Permission Denied Error On Angstrom Build, Fedora 12 x86_64 Host

Robert_L_Cochran · January 12, 2010, 11:20am

Does anyone know how to correct this error? I did, indeed, `echo 0 > /proc/sys/vm/mmap_min_addr`. I'm using a Fedora 12 x86_64 host.

Robert_L_Cochran · January 12, 2010, 10:16pm

I am hoping to have fixed this. I issued the following command as root to correct the problem:

setsebool -P mmap_low_allowed 1

Another build attempt will tell me if I have it right.

Here are the kernel messages that the build below triggered, since I'm in SELinux Enforcing mode, the default mode for Fedora 12:

Jan 12 03:05:29 deafeng29 setroubleshoot: SELinux is preventing /home/rlc/beagle/angstrom-dev/staging/x86_64-linux/usr/bin/qemu-arm "mmap_zero" access on <Unknown>. For complete SELinux messages. run sealert -l 2897fbbb-c957-44ff-a7ea-ba9d40497199

Thanks

Bob Cochran

Robert_L_Cochran · January 13, 2010, 1:17am

Yes indeed, this does appear to fix the specific error. Task 901 is generating locales like crazy instead of dying an SELinux-administered death.

The openembedded.org here

http://docs.openembedded.org/usermanual/html/gettingoe_building_software.html

may or may not have the correct setsebool command for Fedora 11, but for Fedora 12 it is what I list below.

for Fedora 11, it uses --->

setsebool -P allow_unconfirmed_mmap_low 1

for Fedora 12, we appear to want --->

setsebool -P mmap_low_allowed 1

Bob

Robert_P_J_Day · January 13, 2010, 8:06am

hmmmmm ... i was unaware of that f12 change. do you know if that
latter command is just an *alternative* to the first, or if you *must*
use the latter on f12? i've managed to miss the problem since i run
f12 in permissive selinux mode. my early writeup on this is here:

http://www.crashcourse.ca/wiki/index.php/Angstrom#.2Fproc.2Fsys.2Fvm.2Fmmap_min_addr

so i'd better update that. and would that setsebool setting still
correspond to the same sysctl variable?

rday

Robert_L_Cochran · January 13, 2010, 10:08pm

Hi Robert,

When I got the permission denied error, I originally ran the setsebool statement listed for Fedora 11, but this generated some errors in Fedora 12, the text of which I've forgotten. It also resulted in a second 'permission denied' error when I reran the build. This prompted me to check /var/log/messages and I noticed a message for the denial which suggested running the 'sealert' program. I ran this, and it suggested running a quite different setsebool statement:

setsebool -P mmap_low_allowed 1

I have not tried to do a sysctl change.

I completed the 'bitbake base-image' successfully.

My main goal is to start learning how to build images and how to write code for my own (beagleboard-centric) purposes and build it. I'm definitely a newbie at all this. I'm in wait mode for the Revision C4 board and two more shipments of parts.

Thanks!

Bob Cochran