| View previous topic :: View next topic |
| Author |
Message |
gentuser27
n00b
Joined: 02 Jun 2016
Posts: 8
|
 Posted: Sun Apr 09, 2017 9:44 pm Post subject: [SOLVED] Permission denied in chrooted environment |
 |
|
Hello,
I've just bought a laptop and I'm installing gentoo on it. I'm already in a chrooted environment and installing some software.
I've been following the gentoo-handbook for installing, but when I try to emerge sys-apps/util-linux-2.28.2 from the chrooted environment I get the following error:
chmod 4755 /var/tmp/portage/sys-apps/util-linux-2.28.2/image//bin/mount
chmod: changing permissions of '/var/tmp/portage/sys-apps/util-linux-2.28.2/image//bin/mount': Permission denied
I've got no clue why this happens and would be very glad if someone could help me.
If any further information is needed, just ask.
Thank you.
Last edited by gentuser27 on Fri May 05, 2017 7:54 am; edited 1 time in total |
|
| Back to top |
|
 |
eccerr0r
Watchman
Joined: 01 Jul 2004
Posts: 9675
Location: almost Mile High in the USA
|
| Posted: Mon Apr 10, 2017 1:07 am Post subject: |
|
|
What filesystem type and how did you mount your /var/tmp?
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21589
|
| Posted: Mon Apr 10, 2017 3:44 am Post subject: |
|
|
| What is the output of emerge --info? |
|
| Back to top |
|
|
gentuser27
n00b
Joined: 02 Jun 2016
Posts: 8
|
| Posted: Tue Apr 11, 2017 11:42 am Post subject: |
|
|
Output of mount | column -t:
| Code: | proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,nosuid,relatime,size=10240k,nr_inodes=473990,mode=755)
devpts on /dev/pts type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
/dev/sdb1 on /mnt/cdrom type iso9660 (ro,relatime)
overlay on / type overlay (rw,relatime,lowerdir=/mnt/livecd,upperdir=/mnt/overlay/.upper,workdir=/mnt/overlay/.work)
none on /mnt/overlay type tmpfs (rw,relatime)
/dev/loop0 on /mnt/livecd type squashfs (ro,relatime)
tmpfs on /run type tmpfs (rw,nodev,relatime,size=382388k,mode=755)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
shm on /dev/shm type tmpfs (rw,nosuid,nodev,noexec,relatime)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
fusectl on /sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
cgroup_root on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,relatime,size=10240k,mode=755)
openrc on /sys/fs/cgroup/openrc type cgroup (rw,nosuid,nodev,noexec,relatime,release_agent=/lib64/rc/sh/cgroup-release-agent.sh,name=openrc)
cpuset on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cpu on /sys/fs/cgroup/cpu type cgroup (rw,nosuid,nodev,noexec,relatime,cpu)
cpuacct on /sys/fs/cgroup/cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct)
blkio on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
memory on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
devices on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
freezer on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
net_cls on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls)
perf_event on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
pids on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,nosuid,nodev,noexec,relatime)
none on /run/user/1000 type tmpfs (rw,relatime,mode=700,uid=1000)
none on /run/user/0 type tmpfs (rw,relatime,mode=700)
/dev/sda7 on /mnt/gentoo type ext4 (rw,relatime,data=ordered)
proc on /mnt/gentoo/proc type proc (rw,relatime)
sysfs on /mnt/gentoo/sys type sysfs (rw,nosuid,nodev,noexec,relatime)
securityfs on /mnt/gentoo/sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
debugfs on /mnt/gentoo/sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
fusectl on /mnt/gentoo/sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime)
pstore on /mnt/gentoo/sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
