Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
unmerged libselinux now system horked [SOLVED]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
4est
n00b
n00b


Joined: 27 Feb 2007
Posts: 13

PostPosted: Wed Aug 20, 2008 3:17 pm    Post subject: unmerged libselinux now system horked [SOLVED] Reply with quote

I unmerged libselinux and now if I run commands like ls I get:
ls: error while loading shared libraries: libselinux.so.1: cannot open shared opject file: No such file or directory

During the boot I get:
* Mounting /dev ... [ok]
mknod: error whyile loading shared libraries: libselinux.so.1: cannot open shared object file: No such file or directory
mknod: error whyile loading shared libraries: libselinux.so.1: cannot open shared object file: No such file or directory
mknod: error whyile loading shared libraries: libselinux.so.1: cannot open shared object file: No such file or directory
mkdir: error whyile loading shared libraries: libselinux.so.1: cannot open shared object file: No such file or directory
mkdir: error whyile loading shared libraries: libselinux.so.1: cannot open shared object file: No such file or directory
/lib/udev/write_root_link_rule: line 25: /dev/.udev/rules.d/10-root-link.rules: No such file or directory
/lib/udev/write_root_link_rule: line 26: /dev/.udev/rules.d/10-root-link.rules: No such file or directory
/lib/udev/write_root_link_rule: line 27: /dev/.udev/rules.d/10-root-link.rules: No such file or directory
* starting udevd ... [ok]
* Populating /dev/with existing devices through uevents ... [ok]
* Waiting for uevents to be processed ... [ok]
* Could not create /dev/pts!
*checking root filesystem ...
bla bla bla
* Mounting local filesystems ...
mount: mount point /dev/shm does not exist
* Some local filesystem failed to mount [!!]
bla bla bla
* Could not create needed directory '/var/lib/init.d/failed'!
* Caching service dependencies ...
ls: error while loading shared libraries: libselinux.so.1: cannot open shared opject file: No such file or directory
* No scripts to process!
bash: /var/lib/init.d/depcache: No shch file or directory
mv: error while loading shared libraries: libselinux.so.1 cannot open shared opject file: No such file or directory
-:0: assertion failed: system(mv /var/lib/init.d/treecache.Rai2qb4 /var/lib/init.d/deptree)
* Failed to cache service dependencies [!!]
* Could not create needed directory '/var/lib/init.d/failed/!
* Caching service dependencies ...
ls: error while loading shared libraries: libselinux.so.1: cannot open shared opject file: No such file or directory
* No scripts to process!
bash: /var/lib/init.d/depcache: No shch file or directory
mv: error while loading shared libraries: libselinux.so.1 cannot open shared opject file: No such file or directory
-:0: assertion failed: system(mv /var/lib/init.d/treecache.Rai2qb4 /var/lib/init.d/deptree)
* Failed to cache service dependencies [!!]

* Error running '/sbin/depscan.sh'!
* Please correct any problems above.
* Could not create needed directory '/var/lib/init.d/failed/!
* Caching service dependencies ...
ls: error while loading shared libraries: libselinux.so.1: cannot open shared opject file: No such file or directory
* No scripts to process!
bash: /var/lib/init.d/depcache: No shch file or directory
mv: error while loading shared libraries: libselinux.so.1 cannot open shared opject file: No such file or directory
-:0: assertion failed: system(mv /var/lib/init.d/treecache.Rai2qb4 /var/lib/init.d/deptree)
* Failed to cache service dependencies [!!]

* Error running '/sbin/depscan.sh'!
* Please correct any problems above.
INIT: Entering runlevel: 3
* Could not create needed directory '/var/lib/init.d/failed/!
* Caching service dependencies ...

* Error running '/sbin/depscan.sh'!
* Please correct any problems above.

This is (none).unknown_domain (Llinux i686 2.6.24-gentoo-r8) 09:17:15

(none login:




I really don't want to rebuild this box.
Please help!


Last edited by 4est on Wed Aug 20, 2008 11:38 pm; edited 1 time in total
Back to top
View user's profile Send private message
zyko
l33t
l33t


Joined: 01 Jun 2008
Posts: 617
Location: Munich, Germany

PostPosted: Wed Aug 20, 2008 3:50 pm    Post subject: Reply with quote

I couldn't find a pre-built version on tinderbox, tough luck. Do you have a Live-CD or are you stuck with no working system, no Live-CD and no CD burning hardware (which would be the prediction based on Murphy's Law)?

If you have a Live-CD, you can boot it, fetch some stage3 and portage tarballs, chroot into a basic gentoo env and emerge libselinux with --buildpkgonly. That will generate you a tbz2 file which you can then unpack in your Gentoo install.
Back to top
View user's profile Send private message
4est
n00b
n00b


Joined: 27 Feb 2007
Posts: 13

PostPosted: Wed Aug 20, 2008 4:03 pm    Post subject: Reply with quote

I'll make a livecd, I was hoping that something like this could be done.

Question,
1. Does one really need selinux?
2. If not, what would be the correct way of removing it?


Thanks for the fix! :)
Back to top
View user's profile Send private message
zyko
l33t
l33t


Joined: 01 Jun 2008
Posts: 617
Location: Munich, Germany

PostPosted: Wed Aug 20, 2008 4:22 pm    Post subject: Reply with quote

Quote:
1. Does one really need selinux?


If you have to ask, I would guess that you don't. What is the purpose of the system in question? If it's an ordinary PC that doesn't store highly classified documents about the government's involvement in UFO-related abductions (or any such things that must not be accessed by anyone), you probably might be able to live without SElinux.

However there must have been a reason why you went through the trouble of installing it in the first place.
Back to top
View user's profile Send private message
4est
n00b
n00b


Joined: 27 Feb 2007
Posts: 13

PostPosted: Wed Aug 20, 2008 4:54 pm    Post subject: Reply with quote

To be honest, I don't even know when I would have put it on, selinux is in my use flags to my surprise.
I have quite a few gentoo boxes, and this one is a much older installation than the others.
I do do quite a bit of experimenting with gentoo on it.

Thanks for the help.
I'll try it asap.
Back to top
View user's profile Send private message
zyko
l33t
l33t


Joined: 01 Jun 2008
Posts: 617
Location: Munich, Germany

PostPosted: Wed Aug 20, 2008 5:08 pm    Post subject: Reply with quote

Is it a server connected to the internet?

If you didn't consciously install SElinux, it might have been pulled in by the USE flag. You should try to remove it (globally) and emerge -pvutND world.
Back to top
View user's profile Send private message
4est
n00b
n00b


Joined: 27 Feb 2007
Posts: 13

PostPosted: Wed Aug 20, 2008 7:00 pm    Post subject: Reply with quote

Can you tell me if I'm doing something wrong.
I booted the 2008 live cd
mkdir 3
mount /dev/sda3 /root/3
links -> and got stage3-i686-2008.tar.bz2
chroot /root/3 bin/bash
ls
ls: error while loading shared libraries: libselinux.so.1: cannot open shared object file: No such file or directory
emerge --buildpkgonly libselinux
calculaging dependencies
!!! all ebuilds that could satisfy "sys-libs/libselinux" have been masked
bla bla
Back to top
View user's profile Send private message
zyko
l33t
l33t


Joined: 01 Jun 2008
Posts: 617
Location: Munich, Germany

PostPosted: Wed Aug 20, 2008 8:12 pm    Post subject: Reply with quote

Is /dev/sda3 your *real* root partition? If so, you're chrooting into your defective installation. You need to create a new temporary environment from a stage3 tarball (+portage) and chroot into that.
Back to top
View user's profile Send private message
4est
n00b
n00b


Joined: 27 Feb 2007
Posts: 13

PostPosted: Wed Aug 20, 2008 9:21 pm    Post subject: Reply with quote

yes /dev/sda3 is the real /
could you tell me how to do what your saying?
Back to top
View user's profile Send private message
4est
n00b
n00b


