| View previous topic :: View next topic |
| Author |
Message |
vcmota
Guru
Joined: 19 Jun 2017
Posts: 401
|
 Posted: Tue Apr 22, 2025 5:57 pm Post subject: [SOLVED] X, portage, etc broken with newer kernels |
 |
|
I have a computer with gentoo installed which was asking for a profile update for almost a year, and I have been ignoring the call. However, one month ago I finally decided to update the profile. After many small issues I managed to successfully bring back the computer from the dead, and I have now an updated version which works with the old kernel:
| Code: |
~> uname -r
6.1.28-gentoo-x86_64
~> eselect profile list | grep "*"
[59] default/linux/amd64/23.0/split-usr/hardened/selinux (stable) *
~>
|
When I say "works" what I mean is that everything seems to be working: portage, X, all programs that I have tried to run those days, etc. But when I reboot with the newer kernel, nothing works: neither X nor portage. It seems to be some deep permission issue because both Xorg and portage (emerge, eselect, etc...) fails with permission issues. It is surely kernel related, because no problem whatsoever arises with the old (6.1.28 ) kernel.
Last edited by vcmota on Wed Apr 23, 2025 8:09 pm; edited 1 time in total |
|
| Back to top |
|
 |
vcmota
Guru
Joined: 19 Jun 2017
Posts: 401
|
| Posted: Tue Apr 22, 2025 6:30 pm Post subject: |
|
|
There were relevant missing information from my post.
This is the log from Xorg when I boot with the newer kernel. By the way, before I realize that portage was also broken, I tried multiple workarounds and the only one with some effect was this:
| Code: |
~> sudo chown vinicius /dev/tty7
|
However, It did not solved the whole Xorg issue: although the workaraound allowed me to login with my windown manager (dwm), neither the keyboard not the mouse were working at all.
Regarding portage, this is the error I got whenever I try to emerge anything after booting with the newer kernel. The error shown is for "emerge vim", but portage fails with a similar error for whatever package I try to emerge.
Since I realized the problem was likely in the kernel, I tried to recompile and install the newer kernel with the old config file. This is what i did:
| Code: |
root ~> cd /usr/src/linux
root /usr/src/linux ~> zcat /proc/config.gz > /usr/src/working.config-6.1.28
root /usr/src/linux ~> cp /usr/src/working.config-6.1.28 /usr/src/linux/.config
root /usr/src/linux ~> make oldconfig
root /usr/src/linux ~> make && make modules_install
root /usr/src/linux ~> make install
root /usr/src/linux ~> dracut --force -H --add lvm --kver 6.12.21-gentoo-x86_64
root /usr/src/linux ~> grub-mkconfig -o /boot/grub/grub.cfg
|
It did not solve the issue. For completeness, this is my emerge --info:
| Code: |
~> emerge --info
Portage 3.0.67 (python 3.12.10-final-0, default/linux/amd64/23.0/split-usr/hardened/selinux, gcc-14, glibc-2.40-r8, 6.1.28-gentoo-x86_64 x86_64)
=================================================================
System uname: Linux-6.1.28-gentoo-x86_64-x86_64-Intel-R-_Core-TM-_i7-8700_CPU_@_3.20GHz-with-glibc2.40
KiB Mem: 16170104 total, 13474616 free
KiB Swap: 16777212 total, 16777212 free
Timestamp of repository gentoo: Mon, 14 Apr 2025 11:45:00 +0000
Head commit of repository gentoo: 40481b72359b63038fa444d69b8ae1a7cd2fe2c7
sh bash 5.2_p37
ld GNU ld (Gentoo 2.44 p1) 2.44.0
app-misc/pax-utils: 1.3.8::gentoo
app-shells/bash: 5.2_p37::gentoo
dev-build/autoconf: 2.72-r1::gentoo
dev-build/automake: 1.17-r1::gentoo
dev-build/cmake: 3.31.5::gentoo
dev-build/libtool: 2.5.4::gentoo
dev-build/make: 4.4.1-r100::gentoo
dev-build/meson: 1.7.0::gentoo
dev-lang/perl: 5.40.0-r1::gentoo
dev-lang/python: 3.12.10::gentoo, 3.13.3::gentoo
dev-lang/rust-bin: 1.84.1-r2::gentoo
llvm-core/clang: 19.1.7::gentoo
llvm-core/llvm: 19.1.7::gentoo
sec-policy/selinux-base: 2.20240916-r1::gentoo
sys-apps/baselayout: 2.17::gentoo
sys-apps/openrc: 0.56::gentoo
sys-apps/sandbox: 2.39::gentoo
sys-devel/binutils: 2.44::gentoo
sys-devel/binutils-config: 5.5.2::gentoo
sys-devel/gcc: 14.2.1_p20241221::gentoo
sys-devel/gcc-config: 2.12.1::gentoo
sys-kernel/linux-headers: 6.12::gentoo (virtual/os-headers)
sys-libs/glibc: 2.40-r8::gentoo
sys-libs/libselinux: 3.7-r1::gentoo
Repositories:
gentoo
location: /var/db/repos/gentoo
sync-type: rsync
sync-uri: rsync://rsync.gentoo.org/gentoo-portage
priority: -1000
volatile: False
sync-rsync-extra-opts:
sync-rsync-verify-jobs: 1
sync-rsync-verify-metamanifest: yes
sync-rsync-verify-max-age: 24
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="@FREE"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -pipe"
DISTDIR="/var/cache/distfiles"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg-live config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync merge-wait multilib-strict network-sandbox news nostrip parallel-fetch pkgdir-index-trusted preserve-libs protect-owned qa-unresolved-soname-deps sandbox selinux sesandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="https://gentoo.c3sl.ufpr.br/ http://gentoo.c3sl.ufpr.br/ rsync://gentoo.c3sl.ufpr.br/gentoo/"