cgroup_root on /mnt/gentoo/sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,relatime,size=10240k,mode=755)
openrc on /mnt/gentoo/sys/fs/cgroup/openrc type cgroup (rw,nosuid,nodev,noexec,relatime,release_agent=/lib64/rc/sh/cgroup-release-agent.sh,name=openrc)
cpuset on /mnt/gentoo/sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cpu on /mnt/gentoo/sys/fs/cgroup/cpu type cgroup (rw,nosuid,nodev,noexec,relatime,cpu)
cpuacct on /mnt/gentoo/sys/fs/cgroup/cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct)
blkio on /mnt/gentoo/sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
memory on /mnt/gentoo/sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
devices on /mnt/gentoo/sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
freezer on /mnt/gentoo/sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
net_cls on /mnt/gentoo/sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls)
perf_event on /mnt/gentoo/sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
pids on /mnt/gentoo/sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids)
udev on /mnt/gentoo/dev type devtmpfs (rw,nosuid,relatime,size=10240k,nr_inodes=473990,mode=755)
devpts on /mnt/gentoo/dev/pts type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000)
mqueue on /mnt/gentoo/dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
shm on /mnt/gentoo/dev/shm type tmpfs (rw,nosuid,nodev,noexec,relatime)
/dev/sdc1 on /mnt/tmp type ext4 (rw,relatime,data=ordered)
|
Output of emerge --info:
| Code: | Portage 2.3.3 (python 3.4.5-final-0, default/linux/amd64/13.0, gcc-4.9.4, glibc-2.23-r3, 4.8.17-hardened-r2 x86_64)
=================================================================
System uname: Linux-4.8.17-hardened-r2-x86_64-Intel-R-_Core-TM-_i7-3517U_CPU_@_1.90GHz-with-gentoo-2.3
KiB Mem: 3823876 total, 1348408 free
KiB Swap: 10485756 total, 10485756 free
Timestamp of repository gentoo: Tue, 11 Apr 2017 11:00:01 +0000
sh bash 4.3_p48-r1
ld GNU ld (Gentoo 2.26.1 p1.0) 2.26.1
app-shells/bash: 4.3_p48-r1::gentoo
dev-lang/perl: 5.22.3_rc4::gentoo
dev-lang/python: 2.7.12::gentoo, 3.4.5::gentoo
dev-util/pkgconfig: 0.28-r2::gentoo
sys-apps/baselayout: 2.3::gentoo
sys-apps/openrc: 0.23.2::gentoo
sys-apps/sandbox: 2.10-r3::gentoo
sys-devel/autoconf: 2.69::gentoo
sys-devel/automake: 1.11.6-r1::gentoo, 1.14.1::gentoo, 1.15::gentoo
sys-devel/binutils: 2.26.1::gentoo
sys-devel/gcc: 4.9.4::gentoo
sys-devel/gcc-config: 1.7.3::gentoo
sys-devel/libtool: 2.4.6-r3::gentoo
sys-devel/make: 4.2.1::gentoo
sys-kernel/linux-headers: 4.4::gentoo (virtual/os-headers)
sys-libs/glibc: 2.23-r3::gentoo
Repositories:
gentoo
location: /usr/portage
sync-type: rsync
sync-uri: rsync://rsync.gentoo.org/gentoo-portage
priority: -1000
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=native -frecord-gcc-switches"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -pipe -march=native -frecord-gcc-switches"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://de-mirror.org/gentoo/ ftp://ftp-stud.hs-esslingen.de/pub/Mirrors/gentoo/"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j5"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="X a52 aac acl acpi alsa amd64 apm bash-completion berkdb bindist branding bzip2 caps cli cracklib crypt css cups curl curlwrappers cxx dbus dga dri dts encode exif fam ffmpeg flac fortran ftp gdbm gif git gmp gnutls gpm gsl gzip hddtemp iconv imap imlib jit joystick jpeg lame libnotify libsamplerate libwww lm-sensors lua lzma lzo mad matroska mhash modules mozilla mp3 mp4 mpeg mplayer multilib ncurses netboot nls nptl ogg opengl openmp pam pcntl pcre pdf png posix postscript ppds pulseaudio python raw readline rss sasl seccomp session smp sockets sound sqlite ssl subversion svg szip tcpd threads udev unicode usb vaapi vcd vdpau vnc wifi x264 xattr xml xvmc zeroconf zlib" ABI_X86="64 32" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev synaptics mutouch" KERNEL="linux" L10N="en en_US en_GB" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en en_US en_GB" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_4" RUBY_TARGETS="ruby21" USERLAND="GNU" VIDEO_CARDS="i915" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset: CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON |
