Knowledge Base:Object libsandbox.so from LD PRELOAD cannot be preloaded

From Gentoo Wiki
Jump to: navigation, search

Synopsis

During installation of a package, the following error message appears:

root #emerge ...
>>> Setting SELinux security labels
ERROR: ld.so: object 'libsandbox.so' from LD_PRELOAD cannot be preloaded: ignored.

Environment

This article is applicable to Gentoo Linux systems with a selinux profile set:

root #eselect profile show
Current /etc/make.profile symlink:
  hardened/linux/amd64/selinux

A SELinux profile always ends with /selinux

Analysis

This message should only occur after the Setting SELinux security labels message. It happens because SELinux tells glibc to disable LD_PRELOAD (and other environment variables that are considered potentially harmful) during domain transitions. Here, Portage calls the setfiles command (part of a SELinux installation) and as such transitions from portage_t to setfiles_t, which clears the environment variable.

Gentoo recommends it is safe to trust the SELinux policy here (since setfiles runs in its own confined domain anyhow) rather than updating the policy to allow transitioning between portage_t to setfiles_t without clearing these environment variables.

Note
libsandbox.so is not disabled during builds and merges, only during the activity where Portage labels the files it just merged.

Resolution

The error is cosmetic and can be ignored but sadly not hidden.