...
FEATURES="-selinux" emerge -1av $(qlist -IC sec-policy)
...
however selinux-base-policy fails. It gets through the sandbox install but
fails at the merge with:
Error opening /etc/selinux/strict/contexts/files/file_contexts.local: No
such file or directory
libsemanage.sefcontext_compile: sefcontext_compile returned error code 255.
Compiling /etc/selinux/strict/contexts/files/file_contexts.local
libsemanage.semanage_install_active: Could not copy
/etc/selinux/strict/modules/active/file_contexts.homedirs to
/etc/selinux/strict/contexts/files/file_contexts.homedirs. (No such file or
directory)
semodule: failed!
Any ideas? I'm sure this package merged successfully a couple days ago.
My 'emerge --info' is below. The build log isn't preserved (a cruel
portage lie).
Thanks in advance,
Erik
msi erik # emerge --info
'=sec-policy/selinux-base-policy-2.20130424-r4::gentoo'
Portage 2.2.8-r1 (hardened/linux/amd64/selinux, gcc-4.8.2, glibc-2.18-r1,
3.13.4-gentoo x86_64)
=================================================================
System Settings
=================================================================
System uname: Linux-3.13.4-gentoo-x86_64-Intel-R-_Core-TM-_i5_CPU_M_480_@
_2.67GHz-with-gentoo-2.2
KiB Mem: 5896244 total, 4990876 free
KiB Swap: 0 total, 0 free
Timestamp of tree: Wed, 26 Feb 2014 00:45:01 +0000
ld GNU ld (GNU Binutils) 2.24
app-shells/bash: 4.2_p45-r1
dev-java/java-config: 2.2.0
dev-lang/python: 2.7.6, 3.3.4
dev-util/cmake: 2.8.12.2
dev-util/pkgconfig: 0.28
sys-apps/baselayout: 2.2
sys-apps/openrc: 0.12.4
sys-apps/sandbox: 2.6-r1
sys-devel/autoconf: 2.13, 2.69
sys-devel/automake: 1.14.1
sys-devel/binutils: 2.24-r2
sys-devel/gcc: 4.8.2
sys-devel/gcc-config: 1.8
sys-devel/libtool: 2.4.2
sys-devel/make: 4.0-r1
sys-kernel/linux-headers: 3.13 (virtual/os-headers)
sys-libs/glibc: 2.18-r1
Repositories: gentoo
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="* -@EULA google-chrome"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d
/etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild
/etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs candy config-protect-if-modified
distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch
preserve-libs protect-owned sandbox selinux sesandbox sfperms strict
unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv
usersandbox usersync webrsync-gpg xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j5"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times
--omit-dir-times --compress --force --whole-file --delete --stats
--human-readable --timeout=180 --exclude=/distfiles --exclude=/local
--exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
USE="amd64 berkdb bindist bzip2 cleartype cli corefonts cracklib crypt cxx
dri gdbm hardened iconv ipv6 justify mmx modules multilib ncurses nls nptl
open_perms openmp pam pcre readline selinux session sse sse2 ssl tcpd
truetype type1 unicode urandom xtpax zlib" ABI_X86="64" ALSA_CARDS="ali5451
als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371
es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio
via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core
socache_shmcb unixd actions alias auth_basic authn_alias authn_anon
authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile
authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs
dav_lock deflate dir disk_cache env expires ext_filter file_cache filter
headers include info log_config logio mem_cache mime mime_magic negotiation
rewrite setenvif speling status unique_id userdir usertrack vhost_alias"
CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon
braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load
memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm
earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip
navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2
timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="keyboard mouse evdev"
KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216
lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console
presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice"
PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7"
PYTHON_TARGETS="python2_7 python3_3" RUBY_TARGETS="ruby19 ruby18"
USERLAND="GNU" VIDEO_CARDS="intel nouveau i965" XTABLES_ADDONS="quota2 psd
pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition
tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL,
PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS,
PORTAGE_RSYNC_EXTRA_OPTS, SYNC, USE_PYTHON
=================================================================
Package Settings
=================================================================
sec-policy/selinux-base-policy-2.20130424-r4 was built with the following:
USE="(multilib) (selinux) unconfined" ABI_X86="64"
I'm hitting symptoms as described in the "Policy Store is Corrupt" section
of the troubleshooting page (
http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=2&chap=6
)
msi erik # semodule -n -B
libsemanage.semanage_link_sandbox: Could not access sandbox base file
/etc/selinux/strict/modules/tmp/base.pp. (No such file or directory).
semodule: Failed!