Hope this helps. |
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21589
|
| Posted: Wed Apr 12, 2017 1:40 am Post subject: |
|
|
| Historically, chroot on production systems was used to confine system services, so hardened kernels impose extra limitations on chroot'd processes. Running Gentoo with a hardened kernel should work fine. Booting a LiveCD with a hardened kernel for the purpose of chroot'ing into Gentoo may not work well. |
|
| Back to top |
|
|
toralf
Developer
Joined: 01 Feb 2004
Posts: 3922
Location: Hamburg
|
| Posted: Wed Apr 12, 2017 7:22 pm Post subject: |
|
|
Try this | Code: | mr-fox ~ # grep chroot /etc/sysctl.d/local.conf
# emerge within chroot isn't allowed otherwise
kernel.grsecurity.chroot_deny_chmod = 0
# prevent: "se of CAP_SYS_ADMIN in chroot denied for "
kernel.grsecurity.chroot_caps = 0
kernel.grsecurity.chroot_deny_mount = 0
|
|
|
| Back to top |
|
|
gentuser27
n00b
Joined: 02 Jun 2016
Posts: 8
|
| Posted: Fri May 05, 2017 7:54 am Post subject: |
|
|
Sorry, that I did not answer for so long, but I tried a non-hardened kernel and it worked.
So thank you. |
|
| Back to top |
|
|
sheogorath
n00b
Joined: 05 Jul 2017
Posts: 4
|
| Posted: Wed Jul 05, 2017 7:05 pm Post subject: |
|
|
| gentuser27 wrote: | Sorry, that I did not answer for so long, but I tried a non-hardened kernel and it worked.
So thank you. |
I have the same issue. I'm using the default desktop profile (so the kernel is probably non-hardened). But still I can't install util-linux. I can't even set 4755 permission to any other file I created anywhere in my mounted filesystem inside chroot but I can set it from the outside livecd filesystem (with no chroot). However in order to make util-linux emerge properly I need to be able to set SUID permission inside chroot. |
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21589
|
| Posted: Thu Jul 06, 2017 1:08 am Post subject: |
|
|
| sheogorath: please post the output of emerge --info, as I requested of the OP when the problem was initially reported. Please also post the output of the failure, so that we can verify that it is the same problem. |
|
| Back to top |
|
|
sheogorath
n00b
Joined: 05 Jul 2017
Posts: 4
|
| Posted: Thu Jul 06, 2017 2:56 pm Post subject: |
|
|
Emerge info:
| Code: | Portage 2.3.6 (python 3.4.5-final-0, default/linux/amd64/13.0/desktop, gcc-5.4.0, glibc-2.23-r4, 4.8.17-hardened-r2 x86_64)
=================================================================
System uname: Linux-4.8.17-hardened-r2-x86_64-AMD_Phenom-tm-_II_X4_B60_Processor-with-gentoo-2.3
KiB Mem: 3901688 total, 2154704 free
KiB Swap: 8388604 total, 8388604 free
Timestamp of repository gentoo: Tue, 04 Jul 2017 20:30:01 +0000
sh bash 4.3_p48-r1
ld GNU ld (Gentoo 2.28 p1.2) 2.28
app-shells/bash: 4.3_p48-r1::gentoo
dev-lang/perl: 5.24.1-r2::gentoo
dev-lang/python: 2.7.12::gentoo, 3.4.5::gentoo
dev-util/cmake: 3.7.2::gentoo
dev-util/pkgconfig: 0.28-r2::gentoo
sys-apps/baselayout: 2.3::gentoo
sys-apps/openrc: 0.26.3::gentoo
sys-apps/sandbox: 2.10-r3::gentoo
sys-devel/autoconf: 2.13::gentoo, 2.69::gentoo
sys-devel/automake: 1.15-r2::gentoo
sys-devel/binutils: 2.28-r2::gentoo
sys-devel/gcc: 5.4.0-r3::gentoo
sys-devel/gcc-config: 1.7.3::gentoo
sys-devel/libtool: 2.4.6-r3::gentoo
sys-devel/make: 4.2.1::gentoo
sys-kernel/linux-headers: 4.4::gentoo (virtual/os-headers)
sys-libs/glibc: 2.23-r4::gentoo
Repositories:
gentoo