Joined: 27 Feb 2007
Posts: 13

PostPosted: Wed Aug 20, 2008 11:37 pm    Post subject: Solved Reply with quote

copied portage stage3 from the livecd to /dev/sda3
tar xjpf stage*
chroot /3 /bin/bash
emerge --usepkgonly selinux

and it worked...
however
It added more than selinux
deleted my fstab
removed /sbin/udevtrigger
something with eth0 -not fixed yet
removed user avahi and haldaemon and my user
removed grp netdev and plugdev
and I can't login as root or anything else, but at lease it is fixable from here. !!!!!


Thanks so much for your help.
Back to top
View user's profile Send private message
zyko
l33t
l33t


Joined: 01 Jun 2008
Posts: 617
Location: Munich, Germany

PostPosted: Thu Aug 21, 2008 11:07 am    Post subject: Reply with quote

Whoa, that sounds painful.

It looks like you have unpacked the stage3.tar in your (real) root directory, which would have overwritten your gentoo installation. Is that correct?

I'm sorry I didn't make it clear. The right way to do it looks like this, and I suggest you do this again, so that we have the same starting point:

After booting the Live CD:

Code:
mkdir -p /mnt/realroot
mount /dev/sda3 /mnt/realroot
mkdir -p /mnt/realroot/mnt/fakeroot


This creates an empty folder (fakeroot) on sda3 for you to unpack the tarballs into. Download and unpack them:

Code:
wget http://mirror.usu.edu/mirrors/gentoo/releases/x86/2008.0/stages/stage3-x86-2008.0.tar.bz2
wget http://mirror.usu.edu/mirrors/gentoo/snapshots/portage-latest.tar.bz2
tar xvfp stage3-x86-2008.0.tar.bz2 -C /mnt/realroot/mnt/fakeroot/
tar xvfp portage-latest.tar.bz2 -C /mnt/realroot/mnt/fakeroot/usr/


Prepare the environment and chroot into it:

Code:
cp -a /etc/resolv.conf /mnt/realroot/mnt/fakeroot/etc/
mount -t proc none /mnt/realroot/mnt/fakeroot/proc
mount -o bind /dev /mnt/realroot/mnt/fakeroot/dev
chroot /mnt/realroot/mnt/fakeroot /bin/bash
env-update
source /etc/profile


You're in a brand new Gentoo environment now. Create your libselinux package:

Code:
emerge eselect
eselect profile list
...
eselect profile set 6 # let's use the selinux/2007.0/x86 profile so portage does not complain, on my rig, it's profile [6]
emerge -pvt libselinux # this tells us that sys-libs/libsepol is a dependency we need
emerge libsepol

# we now have everything we need to build libselinux

emerge --buildpkgonly libselinux


Did it work? Hit Ctrl+D to get out of the chroot. Now look inside /mnt/realroot/mnt/fakeroot/usr/portage/packages.

sys-libs/libselinux-1.34.14.tbz2 should be there! That is your libselinux binary! Uncompress that into /mnt/realroot!

Now, chroot again, this time into your real root.

Code:
chroot /mnt/realroot /bin/bash
env-update
source /etc/profile


You can now try to fix your system up. Set a password for root ("passwd root"), create needed users etc.

I suggest that you do an "emerge -pvte system". You do not have to run this without --pretend right now, but look at the output, maybe it tells you something worth knowing. If you have the time, proceed with "emerge -e system" now. Otherwise, try to reboot without the Live CD.

I hope this works out the way we imagine ;)

Sorry again for being unspecific before!
Back to top
View user's profile Send private message
miroR
Guru
Guru


Joined: 05 Mar 2008
Posts: 445

PostPosted: Tue Aug 23, 2011 11:45 pm    Post subject: SELinux will b0rk you system thru! Have backup from now on! Reply with quote

zyko wrote:
...
Sorry again for being unspecific before!