As directed, I re-emerge my sec-policy packages:
...
FEATURES="-selinux" emerge -1av $(qlist -IC sec-policy)
...
however selinux-base-policy fails. It gets through the sandbox install but
fails at the merge with:
Error opening /etc/selinux/strict/contexts/files/file_contexts.local: No
such file or directory
libsemanage.sefcontext_compile: sefcontext_compile returned error code 255.
Compiling /etc/selinux/strict/contexts/files/file_contexts.local
libsemanage.semanage_install_active: Could not copy
/etc/selinux/strict/modules/active/file_contexts.homedirs to
/etc/selinux/strict/contexts/files/file_contexts.homedirs. (No such file or
directory)
semodule: failed!
Any ideas? I'm sure this package merged successfully a couple days ago.
My 'emerge --info' is below. The build log isn't preserved (a cruel
portage lie).
Thanks in advance,
Erik
msi erik # emerge --info
'=sec-policy/selinux-base-policy-2.20130424-r4::gentoo'
Portage 2.2.8-r1 (hardened/linux/amd64/selinux, gcc-4.8.2, glibc-2.18-r1,
3.13.4-gentoo x86_64)
=================================================================
System Settings
=================================================================
System uname: Linux-3.13.4-gentoo-x86_64-Intel-R-_Core-TM-_i5_CPU_M_480_@
_2.67GHz-with-gentoo-2.2
KiB Mem: 5896244 total, 4990876 free
KiB Swap: 0 total, 0 free
Timestamp of tree: Wed, 26 Feb 2014 00:45:01 +0000
ld GNU ld (GNU Binutils) 2.24
app-shells/bash: 4.2_p45-r1
dev-java/java-config: 2.2.0
dev-lang/python: 2.7.6, 3.3.4
dev-util/cmake: 2.8.12.2
dev-util/pkgconfig: 0.28
sys-apps/baselayout: 2.2
sys-apps/openrc: 0.12.4
sys-apps/sandbox: 2.6-r1
sys-devel/autoconf: 2.13, 2.69
sys-devel/automake: 1.14.1
sys-devel/binutils: 2.24-r2
sys-devel/gcc: 4.8.2
sys-devel/gcc-config: 1.8
sys-devel/libtool: 2.4.2
sys-devel/make: 4.0-r1
sys-kernel/linux-headers: 3.13 (virtual/os-headers)
sys-libs/glibc: 2.18-r1
Repositories: gentoo
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="* -@EULA google-chrome"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d
/etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild
/etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs candy config-protect-if-modified
distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch
preserve-libs protect-owned sandbox selinux sesandbox sfperms strict
unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv
usersandbox usersync webrsync-gpg xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j5"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times
--omit-dir-times --compress --force --whole-file --delete --stats
--human-readable --timeout=180 --exclude=/distfiles --exclude=/local
--exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
USE="amd64 berkdb bindist bzip2 cleartype cli corefonts cracklib crypt cxx
dri gdbm hardened iconv ipv6 justify mmx modules multilib ncurses nls nptl
open_perms openmp pam pcre readline selinux session sse sse2 ssl tcpd
truetype type1 unicode urandom xtpax zlib" ABI_X86="64" ALSA_CARDS="ali5451
als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371
es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio
via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core
socache_shmcb unixd actions alias auth_basic authn_alias authn_anon
authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile
authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs
dav_lock deflate dir disk_cache env expires ext_filter file_cache filter
headers include info log_config logio mem_cache mime mime_magic negotiation
rewrite setenvif speling status unique_id userdir usertrack vhost_alias"
CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon
braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load
memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm
earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip
navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2
timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="keyboard mouse evdev"
KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216
lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console
presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice"
PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7"
PYTHON_TARGETS="python2_7 python3_3" RUBY_TARGETS="ruby19 ruby18"
USERLAND="GNU" VIDEO_CARDS="intel nouveau i965" XTABLES_ADDONS="quota2 psd
pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition
tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL,
PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS,
PORTAGE_RSYNC_EXTRA_OPTS, SYNC, USE_PYTHON
=================================================================
Package Settings
=================================================================
sec-policy/selinux-base-policy-2.20130424-r4 was built with the following:
USE="(multilib) (selinux) unconfined" ABI_X86="64"