location: /usr/portage
sync-type: rsync
sync-uri: rsync://rsync.gentoo.org/gentoo-portage
priority: -1000
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -march=amdfam10 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -march=amdfam10 -pipe"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j5"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="X a52 aac acl acpi alsa amd64 berkdb bindist bluetooth branding bzip2 cairo cdda cdr cli consolekit cracklib crypt cups cxx dbus dri dts dvd dvdr emboss encode exif fam firefox flac fortran gdbm gif glamor gpm gtk iconv ipv6 jpeg lcms ldap libnotify mad mng modules mp3 mp4 mpeg multilib ncurses nls nptl ogg opengl openmp pam pango pcre pdf perl png policykit ppds qt3support qt4 readline sdl seccomp session spell ssl startup-notification svg tcpd tiff truetype udev udisks unicode upower usb vorbis wxwidgets x264 xattr xcb xml xv xvid zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx sse sse2" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" PYTHON_SINGLE_TARGET="python3_4" PYTHON_TARGETS="python2_7 python3_4" RUBY_TARGETS="ruby21 ruby22" USERLAND="GNU" VIDEO_CARDS="amdgpu fbdev intel nouveau radeon radeonsi vesa dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset: CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
|
Error:
| Code: |
make install-exec-hook
make[4]: Entering directory '/var/tmp/portage/sys-apps/util-linux-2.28.2/work/util-linux-2.28.2-abi_x86_64.amd64'
if test "/usr/lib64" != "/usr/lib64" -a -f "/var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64/libuuid.so"; then \
/bin/mkdir -p /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64; \
mv /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64/libuuid.so.* /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64; \
so_img_name=$(readlink /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64/libuuid.so); \
so_img_rel_target=$(echo /usr/lib64 | sed 's,\(^/\|\)[^/][^/]*,..,g'); \
(cd /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64 && \
rm -f libuuid.so && \
ln -s $so_img_rel_target/usr/lib64/$so_img_name libuuid.so); \
fi
if test "/usr/lib64" != "/usr/lib64" -a -f "/var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64/libblkid.so"; then \
/bin/mkdir -p /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64; \
mv /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64/libblkid.so.* /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64; \
so_img_name=$(readlink /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64/libblkid.so); \
so_img_rel_target=$(echo /usr/lib64 | sed 's,\(^/\|\)[^/][^/]*,..,g'); \
(cd /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64 && \
rm -f libblkid.so && \
ln -s $so_img_rel_target/usr/lib64/$so_img_name libblkid.so); \
fi
if test "/usr/lib64" != "/usr/lib64" -a -f "/var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64/libmount.so"; then \
/bin/mkdir -p /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64; \
mv /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64/libmount.so.* /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64; \
so_img_name=$(readlink /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64/libmount.so); \
so_img_rel_target=$(echo /usr/lib64 | sed 's,\(^/\|\)[^/][^/]*,..,g'); \
(cd /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64 && \
rm -f libmount.so && \
ln -s $so_img_rel_target/usr/lib64/$so_img_name libmount.so); \
fi
if test "/usr/lib64" != "/usr/lib64" -a -f "/var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64/libsmartcols.so"; then \
/bin/mkdir -p /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64; \
mv /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64/libsmartcols.so.* /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64; \