LANG="pt_BR.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-z,pack-relative-relocs"
LEX="flex"
LINGUAS="en pt pt_BR zh zn_CN"
MAKEOPTS="-j7"
PKGDIR="/var/cache/binpkgs"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
SHELL="/bin/bash"
USE="X acl acpi alsa amd64 audit bzip2 caps cet cjk crypt dbus elogind eselect-ldso fortran gdbm hardened iconv ipv6 lapack libtirpc multilib ncurses nls openmp pam pcre pic pie policykit pulseaudio readline savedconfig seccomp selinux split-usr ssl ssp symlink test-rust threads udev unicode xattr xinerama xtpax zlib" ABI_X86="64" ADA_TARGET="gcc_14" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_anon authn_dbm authn_file authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires ext_filter file_cache filter headers include info log_config logio mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax navcom oceanserver oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 tsip tripmate tnt ublox" GUILE_SINGLE_TARGET="3-0" GUILE_TARGETS="3-0" INPUT_DEVICES="libinput wacom" KERNEL="linux" L10N="en pt pt-BR zh zn-CN" LCD_DEVICES="bayrad cfontz glk hd44780 lb216 lcdm001 mtxorb text" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-2" POSTGRES_TARGETS="postgres17" PYTHON_SINGLE_TARGET="python3_12" PYTHON_TARGETS="python3_12" RUBY_TARGETS="ruby32" VIDEO_CARDS="intel radeon" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipp2p iface geoip fuzzy condition tarpit sysrq proto logmark ipmark dhcpmac delude chaos account"
Unset: ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EMERGE_DEFAULT_OPTS, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF,
INSTALL_MASK, LC_ALL, LD, LFLAGS, LIBTOOL, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PYTHONPATH, RANLIB, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS
~>
|
Thank you all! |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 55241
Location: 56N 3W
|
| Posted: Tue Apr 22, 2025 7:02 pm Post subject: |
|
|
vcmota,
| Code: | [ 49.384] (EE) dbus-core: error connecting to system bus: org.freedesktop.DBus.Error.AccessDenied (An SELinux policy prevents this sender from sending this message to this recipient, 0 matched rules; type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus" member="Hello" error name="(unset)" requested_reply="0" destination="org.freedesktop.DBus" (bus))
[ 49.384] (--) using VT number 7 |
That says that your SELinux policy won't let you. What has changed for SELinux with the kernel?
| Code: | | sudo chown vinicius /dev/tty7 |
is not the way to fix it.
I suspect that if you start with SELinux in permissive mode, so it only reports what it would have done but does not block anything, everything will work again and you will get lots of reports that you need to fix in SELinux policies before you turn off permissive mode again.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
vcmota
Guru
Joined: 19 Jun 2017
Posts: 401
|
| Posted: Wed Apr 23, 2025 5:13 pm Post subject: |
|
|
Thank you Neddy for your reply.
This is weird, because selinux is disabled, at least when I boot from the older kernel:
| Code: |
~> uname -r
6.1.28-gentoo-x86_64
~> cat /etc/selinux/config
# This file controls the state of SELinux on the system on boot.
# SELINUX can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE can take one of these four values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
# mls - Full SELinux protection with Multi-Level Security
# mcs - Full SELinux protection with Multi-Category Security
# (mls, but only one sensitivity level)
SELINUXTYPE=strict
~>
|
I will reboot now with the newer kernel to see if that is changed somehow and let you know. |
|
| Back to top |
|
|
vcmota
Guru
Joined: 19 Jun 2017
Posts: 401
|
| Posted: Wed Apr 23, 2025 7:51 pm Post subject: |
|
|
| I did as I said: booted with the newer kernel and checked: selinux still disabled. I was hoping for some weird situation when the newer kernel would be changing selinux status on boot, but it is not the case. |
|
| Back to top |
|
|
vcmota
Guru
Joined: 19 Jun 2017
Posts: 401
|
| Posted: Wed Apr 23, 2025 8:03 pm Post subject: |
|
|
| Hummm, it may not be that weird after all. Look here... |
|
| Back to top |
|
|
vcmota
Guru
Joined: 19 Jun 2017
Posts: 401
|
| Posted: Wed Apr 23, 2025 8:08 pm Post subject: |
|
|
It worked!
Apparently disabling selinux in /etc/selinux/config does not work! It has to be set to permissive instead. Now it seems ok:
| Code: |
~> uname -r
6.12.21-gentoo-x86_64
~> cat /etc/selinux/config
# This file controls the state of SELinux on the system on boot.
# SELINUX can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE can take one of these four values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
# mls - Full SELinux protection with Multi-Level Security
# mcs - Full SELinux protection with Multi-Category Security
# (mls, but only one sensitivity level)
SELINUXTYPE=strict
~>
|
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Kernel & Hardware
