Problem with installation gentoo selinux

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Problem with installation gentoo selinux

pedro-6
Hello:
I'm trying install gentoo selinux. I read the handbook: 
http://www.gentoo.org/proj/en/hardened/selinux/selinux-x86-handbook.xml
and have a lot of problems.

Errors:
ERROR sys_kernel/hardened-sources-2.6.11-r15 failed
function dyn_preinst, Line 1231 Exitcode 1
Failed to set SELinux Security Labels.
 
ERROR sys_libs/readline-5.0-r2 failed
function dyn_preinst, Line 1231 Exitcode 1
Failed to set SELinux Security Labels.
What can I do. 

Atte. 

Pedro Chávez Lugo.
Reply | Threaded
Open this post in threaded view
|

Re: Problem with installation gentoo selinux

DeadManMoving
Move to /etc/security/selinux/src/policy (under the chroot)

adjust the Makefile policycompat to version 16 (you can verify the
current policy version with sestatus, i think) and make load.

Hope that help.

Tony

On Wed, 2005-11-23 at 10:09 -0600, pedro wrote:

> Hello:
> I'm trying install gentoo selinux. I read the handbook:
> http://www.gentoo.org/proj/en/hardened/selinux/selinux-x86-handbook.xml
> and have a lot of problems.
>
> Errors:
> ERROR sys_kernel/hardened-sources-2.6.11-r15 failed
> function dyn_preinst, Line 1231 Exitcode 1
> Failed to set SELinux Security Labels.
>  
> ERROR sys_libs/readline-5.0-r2 failed
> function dyn_preinst, Line 1231 Exitcode 1
> Failed to set SELinux Security Labels.
> What can I do.
>
> Atte.
>
> Pedro Chávez Lugo.

--
[hidden email] mailing list

Reply | Threaded
Open this post in threaded view
|

Re: Problem with installation gentoo selinux

Dale Pontius
In reply to this post by pedro-6
pedro wrote:

>Hello:
>
>I'm trying install gentoo selinux. I read the handbook:
>http://www.gentoo.org/proj/en/hardened/selinux/selinux-x86-handbook.xml
>  
>
>and have a lot of problems.
>  
>
>
>Errors:
>
>ERROR sys_kernel/hardened-sources-2.6.11-r15 failed
>function dyn_preinst, Line 1231 Exitcode 1
>Failed to set SELinux Security Labels.
>
>ERROR sys_libs/readline-5.0-r2 failed
>function dyn_preinst, Line 1231 Exitcode 1
>Failed to set SELinux Security Labels.
>  
>
>What can I do.
>  
>
Let's begin with the first question:

Which LiveCD did you use to do the install?
The one that's easy to find is "merely hardened," but doesn't have an
SELinux kernel. It sounds like that's the one you used, and actually you
should have first failed when you tried to mount the "selinux"
filesystem inside the chroot. But if you missed that, you'd next fail
when it came to set security labels.

I wish I could tell you exactly where the correct CD is, but I've
forgotten. I can just assure you that it is possible to browse the
mirror and find an SELinux LiveCD. One other problem with it... the
included kernel is too old for nptl. Therefore you can't bring the
system up from the ground with nptl, you have to convert after your
first boot.

Hope this helps,
Dale
--
[hidden email] mailing list

Reply | Threaded
Open this post in threaded view
|

Re[2]: Problem with installation gentoo selinux

boger
Hello Dale,

Thursday, November 24, 2005, 1:43:39 AM, you wrote:

DP> pedro wrote:

>>Hello:
>>
>>I'm trying install gentoo selinux. I read the handbook:
>>http://www.gentoo.org/proj/en/hardened/selinux/selinux-x86-handbook.xml
>>  
>>
>>and have a lot of problems.
>>  
>>
>>
>>Errors:
>>
>>ERROR sys_kernel/hardened-sources-2.6.11-r15 failed
>>function dyn_preinst, Line 1231 Exitcode 1
>>Failed to set SELinux Security Labels.
>>
>>ERROR sys_libs/readline-5.0-r2 failed
>>function dyn_preinst, Line 1231 Exitcode 1
>>Failed to set SELinux Security Labels.
>>  
>>
>>What can I do.
>>  
>>
DP> Let's begin with the first question:

DP> Which LiveCD did you use to do the install?
DP> The one that's easy to find is "merely hardened," but doesn't have an
DP> SELinux kernel. It sounds like that's the one you used, and actually you
DP> should have first failed when you tried to mount the "selinux"
DP> filesystem inside the chroot. But if you missed that, you'd next fail
DP> when it came to set security labels.

DP> I wish I could tell you exactly where the correct CD is, but I've
DP> forgotten. I can just assure you that it is possible to browse the
DP> mirror and find an SELinux LiveCD. One other problem with it... the
DP> included kernel is too old for nptl. Therefore you can't bring the
DP> system up from the ground with nptl, you have to convert after your
DP> first boot.

DP> Hope this helps,
DP> Dale

Today I had same problems.
i've used livecd-x86-selinux-20040616-1.iso and stage3-x86-selinux-piessp-20050726.tar.bz2
Changing policycompat didn't help, because not only selinux versions was different, but policy on livecd and chrooted enviroment was different.
Overwriting livecd policy with stage didn't help.
I've solved it booting without selinux (at boot time choose "nose" or something like this), merge needed ebuilds, and after reboot relabel
fs.
--
Best regards,
 boger                            mailto:[hidden email]

--
[hidden email] mailing list

Reply | Threaded
Open this post in threaded view
|

Re[3]: Problem with installation gentoo selinux

boger
Hello boger,

b> Today I had same problems.
b> i've used livecd-x86-selinux-20040616-1.iso and
b> stage3-x86-selinux-piessp-20050726.tar.bz2
b> Changing policycompat didn't help, because not only selinux
b> versions was different, but policy on livecd and chrooted
b> enviroment was different.
b> Overwriting livecd policy with stage didn't help.
b> I've solved it booting without selinux (at boot time choose
b> "nose" or something like this), merge needed ebuilds, and after
b> reboot relabel
b> fs.
Correction, when livecd promts for kernel choise - press f1
and type seoff. Portage will complain, that selinux disabled and skip relabeling.

Should this information be in selinux handbook?
--
Best regards,
 boger                            mailto:[hidden email]

--
[hidden email] mailing list

Reply | Threaded
Open this post in threaded view
|

Re: Problem with installation gentoo selinux

Ewald Wasscher
In reply to this post by boger
Hey all,

I encountered the same problems, I solved them by not loading the
SELinux policy from within the chroot, see below.

>>> Errors:
>>>
>>> ERROR sys_kernel/hardened-sources-2.6.11-r15 failed
>>> function dyn_preinst, Line 1231 Exitcode 1
>>> Failed to set SELinux Security Labels.
>>>
>>>      
> DP> I wish I could tell you exactly where the correct CD is, but I've
> DP> forgotten. I can just assure you that it is possible to browse the
> DP> mirror and find an SELinux LiveCD. One other problem with it... the
> DP> included kernel is too old for nptl.
>
>  
<snip>

> Today I had same problems.
> i've used livecd-x86-selinux-20040616-1.iso and stage3-x86-selinux-piessp-20050726.tar.bz2
>  

I use the same stage and this livecd:

"http://my.gentoo.mirror.tld/gentoo/experimental/x86/hardened/livecd/hardened-x86-2005.1.iso"

IIRC I encounter the  "Failed to set SELinux Security Labels." error
message when I somehow try to load the selinux policy from within the
chroot. I simply don't bother about the policy at this stage and just
relabel the fs after first boot. I have FEATURES="loadpolicy" commented
out in make.conf to prevent portage from loading the policy from within
the chroot. I haven't used nptl, but the livecd I use has a pretty
recent kernel (2.6.11?), so I guess that shouldn't be a problem.

Ewald Wasscher


signature.asc (216 bytes) Download Attachment