so_img_name=$(readlink /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64/libsmartcols.so); \
so_img_rel_target=$(echo /usr/lib64 | sed 's,\(^/\|\)[^/][^/]*,..,g'); \
(cd /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64 && \
rm -f libsmartcols.so && \
ln -s $so_img_rel_target/usr/lib64/$so_img_name libsmartcols.so); \
fi
if test "/usr/lib64" != "/usr/lib64" -a -f "/var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64/libfdisk.so"; then \
/bin/mkdir -p /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64; \
mv /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64/libfdisk.so.* /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64; \
so_img_name=$(readlink /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64/libfdisk.so); \
so_img_rel_target=$(echo /usr/lib64 | sed 's,\(^/\|\)[^/][^/]*,..,g'); \
(cd /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/lib64 && \
rm -f libfdisk.so && \
ln -s $so_img_rel_target/usr/lib64/$so_img_name libfdisk.so); \
fi
cd /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/bin && ln -sf last lastb
for I in uname26 linux32 linux64 i386 x86_64 ; do \
cd /var/tmp/portage/sys-apps/util-linux-2.28.2/image//usr/bin && ln -sf setarch $I ; \
done
chmod 4755 /var/tmp/portage/sys-apps/util-linux-2.28.2/image//bin/mount
chmod: changing permissions of '/var/tmp/portage/sys-apps/util-linux-2.28.2/image//bin/mount': Permission denied
make[4]: *** [Makefile:11842: install-exec-hook-mount] Error 1
make[4]: *** Waiting for unfinished jobs....
make[4]: Leaving directory '/var/tmp/portage/sys-apps/util-linux-2.28.2/work/util-linux-2.28.2-abi_x86_64.amd64'
make[3]: *** [Makefile:11625: install-exec-am] Error 2
make[3]: Leaving directory '/var/tmp/portage/sys-apps/util-linux-2.28.2/work/util-linux-2.28.2-abi_x86_64.amd64'
make[2]: *** [Makefile:11514: install-am] Error 2
make[2]: Leaving directory '/var/tmp/portage/sys-apps/util-linux-2.28.2/work/util-linux-2.28.2-abi_x86_64.amd64'
make[1]: *** [Makefile:11206: install-recursive] Error 1
make[1]: Leaving directory '/var/tmp/portage/sys-apps/util-linux-2.28.2/work/util-linux-2.28.2-abi_x86_64.amd64'
make: *** [Makefile:11508: install] Error 2
* ERROR: sys-apps/util-linux-2.28.2::gentoo failed (install phase):
* emake failed
*
* If you need support, post the output of `emerge --info '=sys-apps/util-linux-2.28.2::gentoo'`,
* the complete build log and the output of `emerge -pqv '=sys-apps/util-linux-2.28.2::gentoo'`.
* The complete build log is located at '/var/tmp/portage/sys-apps/util-linux-2.28.2/temp/build.log'.
* The ebuild environment file is located at '/var/tmp/portage/sys-apps/util-linux-2.28.2/temp/environment'.
* Working directory: '/var/tmp/portage/sys-apps/util-linux-2.28.2/work/util-linux-2.28.2-abi_x86_64.amd64'
* S: '/var/tmp/portage/sys-apps/util-linux-2.28.2/work/util-linux-2.28.2'
>>> Failed to emerge sys-apps/util-linux-2.28.2, Log file:
>>> '/var/tmp/portage/sys-apps/util-linux-2.28.2/temp/build.log'
* Messages for package sys-fs/eudev-3.1.5:
*
* As of 2013-01-29, eudev-3.1.5 provides the new interface renaming functionality,
* as described in the URL below:
* https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames
*
* This functionality is enabled BY DEFAULT because eudev has no means of synchronizing
* between the default or user-modified choice of sys-fs/udev. If you wish to disable
* this new iface naming, please be sure that /etc/udev/rules.d/80-net-name-slot.rules
* exists: touch /etc/udev/rules.d/80-net-name-slot.rules
*
* Messages for package sys-apps/util-linux-2.28.2:
* ERROR: sys-apps/util-linux-2.28.2::gentoo failed (install phase):
* emake failed
*
* If you need support, post the output of `emerge --info '=sys-apps/util-linux-2.28.2::gentoo'`,
* the complete build log and the output of `emerge -pqv '=sys-apps/util-linux-2.28.2::gentoo'`.
