Permission denied when building kernel

[Matthew East]

On Mon, 2004-05-31 at 12:06, Russell Coker wrote:
> On Thu, 27 May 2004 18:39, Matthew East <matthew.east at iue.it> wrote:
> > I cannot build and install a kernel with selinux enabled. Here is what
> > happens towards the end of the modules_install stage:
> >
> > if [ -r System.map ]; then /sbin/depmod -ae -F System.map -b
> > /var/tmp/kernel-2.6.6-root -r 2.6.6; fi
> > WARNING: Couldn't open directory
> > /var/tmp/kernel-2.6.6-root/lib/modules/2.6.6: Permission denied
> > FATAL: Could not open
> > /var/tmp/kernel-2.6.6-root/lib/modules/2.6.6/modules.dep.temp for
> > writing: Permission denied
> > make[1]: *** [_modinst_post] Error 1
> > error: Bad exit status from /var/tmp/rpm-tmp.11877 (%install)
> 
> Steve suggested adding tmp_domain(depmod), that will allow search access to 
> tmp_t, however I expect that /var/tmp/kernel-2.6.6-root/lib/modules/2.6.6 
> will have type sysadm_tmp_t so something like the following will probably do 
> better:
> allow depmod_t tmp_t:dir search;
> rw_dir_create_file(depmod_t, sysadm_tmp_t)

OK thanks I will try that as well! You are right that the previous
suggestion didn't do the trick.

> But the ideal solution (IMHO) would be to build kernels as non-root and 
> non-sysadm_t.  There is no reason why compiling a kernel should require 
> administrative access, if it won't compile as a regular user then that's a 
> bug and should be filed in bugzilla.  user_t and staff_t can execute 
> depmod_exec_t without a domain transition and won't have any problems in this 
> regard.

Yes in the README file with the kernel source it underlines that one
should compile as user, and then su to install. But I was using the
command "make rpm" as I thought that if I didn't install the kernel as
an rpm, then it might cause difficulties for the other rpm packages
which depended on the kernel. The "make rpm" command seems to require
you to be root, possibly (I'm no expert) as it uses the /usr/src/redhat
area.

Thanks everyone for their help!!

Matt