jah2 n00b
Joined: 17 Nov 2004 Posts: 53 Location: NC
|
Posted: Wed Sep 18, 2013 1:02 pm Post subject: 3.10.1-hardened-r1, TPE and emerge errors |
|
|
I'm using the hardened-sources kernel and have Grsecurity configured with Configuration Method (Automatic) and Usage Type (Server). TPE settings are:
CONFIG_GRKERNSEC_TPE_TRUSTED_GID=10
CONFIG_GRKERNSEC_TPE=y
CONFIG_GRKERNSEC_TPE_ALL=y
CONFIG_GRKERNSEC_TPE_INVERT=y
CONFIG_GRKERNSEC_TPE_GID=10
After upgrading to 3.10.1-hardened-r1 emerge started erroring out with errors like:
Code: | /var/tmp/portage/dev-libs/openssl-1.0.1e-r1/temp/environment: ./config: /bin/sh: bad interpreter: Permission denied |
Which is the result of TPE denying "untrusted exec" in /var/tmp for the portage user:
Code: | denied untrusted exec (due to not being in trusted group and file in non-root-owned directory) of /var/tmp/portage/dev-libs/openssl-1.0.1e-r1/work/openssl-1.0.1e/config by /var/tmp/portage/dev-libs/openssl-1.0.1e-r1/work/openssl-1.0.1e/config[ebuild.sh:2189] uid/euid:250/250 gid/egid:250/250, parent /usr/lib64/portage/bin/ebuild.sh[ebuild.sh:1822] uid/euid:250/250 gid/egid:250/250 |
For now I added the portage user to the wheel (10) group but my question is, what is the best practices way of handling this issue? My temporary solution doesn't seem like the best permanent fix. Oddly, this only started happening after updating to 3.10.1 but my TPE settings were the same with previous kernels. |
|