Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Issue with installing using the Hardened SElinux profile
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Dr. Banana
n00b
n00b


Joined: 04 Aug 2021
Posts: 46
PostPosted: Mon Jan 16, 2023 4:13 am    Post subject: Issue with installing using the Hardened SElinux profile Reply with quote
I'm trying this in a vm to to learn SELinux. I've managed to get to the emerge-webrsync part, but I can't update the system with emerge. When I try to emerge anything, I get a fetch failed error, and it's related to this:
Code:
OSError: Failed to set new SELinux execution context. Is your current SELinux context allowed to run Portage?


According to the wiki page on installing SELinux, it should be as simple as relabeling the entrie filesystem, adding a user to the selinux admin account etc. However when I try to relabel the entire filesysem (usig rlpkg -a -r) I get an error that says /etc/selinux/strict/contexts/files/file_contexts isn't found, touching that file gets rid of the error but the filesystem still remains unlabeled. I can't maage users either, running semanage user -l returns this:
Code:
libsemanage.semanage_read_policydb: Could not open kernel policy /var/lib/selinux/strict/active/policy.kern for reading. (No such file or directory).

_________________
Haters gonna hate,
Potatoes gonna potate.
Back to top
View user's profile Send private message
alamahant
Advocate
Advocate


Joined: 23 Mar 2019
Posts: 3879
PostPosted: Mon Jan 16, 2023 6:33 pm    Post subject: Reply with quote
In
/etc/selinux/config
set policy to strict and
Code:

emerge -1av selinux-base selinux-base-policy

Then relabel fs.
Also set selinux to Permissive.
It will take you along long time before you will be able to set it to Enforcing.
Did you use an selinux tarball?
_________________
:)
Back to top
View user's profile Send private message
Dr. Banana
n00b
n00b


Joined: 04 Aug 2021
Posts: 46
PostPosted: Tue Jan 17, 2023 2:51 am    Post subject: Reply with quote
Yes I was using the selinux tarball. I've since deleted it and am trying to do it the other way (installing a non-selinux tarball and setting up selinux after boot), since the tarball seems to have problems.
_________________
Haters gonna hate,
Potatoes gonna potate.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy