[gentoo-hardened] "/usr/bin/install: cannot stat `id.mo': No such file or directory" when installing policycoreutils
Hi All, I am following the selinux-guide Sven updated recently on a VM with a clean install. I started with the hardened stage 3 as recommended and am using the latest stable hardened sources. At step 4.2.2 (Install policies and utilities) the emerge fails with the error: /usr/bin/install: cannot stat `id.mo': No such file or directory for the policycoreutils. The failure occurs during the install step. On Google, I found this error in a debian bugreport [1]. Has anyone run into this yet and is there a solution to this with Gentoo? Many thanks, Joost [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640630
Re: [gentoo-hardened] Updated SELinux handbook
On Sat, October 15, 2011 8:41 pm, Sven Vermeulen wrote: > Thoughts and comments always welcome. Saying "Current one is better" is > also accepted ;) Hi Sven, Thank you for your work on this. I am currently using the guide to see how SELinux works. In 4.1.5, the only ~arch package that is listed (sys-process/vixie-cron-4.1-r11) is alread available with "amd64". Are there any other packages that need to be unmasked? -- Joost
Re: [gentoo-hardened] "/usr/bin/install: cannot stat `id.mo': No such file or directory" when installing policycoreutils
On Wed, October 19, 2011 2:35 pm, Sven Vermeulen wrote: > On Wed, Oct 19, 2011 at 02:32:14PM +0200, J. Roeleveld wrote: >> I am following the selinux-guide Sven updated recently on a VM with a >> clean install. >> I started with the hardened stage 3 as recommended and am using the >> latest >> stable hardened sources. >> >> At step 4.2.2 (Install policies and utilities) the emerge fails with the >> error: >> >> /usr/bin/install: cannot stat `id.mo': No such file or directory >> >> for the policycoreutils. >> The failure occurs during the install step. > > Yes, this should be fixed in policycoreutils-2.0.82-r1 (and higher) but it > is still in ~arch. I'll see to it that it gets stabilized. Thanks. I'll continue my testing with "policycoreutils-2.0.82-r1". -- Joost
Re: [gentoo-hardened] Updated SELinux handbook
On Wed, October 19, 2011 2:38 pm, Sven Vermeulen wrote: > On Wed, Oct 19, 2011 at 02:35:31PM +0200, J. Roeleveld wrote: >> Are there any other packages that need to be unmasked? > > There shouldn't be, although we're quite near a stabilization of the more > recent userspace utilities now (which is needed for the latest policies). If you think it is usefull, can you provide me with a list of which packages and versions are going to be stabilized soon and I will do the test with those versions. Then we're certain they'll do fine on a clean install done according to the guide :) -- Joost
Re: [gentoo-hardened] Updated SELinux handbook
On Wed, October 19, 2011 2:38 pm, Sven Vermeulen wrote: > On Wed, Oct 19, 2011 at 02:35:31PM +0200, J. Roeleveld wrote: >> Thank you for your work on this. I am currently using the guide to see >> how >> SELinux works. >> >> In 4.1.5, the only ~arch package that is listed >> (sys-process/vixie-cron-4.1-r11) is alread available with "amd64". > > Ah yes, the package was stabilized. I'll update the documents accordingly. Not sure if both work, but shouldn't the file for unmasking packages be: "/etc/portage/package.keywords" or "/etc/portage/package.keywords/" ? That's the file I have been using for years now to unmask files. -- Joost
Re: [gentoo-hardened] Updated SELinux handbook
On Wed, October 19, 2011 2:51 pm, Sven Vermeulen wrote: > On Wed, Oct 19, 2011 at 2:46 PM, J. Roeleveld wrote: >> If you think it is usefull, can you provide me with a list of which >> packages and versions are going to be stabilized soon and I will do the >> test with those versions. >> Then we're certain they'll do fine on a clean install done according to >> the guide :) > > If I'm not mistaken, that would be: > > sys-libs/libselinux > sys-apps/policycoreutils > sys-libs/libsemanage > sys-libs/libsepol > app-admin/setools > dev-python/sepolgen > sys-apps/checkpolicy > sec-policy/* > > Wkr, > Sven Vermeulen To the latest ~amd64? Or to which version? :) -- Joost > > >
Re: [gentoo-hardened] Updated SELinux handbook
On Wed, October 19, 2011 2:56 pm, Sven Vermeulen wrote: > On Wed, Oct 19, 2011 at 2:54 PM, J. Roeleveld wrote: >> To the latest ~amd64? Or to which version? :) > > Latest is fine (for now ;-) > > Wkr, > Sven Vermeulen Ok, selecting latest. Compared to the latest snapshot, there is a newer gcc (4.5) then in the snapshot (4.4). Does it make sense to recompile everything with 4.5 (IOW, emerge -e world)? Am asking due to a message related to PAX_MEMORY_STACKLEAK when compiling the kernel. -- Joost
Re: [gentoo-hardened] The state of grsecurity in gentoo
On Wednesday 02 September 2015 12:13:33 Anthony G. Basile wrote: > I'm hoping that once this company feels the sting of what has just > happened, they'll come back to the table and talk with Grsec/PaX people. > They won't be able to ship boards with grsec anymore because its not so > easy to switch out a kernel on a board! If they ship a board with a > bug, they loose. We just reboot :) > > [1] https://grsecurity.net/ I accept their reasons for not listing the company/companies involved. But I would like to know which companies are causing this, so I can avoid supporting them. -- Joost
