View previous topic :: View next topic |
Author |
Message |
Dr. Banana n00b
Joined: 04 Aug 2021 Posts: 46
|
Posted: Mon Jan 16, 2023 4:13 am Post subject: Issue with installing using the Hardened SElinux profile |
|
|
I'm trying this in a vm to to learn SELinux. I've managed to get to the emerge-webrsync part, but I can't update the system with emerge. When I try to emerge anything, I get a fetch failed error, and it's related to this: Code: | OSError: Failed to set new SELinux execution context. Is your current SELinux context allowed to run Portage? |
According to the wiki page on installing SELinux, it should be as simple as relabeling the entrie filesystem, adding a user to the selinux admin account etc. However when I try to relabel the entire filesysem (usig rlpkg -a -r) I get an error that says /etc/selinux/strict/contexts/files/file_contexts isn't found, touching that file gets rid of the error but the filesystem still remains unlabeled. I can't maage users either, running semanage user -l returns this:
Code: | libsemanage.semanage_read_policydb: Could not open kernel policy /var/lib/selinux/strict/active/policy.kern for reading. (No such file or directory).
|
_________________ Haters gonna hate,
Potatoes gonna potate. |
|
Back to top |
|
|
alamahant Advocate
Joined: 23 Mar 2019 Posts: 3879
|
Posted: Mon Jan 16, 2023 6:33 pm Post subject: |
|
|
In
/etc/selinux/config
set policy to strict and
Code: |
emerge -1av selinux-base selinux-base-policy
|
Then relabel fs.
Also set selinux to Permissive.
It will take you along long time before you will be able to set it to Enforcing.
Did you use an selinux tarball? _________________
|
|
Back to top |
|
|
Dr. Banana n00b
Joined: 04 Aug 2021 Posts: 46
|
Posted: Tue Jan 17, 2023 2:51 am Post subject: |
|
|
Yes I was using the selinux tarball. I've since deleted it and am trying to do it the other way (installing a non-selinux tarball and setting up selinux after boot), since the tarball seems to have problems. _________________ Haters gonna hate,
Potatoes gonna potate. |
|
Back to top |
|
|
|