Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[Solved] Unable to set selinux
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Fulgurance
Guru
Guru


Joined: 15 Feb 2017
Posts: 598

PostPosted: Tue Dec 11, 2018 8:15 am    Post subject: [Solved] Unable to set selinux Reply with quote

Hello, i have little problem. After global update, i have seen selinux failed to set context, i have always this error:
Code:
!!! Failed to set new SELinux execution context. Is your current SELinux context allowed to run Portage?


Why ? Selinux need something after global update or kernel update ?


Last edited by Fulgurance on Tue Jan 15, 2019 12:35 pm; edited 1 time in total
Back to top
View user's profile Send private message
papas
Tux's lil' helper
Tux's lil' helper


Joined: 01 Dec 2014
Posts: 80
Location: Athens

PostPosted: Tue Dec 11, 2018 11:42 am    Post subject: Reply with quote

according to this post
https://forums.gentoo.org/viewtopic-t-1066386-start-0.html
have you try:
Code:
newrole -r sysadm_r
Back to top
View user's profile Send private message
Fulgurance
Guru
Guru


Joined: 15 Feb 2017
Posts: 598

PostPosted: Wed Dec 12, 2018 10:50 am    Post subject: Reply with quote

After this command, it's work, but this command don't really solve my problem permantly
Back to top
View user's profile Send private message
papas
Tux's lil' helper
Tux's lil' helper


Joined: 01 Dec 2014
Posts: 80
Location: Athens

PostPosted: Wed Dec 12, 2018 5:02 pm    Post subject: Reply with quote

I don't know if you already have done this, but first of all you have to check your user.
Code:
id -Z

you have to be privileged user like stuff_u.
I don't know the reason for this behavior. I have seen this message once or twice in my machine but i can't remember how i solved the issue.
By the way, may i asked you, are you permissive or enforced mode?


Last edited by papas on Thu Dec 13, 2018 7:25 am; edited 1 time in total
Back to top
View user's profile Send private message
Fulgurance
Guru
Guru


Joined: 15 Feb 2017
Posts: 598

PostPosted: Wed Dec 12, 2018 11:38 pm    Post subject: Reply with quote

I have this:

Code:
 fulgurance@msi-gs73vr-6rf  ~  id -Z                                          ✔  209  00:36:38
staff_u:staff_r:staff_t
Back to top
View user's profile Send private message
papas
Tux's lil' helper
Tux's lil' helper


Joined: 01 Dec 2014
Posts: 80
Location: Athens

PostPosted: Thu Dec 13, 2018 8:39 am    Post subject: Reply with quote

so you are stuff_u, you can run portage, i don't know why you still getting this message.
(since you can change role to sysadm_r, as you wrote above, you have already add the sysadm_r role to user stuff_u).
Back to top
View user's profile Send private message
Fulgurance
Guru
Guru


Joined: 15 Feb 2017
Posts: 598

PostPosted: Thu Dec 13, 2018 10:59 am    Post subject: Reply with quote

How i do that ? I'm not an expert with selinux :?
Back to top
View user's profile Send private message
papas
Tux's lil' helper
Tux's lil' helper


Joined: 01 Dec 2014
Posts: 80
Location: Athens

PostPosted: Thu Dec 13, 2018 11:31 am    Post subject: Reply with quote

Fulgurance wrote:
How i do that ? I'm not an expert with selinux :?

me too, i am not an expert , i've managed to run my personal machine with selinux enabled, nothing more.
just read this guide:
https://wiki.gentoo.org/wiki/SELinux/Installation
("Define the administrator accounts").
Back to top
View user's profile Send private message
Fulgurance
Guru
Guru


Joined: 15 Feb 2017
Posts: 598

PostPosted: Thu Dec 13, 2018 2:54 pm    Post subject: Reply with quote

I have already following this part of selinux tutorial... i don't know what i need to do ...
Back to top
View user's profile Send private message
papas
Tux's lil' helper
Tux's lil' helper


Joined: 01 Dec 2014
Posts: 80
Location: Athens

PostPosted: Thu Dec 13, 2018 6:11 pm    Post subject: Reply with quote

Well i am thinking :
since the error started after a @world update, sounds reasonable to me, to restore your user contexts (restorecon). Take a look to restorecon man page, usually:
restorecon -R -F /home/your-user.
Maybe you have to restore your contexts and for the root user.
By the way you must understand what are you trying to do, before you do it. There is many strategies to try solve your problem.
I guess you are in permissive mode, so it is not critical for you to try set your contexts again, or you can just change role (newrole -r) every time you need to run portage or you can find your audit.log (if you have enabled) and try fix the denial, or you can disable selinux.


Last edited by papas on Fri Dec 14, 2018 2:49 pm; edited 1 time in total
Back to top
View user's profile Send private message
Fulgurance
Guru
Guru


Joined: 15 Feb 2017
Posts: 598

PostPosted: Thu Dec 13, 2018 11:36 pm    Post subject: Reply with quote

I have following your advice, but no, the same problem :C
Back to top
View user's profile Send private message
Fulgurance
Guru
Guru


Joined: 15 Feb 2017
Posts: 598

PostPosted: Tue Jan 15, 2019 12:35 pm    Post subject: Reply with quote

Finally solved. It's better to start to no selinux stage and install selinux profile and packages after, and all work fine.
It's very delicate package...
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum