SELinux hook error: unable to write to pipe (Broken pipe)?

Wolf user]# pacman -S sudo-selinux
resolving dependencies...
looking for conflicting packages...
:: sudo-selinux and sudo are in conflict. Remove sudo? [y/N] y

Packages (2) sudo-1.9.8.p2-1 [removal]  sudo-selinux-1.9.8.p2-1

Total Download Size:   1.98 MiB
Total Installed Size:  6.83 MiB
Net Upgrade Size:      0.05 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
 sudo-selinux-1.9.8.p2-1-x86_64          2027.5 KiB  2.70 MiB/s 00:01 [######################################] 100%
(1/1) checking keys in keyring                                        [######################################] 100%
(1/1) checking package integrity                                      [######################################] 100%
(1/1) loading package files                                           [######################################] 100%
(1/1) checking for file conflicts                                     [######################################] 100%
(2/2) checking available disk space                                   [######################################] 100%
:: Processing package changes...
(1/1) removing sudo                                                   [######################################] 100%
(1/1) installing sudo-selinux                                         [######################################] 100%
:: Running post-transaction hooks...
(1/5) Reloading system manager configuration...
(2/5) Creating temporary files...
(3/5) Arming ConditionNeedsUpdate...
(4/5) Refreshing PackageKit...
(5/5) SELinux: relabel installed files
[Wolf user]# pacman -S util-linux-selinux systemd-selinux logrotate-selinux dbus-selinux 
resolving dependencies...
looking for conflicting packages...
:: util-linux-selinux and util-linux are in conflict (rfkill). Remove util-linux? [y/N] y
:: util-linux-libs-selinux and util-linux-libs are in conflict. Remove util-linux-libs? [y/N] y
:: systemd-selinux and systemd are in conflict (nss-myhostname). Remove systemd? [y/N] y
:: systemd-libs-selinux and systemd-libs are in conflict (libsystemd). Remove systemd-libs? [y/N] y
:: logrotate-selinux and logrotate are in conflict. Remove logrotate? [y/N] y
:: dbus-selinux and dbus are in conflict (libdbus). Remove dbus? [y/N] y

Packages (12) dbus-1.12.20-1 [removal]  logrotate-3.18.1-1 [removal]  systemd-249.4-2 [removal]
              systemd-libs-249.4-2 [removal]  systemd-libs-selinux-249.5-1  util-linux-2.37.2-1 [removal]
              util-linux-libs-2.37.2-1 [removal]  util-linux-libs-selinux-2.37.2-1  dbus-selinux-1.12.20-1
              logrotate-selinux-3.18.1-1  systemd-selinux-249.5-1  util-linux-selinux-2.37.2-1

Total Download Size:   13.64 MiB
Total Installed Size:  44.87 MiB
Net Upgrade Size:       0.36 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
 systemd-selinux-249.5-1-x86_64             8.6 MiB  7.31 MiB/s 00:01 [######################################] 100%
 util-linux-selinux-2.37.2-1-x86_64         3.4 MiB  6.60 MiB/s 00:01 [######################################] 100%
 systemd-libs-selinux-249.5-1-x86_64      788.1 KiB  2.51 MiB/s 00:00 [######################################] 100%
 util-linux-libs-selinux-2.37.2-1-x86_64  499.7 KiB  1922 KiB/s 00:00 [######################################] 100%
 dbus-selinux-1.12.20-1-x86_64            374.2 KiB  1701 KiB/s 00:00 [######################################] 100%
 logrotate-selinux-3.18.1-1-x86_64         57.8 KiB   309 KiB/s 00:00 [######################################] 100%
 Total (6/6)                               13.6 MiB  5.13 MiB/s 00:03 [######################################] 100%
(6/6) checking keys in keyring                                        [######################################] 100%
(6/6) checking package integrity                                      [######################################] 100%
(6/6) loading package files                                           [######################################] 100%
(6/6) checking for file conflicts                                     [######################################] 100%
(12/12) checking available disk space                                 [######################################] 100%
warning: could not get file information for usr/share/man/man3/sd_bus_creds_get_selinux_context.3.gz
:: Processing package changes...
(1/6) removing logrotate                                              [######################################] 100%
(2/6) removing systemd                                                [######################################] 100%
(3/6) removing dbus                                                   [######################################] 100%
(4/6) removing util-linux                                             [######################################] 100%
(5/6) removing systemd-libs                                           [######################################] 100%
(6/6) removing util-linux-libs                                        [######################################] 100%
(1/6) installing util-linux-libs-selinux                              [######################################] 100%
(2/6) installing systemd-libs-selinux                                 [######################################] 100%
(3/6) installing util-linux-selinux                                   [######################################] 100%
Optional dependencies for util-linux-selinux
    python: python bindings to libmount [installed]
    words: default dictionary for look
(4/6) installing dbus-selinux                                         [######################################] 100%
(5/6) installing systemd-selinux                                      [######################################] 100%
:: Append 'init=/usr/lib/systemd/systemd' to your kernel command line in your
   bootloader to replace sysvinit with systemd, or install systemd-sysvcompat
mkdir: cannot create directory ‘var/log/journal/remote’: File exists
Optional dependencies for systemd-selinux
    libmicrohttpd: remote journald capabilities [installed]
    quota-tools: kernel-level quota management
    systemd-sysvcompat: symlink package to provide sysvinit binaries [installed]
    polkit: allow administration as unprivileged user [installed]
    curl: machinectl pull-tar and pull-raw [installed]
    libfido2: unlocking LUKS2 volumes with FIDO2 token
    tpm2-tss: unlocking LUKS2 volumes with TPM2 [installed]
(6/6) installing logrotate-selinux                                    [######################################] 100%
:: Running post-transaction hooks...
( 1/12) Creating system user accounts...
( 2/12) Updating journal message catalog...
( 3/12) Reloading system manager configuration...
( 4/12) Updating udev hardware database...
( 5/12) Applying kernel sysctl settings...
( 6/12) Creating temporary files...
( 7/12) Reloading device manager configuration...
( 8/12) Arming ConditionNeedsUpdate...
( 9/12) Updating linux initcpios...
==> Building image from preset: /etc/mkinitcpio.d/linux414.preset: 'default'
  -> -k /boot/vmlinuz-4.14-x86_64 -c /etc/mkinitcpio.conf -g /boot/initramfs-4.14-x86_64.img
==> Starting build: 4.14.248-1-MANJARO
  -> Running build hook: [base]
  -> Running build hook: [udev]
  -> Running build hook: [autodetect]
libkmod: kmod_config_parse: /etc/modprobe.d/blacklist.conf line 2: ignoring bad line starting with 'snd_soc_skl_hda_dsp'
  -> Running build hook: [modconf]
  -> Running build hook: [block]
  -> Running build hook: [keyboard]
  -> Running build hook: [keymap]
  -> Running build hook: [consolefont]
==> WARNING: consolefont: no font found in configuration
  -> Running build hook: [encrypt]
  -> Running build hook: [filesystems]
  -> Running build hook: [fsck]
==> Generating module dependencies
==> Creating gzip-compressed initcpio image: /boot/initramfs-4.14-x86_64.img
==> Image generation successful
==> Building image from preset: /etc/mkinitcpio.d/linux414.preset: 'fallback'
  -> -k /boot/vmlinuz-4.14-x86_64 -c /etc/mkinitcpio.conf -g /boot/initramfs-4.14-x86_64-fallback.img -S autodetect
==> Starting build: 4.14.248-1-MANJARO
  -> Running build hook: [base]
  -> Running build hook: [udev]
  -> Running build hook: [modconf]
  -> Running build hook: [block]
  -> Running build hook: [keyboard]
  -> Running build hook: [keymap]
  -> Running build hook: [consolefont]
==> WARNING: consolefont: no font found in configuration
  -> Running build hook: [encrypt]
  -> Running build hook: [filesystems]
  -> Running build hook: [fsck]
==> Generating module dependencies
==> Creating gzip-compressed initcpio image: /boot/initramfs-4.14-x86_64-fallback.img
==> Image generation successful
==> Building image from preset: /etc/mkinitcpio.d/linux510.preset: 'default'
  -> -k /boot/vmlinuz-5.10-x86_64 -c /etc/mkinitcpio.conf -g /boot/initramfs-5.10-x86_64.img
==> Starting build: 5.10.70-1-MANJARO
  -> Running build hook: [base]
  -> Running build hook: [udev]
  -> Running build hook: [autodetect]
libkmod: kmod_config_parse: /etc/modprobe.d/blacklist.conf line 2: ignoring bad line starting with 'snd_soc_skl_hda_dsp'
  -> Running build hook: [modconf]
  -> Running build hook: [block]
  -> Running build hook: [keyboard]
  -> Running build hook: [keymap]
  -> Running build hook: [consolefont]
==> WARNING: consolefont: no font found in configuration
  -> Running build hook: [encrypt]
  -> Running build hook: [filesystems]
  -> Running build hook: [fsck]
==> Generating module dependencies
==> Creating gzip-compressed initcpio image: /boot/initramfs-5.10-x86_64.img
==> Image generation successful
==> Building image from preset: /etc/mkinitcpio.d/linux510.preset: 'fallback'
  -> -k /boot/vmlinuz-5.10-x86_64 -c /etc/mkinitcpio.conf -g /boot/initramfs-5.10-x86_64-fallback.img -S autodetect
==> Starting build: 5.10.70-1-MANJARO
  -> Running build hook: [base]
  -> Running build hook: [udev]
  -> Running build hook: [modconf]
  -> Running build hook: [block]
  -> Running build hook: [keyboard]
  -> Running build hook: [keymap]
  -> Running build hook: [consolefont]
==> WARNING: consolefont: no font found in configuration
  -> Running build hook: [encrypt]
  -> Running build hook: [filesystems]
  -> Running build hook: [fsck]
==> Generating module dependencies
==> Creating gzip-compressed initcpio image: /boot/initramfs-5.10-x86_64-fallback.img
==> Image generation successful
==> Building image from preset: /etc/mkinitcpio.d/linux514.preset: 'default'
  -> -k /boot/vmlinuz-5.14-x86_64 -c /etc/mkinitcpio.conf -g /boot/initramfs-5.14-x86_64.img
==> Starting build: 5.14.10-1-MANJARO
  -> Running build hook: [base]
  -> Running build hook: [udev]
  -> Running build hook: [autodetect]
libkmod: kmod_config_parse: /etc/modprobe.d/blacklist.conf line 2: ignoring bad line starting with 'snd_soc_skl_hda_dsp'
  -> Running build hook: [modconf]
  -> Running build hook: [block]
  -> Running build hook: [keyboard]
  -> Running build hook: [keymap]
  -> Running build hook: [consolefont]
==> WARNING: consolefont: no font found in configuration
  -> Running build hook: [encrypt]
==> WARNING: Possibly missing firmware for module: qat_4xxx
  -> Running build hook: [filesystems]
  -> Running build hook: [fsck]
==> Generating module dependencies
==> Creating gzip-compressed initcpio image: /boot/initramfs-5.14-x86_64.img
==> Image generation successful
==> Building image from preset: /etc/mkinitcpio.d/linux514.preset: 'fallback'
  -> -k /boot/vmlinuz-5.14-x86_64 -c /etc/mkinitcpio.conf -g /boot/initramfs-5.14-x86_64-fallback.img -S autodetect
==> Starting build: 5.14.10-1-MANJARO
  -> Running build hook: [base]
  -> Running build hook: [udev]
  -> Running build hook: [modconf]
  -> Running build hook: [block]
  -> Running build hook: [keyboard]
  -> Running build hook: [keymap]
  -> Running build hook: [consolefont]
==> WARNING: consolefont: no font found in configuration
  -> Running build hook: [encrypt]
==> WARNING: Possibly missing firmware for module: qat_4xxx
  -> Running build hook: [filesystems]
  -> Running build hook: [fsck]
==> Generating module dependencies
==> Creating gzip-compressed initcpio image: /boot/initramfs-5.14-x86_64-fallback.img
==> Image generation successful
(10/12) Refreshing PackageKit...
(11/12) Reloading system bus configuration...
(12/12) SELinux: relabel installed files
error: unable to write to pipe (Broken pipe)
[Wolf user]#

