SELinux & Permission Denied for /dev/null in glibc ch.6

Declan Moriarty junk_mail at iol.ie
Wed May 17 10:17:25 PDT 2006


On Wed, 2006-05-17 at 14:40 +0100, Declan Moriarty wrote:
> > > touch /dev/null - succeeds
> > > echo "fart" > /dev/null gets permission denied error.
> > > echo "fart" > /dev/file succeeds
> > > /dev/null is 0666
> Well, I'm just a little wiser. It's reassuring to know I hadn't done
> something laughably silly again :).
> 
> There are two modes of SELinux, the full monty and a 'targeted' mode. By
> default distros are using the targeted mode, which targets a number of
> server daemons, including syslogd. 
> 
> The attached file from the logs shows SELinux jumping up at everything
> like tmpfs, sysfs and dev and assigning them obscure ways of being
> handled. The search +xattr +"transition SIDs" +genfs_context  might get
> you to an interesting coder's page on this SELinux somewhere. I don't
> have /usr/bin/setstatus, btw.
> 
> Let's think about options. 
> 
> 1. Somebody might know how to get out of this, or mebbe figure it.
> You guys are going to get more of this.

Okay, under SELinux apparently you can rely on nothing in the weirdo
filesystems, (sysfs, tmpfs, dev/pts, proc) because SELinux decides
whether they should have device nodes or not. Even the chapter 5 that I
built seemed flawed (see below). As soon as you start mounting things
like sysfs into $LFS as well, it gets nasty. /etc/mtab or /proc/mounts
tells you everything is there (at least once) but when you go to unmount
it, it wasn't there at all!

> 2. I'll ask elsewhere, and maybe get a way out.
> 
> 3. hlfs just may work for me, as I have the static compiler from ch. 5.
> I don't look forward to meeting pax or grsecurity there. 

HLFS should compile another hlfs, so it should compile lfs. The
_last_thing I want to do is ressurect my old lfs5 system from a backup.
But hlfs 'cannot compute the suffix of executables' in chapter 6. :-(.
A little checking on this one showed gcc -v  wouldn't run. i686-pc-
linux-gnu-gcc likewise. But i686-pc-linux-gnu-c++ or g++ happily gave me
a version number. I got permission denied as root, when perms were
fine..

Have you guys being adding weird bits to the recipe lately??

> 4. How much ram do you need for the livecd approach?
>  
I decided to wipe chapter 5, go in at the bottom, and try this. I had
the lfs-6.0 livecd here. Evidently 512MB is enough. I got as far as an
error with flex, and when I started checking, it was linking to the
wrong places :-((.




More information about the lfs-support mailing list