search

archlinuxhardened / selinux

PKGBUILDs to build SELinux enabled packages for Arch Linux
146 stars 25 forks source link

secilc building fails on tests #35

Closed tqre closed 4 years ago

tqre commented 4 years ago

Kernel: Linux selinux 5.7.10.a-1-hardened #1 SMP PREEMPT Wed, 22 Jul 2020 17:37:59 +0000 x86_64 GNU/Linux Running in a QEMU/kvm machine, host runs Arch Linux.

Using the build.sh script, running the secilc test fail: I had to change .zstd references to .zst for the script to work.

==> Making package: secilc 3.1-1 (Tue 28 Jul 2020 04:19:47 PM EEST)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Found secilc-3.1.tar.gz
==> Validating source files with sha256sums...
    secilc-3.1.tar.gz ... Passed
==> Removing existing $srcdir/ directory...
==> Extracting sources...
  -> Extracting secilc-3.1.tar.gz with bsdtar
==> Removing existing $pkgdir/ directory...
==> Starting build()...
cc -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2  -c -o secilc.o secilc.c
cc -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now -o secilc secilc.o -lsepol
cc -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2  -c -o secil2conf.o secil2conf.c
cc -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now -o secil2conf secil2conf.o -lsepol
xmlto man secilc.8.xml
Note: Writing secilc.8
xmlto man secil2conf.8.xml
Note: Writing secil2conf.8
==> Starting check()...
/bin/sh: checkpolicy: command not found
./secilc test/policy.cil
make: ./secilc: Permission denied
make: *** [Makefile:32: test] Error 127
==> ERROR: A failure occurred in check().
    Aborting...
tqre commented 4 years ago

Ok this was sorted. I had /tmp mounted as noexec. However, another error occurs:

==> Starting check()...
/bin/sh: checkpolicy: command not found
./secilc test/policy.cil
./secilc -c  -O -M 1 -f /dev/null -o opt-actual.bin test/opt-input.cil
Bad policy version: -O
Usage: ./secilc [OPTION]... FILE...

<<< secilc usage omitted >>>

make: *** [Makefile:33: test] Error 1
==> ERROR: A failure occurred in check().
    Aborting...
tqre commented 4 years ago

Affected scripts: build.sh + build_and_install_all.sh Building and installing checkpolicy before secilcremedies this issue, I'll see if I can make a working pull request.