I’m having a hard time to replicate what you are doing, I might not understand so please elaborate, below the steps

The sudo-selinux package is a AUR package (I’ve take the liberty to change the category)

$ pamac search --aur  sudo-selinux                                
sudo-selinux                                                    1.9.8.p2-1  AUR 

Installing it with that pacman command should not work, unless you changed something in the repositories?

Installing it with pamac should work if you enable AUR support.
$ pamac install sudo-selinux

However this results in an error on my end:

$ pamac install sudo-selinux                                    
Warning: sudo-selinux is only available from AUR
Preparing...

<snip>

Verifying source file signatures with gpg...
    Linux-PAM-1.5.2.tar.xz ... FAILED (unknown public key A8041FA839E16E36)
==> ERROR: One or more PGP signatures could not be verified!
Error: Failed to build pam-selinux
1 Like

I’ve followed the steps from https://github.com/archlinuxhardened/selinux down to:

Now we start replacing core packages:

  • pambase-selinux
  • pam-selinux
  • coreutils-selinux shadow-selinux cronie-selinux sudo-selinux
  • util-linux-selinux
  • systemd-selinux
  • logrotate-selinux
  • dbus-selinux

Ah I see, it is a extra repository with specific selinux binaries for arch-linux witch you added to the pacman.conf file.

I’ve never done installs this way so cannot help you further. if the pacman.log does not show anything where the error occurs I am of no use to you.

1 Like

Ok, thank you very much for your help.

Solved.