* The complete build log is located at '/var/tmp/portage/sys-apps/util-linux-2.28.2/temp/build.log'.
* The ebuild environment file is located at '/var/tmp/portage/sys-apps/util-linux-2.28.2/temp/environment'.
* Working directory: '/var/tmp/portage/sys-apps/util-linux-2.28.2/work/util-linux-2.28.2-abi_x86_64.amd64'
* S: '/var/tmp/portage/sys-apps/util-linux-2.28.2/work/util-linux-2.28.2'
* GNU info directory index is up-to-date.
* After world updates, it is important to remove obsolete packages with
* emerge --depclean. Refer to `man emerge` for more information.
|
I was mistaken that my kernel is not hardened, it is actually hardened due to emerge --info. I thought it was because my profile doesn't have the word 'hardend' in it's name but others do. So I'd like to know what does hardened/not hardened mean, why does hardened have such problem and how do I switch to non-hardened.
p.s. I tried chrooting and emerging util-linux from my linux mint (which kernel is likely non-hardened) and it was emerged successfully. So was it hardened because of the live cd? Should I try different image? |
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21589
|
| Posted: Fri Jul 07, 2017 1:46 am Post subject: |
|
|
Hardened is a particular variant of the Linux kernel that disallows some otherwise permitted operations, usually for the purpose of making it harder for attackers to misuse the system. You get a hardened kernel, or not, depending on which kernel you boot. When you build your own, you can choose to install sources that produce a hardened kernel or sources that produce a non-hardened kernel.
Yes, using a hardened kernel (whether from disk or Live CD) is incompatible with using a chroot to build programs that need to do disallowed operations, such as enabling suid. Some hardened kernel restrictions can be disabled at runtime. I do not recall if this is one of them. |
|
| Back to top |
|
|
gengreen
Apprentice
Joined: 23 Dec 2017
Posts: 150
|
| Posted: Thu Jan 04, 2018 10:29 am Post subject: |
|
|
| toralf wrote: | Try this | Code: | mr-fox ~ # grep chroot /etc/sysctl.d/local.conf
# emerge within chroot isn't allowed otherwise
kernel.grsecurity.chroot_deny_chmod = 0
# prevent: "se of CAP_SYS_ADMIN in chroot denied for "
kernel.grsecurity.chroot_caps = 0
kernel.grsecurity.chroot_deny_mount = 0
|
|
Thank you ! You save my day.
For this work, you should have GRKERNSEC_SYSCTL=Y in your kernel
The file could be located at /etc/sysctl.conf
And don't forget to run sysctl -p |
|
| Back to top |
|
|
raddaqii
Tux's lil' helper
Joined: 27 Mar 2005
Posts: 110
Location: Berlin, Old Europe
|
| Posted: Mon Mar 05, 2018 10:33 am Post subject: |
|
|
@toralf, Hu, thank you very much. That was helpful and saved my day. @gengreen, the sysctl hint was the icing on top ^-^
(And quite an unexpected, but possible ad-hoc workaround when all I had for a setup was a hardened kernel live DVD at hand and no minimal Gentoo image. Needed to apply this outside the chroot ofcourse.)
_________________
--
Gentoo from 2004.3
Oh, took a new home in the fediverse: find me in the stream on pluspora.com: https://pluspora.com/tags/gentoo |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Installing Gentoo
