[Solved] Migrating from elf to attr
Author Message

Joined: 04 Aug 2011
Posts: 43

PostPosted: Sat Apr 20, 2013 10:40 am    Post subject: [Solved] Migrating from elf to attr

Hi All,

I have been working on moving my Gentoo source to hardened. Things are going well, but Ive hit a snag which I need help on. I have configured selinux & pax.

I have noted from revdep-pax I have a lot of elf which doesn't match attr.

Ill attempt to explain my issue. After a lot of emerging and reading im now stuck on a particular lib from ati-drivers.

I think this is because my ability to match my elf to attr fields (if that is the correct term) doesn't work. This lib is stopping me from compiling icedtea and po-mode. Both of them say 'operation not permitted' @ This I (think) can understand, I need to match the elf fields to the attr fields. Now, through using the guides and tracking things back, I figured out that ati-drivers had a lot to do with it, and when I reemerged it, the comments came with the following....

 * Please run "revdep-pax -s -me" after installation and
 * after you have run "eselect opengl set ati". Executacle
 * revdep-pax is part of package sys-apps/elfix.

Watching the emerge and checking eselect im set to ati on both gl and gc.

So I ran the command and got the following....

bluehills ~ # revdep-pax -s -me      /usr/lib/opengl/ati/lib/ :386 (-em--)

        /usr/bin/ksudoku ( ----- )
        /usr/bin/kfountain.kss ( -e--- )
        /usr/bin/jiv ( -e--- )
        /usr/bin/glewinfo ( -e--- )
        /usr/bin/keuphoria.kss ( -e--- )
        /usr/bin/visualinfo ( -e--- )
        /usr/bin/kstars ( -e--- )
        /usr/bin/xscreensaver-gl-helper ( -e--- )
        /usr/bin/xdriinfo ( -e--- )
        /opt/bin/aticonfig ( **** )
        /usr/bin/kflux.kss ( -e--- )
        /usr/bin/lqtplay ( -e--- )
        /usr/bin/kwave.kss ( -e--- )
        /usr/bin/ksolarwinds.kss ( -e--- )
        /usr/bin/cairo-sphinx ( -e--- )
        /usr/bin/krotation.kss ( -e--- )
        /opt/bin/fglrxinfo ( **** )
        /usr/bin/kpendulum.kss ( -e--- )
        /usr/bin/kubrick ( -e--- )
        /opt/bin/amdcccle ( **** )
        /opt/bin/atiode ( **** )
        /usr/bin/kalgebra ( -e--- )
        /usr/bin/fgl_glxgears ( -e--- )
        /usr/bin/kgravity.kss ( -e--- )

        Will mark elf with -em--

        Set flags for /usr/bin/ksudoku (y/n): y
Traceback (most recent call last):
  File "/usr/sbin/revdep-pax", line 654, in <module>
  File "/usr/sbin/revdep-pax", line 647, in main
    run_soname(soname, verbose, True, mark, allyes, executable_only)
  File "/usr/sbin/revdep-pax", line 550, in run_soname
    print('\n\t\t%s ( %s )\n' % (elf, elf_str_flags))
pax.PaxError: pax_deletextpax: fremovexattr() failed


(without understanding) I think migrate-pax isn't going to help me fix these inconsistencies. Looking at forward and reverse translations I have a lot to deal with.

Could someone help me on where to start on what im missing out of this python prog and where to look?

Many thanks,

Last edited by pcameron on Mon Apr 22, 2013 10:15 pm; edited 4 times in total
Joined: 04 Aug 2011
Posts: 43

PostPosted: Sat Apr 20, 2013 10:53 am    Post subject:

Also, I think this is related to when I attempt to set any other attr field, using paxctl-ng, it doesn't let me. I think I have a deeper issue here. Thanks.

Joined: 04 Aug 2011
Posts: 43

PostPosted: Sat Apr 20, 2013 12:34 pm    Post subject:

bluehills ~ # emerge --info
Portage (hardened/linux/x86/selinux, gcc-4.7.2, glibc-2.17, 3.8.4-hardened-r1 i686)
System uname: Linux-3.8.4-hardened-r1-i686-Intel-R-_Core-TM-2_Quad_CPU_Q8200_@_2.33GHz-with-gentoo-2.2
KiB Mem:     3372352 total,    440976 free
KiB Swap:   34602996 total,  34598240 free
Timestamp of tree: Sat, 20 Apr 2013 10:15:01 +0000
ld GNU ld (GNU Binutils) 2.23.1
app-shells/bash:          4.2_p45
dev-java/java-config:     2.1.12-r1
dev-lang/python:          2.7.3-r3, 3.2.3-r2
dev-util/pkgconfig:       0.28
sys-apps/baselayout:      2.2
sys-apps/openrc:          0.11.8
sys-apps/sandbox:         2.6-r1
sys-devel/autoconf:       2.13, 2.69
sys-devel/automake:       1.11.6, 1.12.6, 1.13.1
sys-devel/binutils:       2.23.1
sys-devel/gcc:            4.5.4, 4.6.3, 4.7.2-r1
sys-devel/gcc-config:     1.8
sys-devel/libtool:        2.4.2
sys-devel/make:           3.82-r4
sys-kernel/linux-headers: 3.8 (virtual/os-headers)
sys-libs/glibc:           2.17
Repositories: gentoo hardened-dev
CFLAGS="-O2 -pipe -fomit-frame-pointer -march=native"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/polkit-1/actions /var/bind /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -pipe -fomit-frame-pointer -march=native"
FCFLAGS="-march=i686 -O2 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch protect-owned sandbox selinux sesandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch xattr"
FFLAGS="-march=i686 -O2 -pipe"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
USE="3dnow X a52 aac aalib acpi addns aim alsa amr ao apache2 audiofile avahi avi bash-completion bcmath berkdb bidi bindist blas branding bsf bzip2 cairo calendar caps cdb cdda cddb cdinstall cdparanoia cdr chasen cim-syntax cjk clamav cli cracklib crypt cscope css ctype cups curl curlwrapper cxx dbi dbus dga divx dri dts dv dvb dvd dvdr dvdread eds emacs encode enscript exif expat faac fam fame fastcgi ffmpeg firefox flac flatfile fltk fontconfig foomaticdb fortran gd gdbm geoip ggi gif gimp git glut gmp gnuplot gnustep gnutls gphoto2 gpm graphviz gsm gstreamer gtk gtkhtml gudev guile gzip hal hardened hddtemp hdf5 hwdb iconv icq icu ieee1394 imagemagick imap imlib infiniband inifile innodb ios ipob ipv6 ivtv jabber jack java javascript jbig jingle jit jpeg jpeg2k kde kerberos keymap kontact ladspa lame lapack lash latex lau lcms libcaca libedit libnotify libsamplerate libwww lm_sensors lzma lzo m17n-lib mad maildir masepack matroska matrox mbox mhash mikmod mime mjpeg mmap mmx modplug modules mozilla mp3 mp4 mpeg mpi mplayer msn mtp mudflap musicbranz mysql nas ncurses neXt netcdf networking networkmanager nis nls nntp nocd nocdxx nptl nsplugin ofc offensive ogg open_perms openal openexr opengl openmp osc oscar pam pax_kernel pcntl pcre pda pdf peer_perms perl php pic plasma plotutils png policykit portaudio posix ppds pulseaudio python qt3support qt4 quicktime raw rdesktop readline recode rss ruby samba sasl scanner sdl seamonkey see2 see3 selinux semantic-desktop server session sharedext sharedmem shorten simplexml slang smartcard smp sndfile snmp soap sound source sox speex spell ssl startup-notification subtitles svg symlink syslog szip taglib tcl tcpd theora threads tidy tiff tk tokenizer truetype udev unicode urandom usb v4l2 vcd video videos vorbis wavpack wddx win32codecs wmf wxwidgets x264 x86 xattr xcb xcomposite xface xft xine xinerama xinetd xml xmlrpc xmp xmpp xosd xscreensaver xulrunner xv xvid yahoo yaz zeroconf zip zlib" ABI_X86="32" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias cgi auth_digest access compat socache_shmcb" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-3" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" VIDEO_CARDS="radeon" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Joined: 04 Aug 2011
Posts: 43

PostPosted: Sat Apr 20, 2013 1:22 pm    Post subject:

I'm guessing this is not a new issue, if I was a betting man, I would say something is broken, their are discussions about how to fix them.

Not being a programmer, but a network engineer; This smells.............

bluehills ~ # emerge -va libelf

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild N ] dev-libs/libelf-0.8.13-r1 USE="nls -debug" 0 kB
[blocks B ] dev-libs/elfutils ("dev-libs/elfutils" is blocking dev-libs/libelf-0.8.13-r1)
[blocks B ] dev-libs/libelf ("dev-libs/libelf" is blocking dev-libs/elfutils-0.155)

Total: 1 package (1 new), Size of downloads: 0 kB
Conflict: 2 blocks (2 unsatisfied)
Ant P.

Joined: 18 Apr 2009
Posts: 5451

PostPosted: Sat Apr 20, 2013 4:59 pm    Post subject:

Looks like you need to unmerge one before you can install the other. Sometimes the blocker is only version- or USE-specific though.
Joined: 04 Aug 2011
Posts: 43

PostPosted: Mon Apr 22, 2013 3:00 am    Post subject:

Thanks Ant for the responce :) I tried different combinations but I havnt had much luck soo far.

Ok so the good news the lib is definately a part of ati-drivers, I removed it and the symlink disappeared.

So I can emerge stuff again, i.e. emacs.

Now Ive move the kernel to 3.8.8 which has not resolved the issue. So I can rule that out. After googling around the place i noticed that on ....

There is proj/elfix which looks like changes have been made within the last few weeks.

I would like to install this overlay, but when I checked layman, I dont see the overlay appear. How would I go able installing this overlay? This is more a general question.
Joined: 04 Aug 2011
Posts: 43

PostPosted: Mon Apr 22, 2013 4:12 am    Post subject:

More info, looks like libelf and elfutils contain the libs,

So im going to remove both and let revdep-rebuild run its corse, i hope this will resolve this issue with paxctl-ng. Only time will tell, also i figured out how to use git :)
Joined: 04 Aug 2011
Posts: 43

PostPosted: Mon Apr 22, 2013 10:15 pm    Post subject:

Last night I noticed that both 0.8.1 elfix and 0.7.0 were in the tree so i emerged 0.7.0 and my issue is resolved as well finishing off the revdep-rebuild :)

Im happy! :P