No! You were specific enough! 4est panicked and got confused.
Happens to all of us at times.
Well, who on earth need to be talking nice anymore about this stupid SELinux program!
I got into similar trouble as the 4est's above.
God! Thank you for me having backed up my system, and for the sake of poor people not knowing how to properly back their system up, I think the best advice to say here is, as follows!

Firstly
Don't ever think about coming any closer than the word itself to SELinux. There is hardly anywhere a program so stupid and so hard to understand, let alone to put to truly good use as SELinux is (well maybe Billy and the Gang still have worse than that... hardly anyone else in the world).

Secondly
My mere unmerging
Code:
# emerge -C sys-libs/libselinux

got my box into a state, as can be understood from the post above, and from many other posts in the forum, but not from SELinux Gentoo docs, and I am not publicly writing what my suspicion is, will just say, a shame, and that is an understatement...
...into a state of irreparable b0rkedness, and will do the same to anyone else probably, so this is just an afterthought:
Have a backup!

Have a backup of your system! Have a separate partition where you keep your ordinary user data, but have a backup of your system devices with, well, I've been using, I can tell from memory as I have been using it for years and it just... I don't remember that it ever didn't work... just works!
Code:
dd if=/dev/your_system_partition_1 | gzip -6c | split -d -b1085m - 

Code:
dd if=/dev/your_system_partition_2 | gzip -6c | split -d -b1085m - date-time_taken__your_system_partition_2.dd

and so on...
Of course, I forgot to say upfront, from liveCD, or SystemRescueCD! And it mustn't be mounted.
Once something like SELinux b0rks your system completely (though you will agree that few other things in the Linux world are as stupid as SELinux, truly few... pls. understand, I support Hardened Linux, just not SELinux. I am installing Brad Spengler's grsecurity onto my box right when I get it into the day before yesterday's state from backup!)
And so, once something like SELinux b0rks your system thru, the stowed away backup files can be, again from LiveCD or somesuch, be restored, to the bit, to the very single bit, restored into your precious system devices with:
(Note. If the sytem_partition_1 is large, you will get a few of these:
Code:
date-time_taken__your_system_partition_1.dd00
date-time_taken__your_system_partition_1.dd01
date-time_taken__your_system_partition_1.dd02

if not, just the first one. Anyway:
Code:
cat date-time_taken__your_system_partition_1.dd?? | gunzip | dd of=/dev/your_system_partition_1

Repeat similarly for other partitions devices images.
You have an example, how I backed up and restored (but the topic is different there) a partition here:
http://www.sysresccd.org/forums/viewtopic.php?f=1&t=3303
Search for:
Code:
dd if=/dev/sdf2

and:
Code:
dd of=/dev/sdf2

That's not too much to understand!
And there's always the chance of people promoting stupid things for stinking reasons...
Patriot Act is probably better for free speech and freedom in the U.S.A. than NSA's SELinux is for the Linux community. Stay clear! Stay clear from it!
(And to think that in all these years, noone dared to put a clear warning somewhere visible and findable about the risk of installing SELinux, somewhere close enough to things that people read when they decide on Hardened Linux? Again, I'll be installing Pax and grsecurity, and reinstalling hardened-sources, the odd one out is only SELinux!)

((Because it's the same stupid unmerging of libselinux that b0rked my box! The same that ruined 4est's more three years ago and God knows how many other people's boxes in the meantime, in all the three years of this period of time! Jesus, save us!))
Back to top
View user's profile Send private message
miroR
Guru
Guru


Joined: 05 Mar 2008
Posts: 445

PostPosted: Wed Aug 24, 2011 3:16 am    Post subject: Re: SELinux will b0rk you system thru! Have backup from now Reply with quote

miroR wrote:
...I am installing Brad Spengler's grsecurity onto my box right when I get it into the day before yesterday's state from backup!...

Installing (lost --only-- these two days' worth work)...
This (just found) is how things stand, dear people:
http://www.crmbuyer.com/story/39565.html
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum