[gentoo-hardened] Problem with installation gentoo selinux

[gentoo-hardened] Problem with installation gentoo selinux

[pedro]

[-- Attachment #1: Type: text/plain, Size: 503 bytes --]

Hello:

I'm trying install gentoo selinux. I read the handbook: 
http://www.gentoo.org/proj/en/hardened/selinux/selinux-x86-handbook.xml

and have a lot of problems.


Errors:

ERROR sys_kernel/hardened-sources-2.6.11-r15 failed
function dyn_preinst, Line 1231 Exitcode 1
Failed to set SELinux Security Labels.
 
ERROR sys_libs/readline-5.0-r2 failed
function dyn_preinst, Line 1231 Exitcode 1
Failed to set SELinux Security Labels.

What can I do. 

Atte. 

Pedro Chávez Lugo.


[-- Attachment #2: Type: text/html, Size: 1207 bytes --]

Re: [gentoo-hardened] Problem with installation gentoo selinux

[DeadManMoving]

Move to /etc/security/selinux/src/policy (under the chroot)

adjust the Makefile policycompat to version 16 (you can verify the
current policy version with sestatus, i think) and make load.

Hope that help.

Tony

On Wed, 2005-11-23 at 10:09 -0600, pedro wrote:
> Hello:
> I'm trying install gentoo selinux. I read the handbook: 
> http://www.gentoo.org/proj/en/hardened/selinux/selinux-x86-handbook.xml
> and have a lot of problems.
> 
> Errors:
> ERROR sys_kernel/hardened-sources-2.6.11-r15 failed
> function dyn_preinst, Line 1231 Exitcode 1
> Failed to set SELinux Security Labels.
>  
> ERROR sys_libs/readline-5.0-r2 failed
> function dyn_preinst, Line 1231 Exitcode 1
> Failed to set SELinux Security Labels.
> What can I do. 
> 
> Atte. 
> 
> Pedro Chávez Lugo.

-- 
gentoo-hardened@gentoo.org mailing list

Re: [gentoo-hardened] Problem with installation gentoo selinux

[Dale Pontius]

pedro wrote:

>Hello:
>
>I'm trying install gentoo selinux. I read the handbook: 
>http://www.gentoo.org/proj/en/hardened/selinux/selinux-x86-handbook.xml
>  
>
>and have a lot of problems.
>  
>
>
>Errors:
>
>ERROR sys_kernel/hardened-sources-2.6.11-r15 failed
>function dyn_preinst, Line 1231 Exitcode 1
>Failed to set SELinux Security Labels.
> 
>ERROR sys_libs/readline-5.0-r2 failed
>function dyn_preinst, Line 1231 Exitcode 1
>Failed to set SELinux Security Labels.
>  
>
>What can I do. 
>  
>
Let's begin with the first question:

Which LiveCD did you use to do the install?
The one that's easy to find is "merely hardened," but doesn't have an 
SELinux kernel. It sounds like that's the one you used, and actually you 
should have first failed when you tried to mount the "selinux" 
filesystem inside the chroot. But if you missed that, you'd next fail 
when it came to set security labels.

I wish I could tell you exactly where the correct CD is, but I've 
forgotten. I can just assure you that it is possible to browse the 
mirror and find an SELinux LiveCD. One other problem with it... the 
included kernel is too old for nptl. Therefore you can't bring the 
system up from the ground with nptl, you have to convert after your 
first boot.

Hope this helps,
Dale
-- 
gentoo-hardened@gentoo.org mailing list

Re[2]: [gentoo-hardened] Problem with installation gentoo selinux

[boger]

Hello Dale,

Thursday, November 24, 2005, 1:43:39 AM, you wrote:

DP> pedro wrote:

>>Hello:
>>
>>I'm trying install gentoo selinux. I read the handbook: 
>>http://www.gentoo.org/proj/en/hardened/selinux/selinux-x86-handbook.xml
>>  
>>
>>and have a lot of problems.
>>  
>>
>>
>>Errors:
>>
>>ERROR sys_kernel/hardened-sources-2.6.11-r15 failed
>>function dyn_preinst, Line 1231 Exitcode 1
>>Failed to set SELinux Security Labels.
>> 
>>ERROR sys_libs/readline-5.0-r2 failed
>>function dyn_preinst, Line 1231 Exitcode 1
>>Failed to set SELinux Security Labels.
>>  
>>
>>What can I do. 
>>  
>>
DP> Let's begin with the first question:

DP> Which LiveCD did you use to do the install?
DP> The one that's easy to find is "merely hardened," but doesn't have an
DP> SELinux kernel. It sounds like that's the one you used, and actually you
DP> should have first failed when you tried to mount the "selinux" 
DP> filesystem inside the chroot. But if you missed that, you'd next fail
DP> when it came to set security labels.

DP> I wish I could tell you exactly where the correct CD is, but I've 
DP> forgotten. I can just assure you that it is possible to browse the
DP> mirror and find an SELinux LiveCD. One other problem with it... the
DP> included kernel is too old for nptl. Therefore you can't bring the
DP> system up from the ground with nptl, you have to convert after your
DP> first boot.

DP> Hope this helps,
DP> Dale

Today I had same problems. 
i've used livecd-x86-selinux-20040616-1.iso and stage3-x86-selinux-piessp-20050726.tar.bz2
Changing policycompat didn't help, because not only selinux versions was different, but policy on livecd and chrooted enviroment was different.
Overwriting livecd policy with stage didn't help.
I've solved it booting without selinux (at boot time choose "nose" or something like this), merge needed ebuilds, and after reboot relabel 
fs.
-- 
Best regards,
 boger                            mailto:boger@ttk.ru

-- 
gentoo-hardened@gentoo.org mailing list

Re[3]: [gentoo-hardened] Problem with installation gentoo selinux

[boger]

Hello boger,

b> Today I had same problems. 
b> i've used livecd-x86-selinux-20040616-1.iso and
b> stage3-x86-selinux-piessp-20050726.tar.bz2
b> Changing policycompat didn't help, because not only selinux
b> versions was different, but policy on livecd and chrooted
b> enviroment was different.
b> Overwriting livecd policy with stage didn't help.
b> I've solved it booting without selinux (at boot time choose
b> "nose" or something like this), merge needed ebuilds, and after
b> reboot relabel 
b> fs.
Correction, when livecd promts for kernel choise - press f1 
and type seoff. Portage will complain, that selinux disabled and skip relabeling.

Should this information be in selinux handbook?
-- 
Best regards,
 boger                            mailto:boger@ttk.ru

-- 
gentoo-hardened@gentoo.org mailing list

Re: [gentoo-hardened] Problem with installation gentoo selinux

[Ewald Wasscher]

[-- Attachment #1: Type: text/plain, Size: 1387 bytes --]

Hey all,

I encountered the same problems, I solved them by not loading the
SELinux policy from within the chroot, see below.

>>> Errors:
>>>
>>> ERROR sys_kernel/hardened-sources-2.6.11-r15 failed
>>> function dyn_preinst, Line 1231 Exitcode 1
>>> Failed to set SELinux Security Labels.
>>>
>>>       
> DP> I wish I could tell you exactly where the correct CD is, but I've 
> DP> forgotten. I can just assure you that it is possible to browse the
> DP> mirror and find an SELinux LiveCD. One other problem with it... the
> DP> included kernel is too old for nptl.
>
>   

<snip>

> Today I had same problems. 
> i've used livecd-x86-selinux-20040616-1.iso and stage3-x86-selinux-piessp-20050726.tar.bz2
>   

I use the same stage and this livecd:

"http://my.gentoo.mirror.tld/gentoo/experimental/x86/hardened/livecd/hardened-x86-2005.1.iso"

IIRC I encounter the  "Failed to set SELinux Security Labels." error
message when I somehow try to load the selinux policy from within the
chroot. I simply don't bother about the policy at this stage and just
relabel the fs after first boot. I have FEATURES="loadpolicy" commented
out in make.conf to prevent portage from loading the policy from within
the chroot. I haven't used nptl, but the livecd I use has a pretty
recent kernel (2.6.11?), so I guess that shouldn't be a problem.

Ewald Wasscher


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 208 bytes --]