From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.50) id 1Eg5Xu-0004Ew-VA for garchives@archives.gentoo.org; Sat, 26 Nov 2005 19:17:15 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id jAQJDrdX022980; Sat, 26 Nov 2005 19:13:53 GMT Received: from mail.ttk.ru (mail.ttk.ru [82.138.20.133]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id jAQJDqsa014789 for ; Sat, 26 Nov 2005 19:13:52 GMT Received: from BOGER (boger.ttk.ru [82.138.30.75]) by mail.ttk.ru (8.12.10/8.12.10) with ESMTP id jAQJDee9011882 for ; Sat, 26 Nov 2005 22:13:40 +0300 Date: Sat, 26 Nov 2005 22:15:29 +0300 From: boger X-Priority: 3 (Normal) Message-ID: <774822929.20051126221529@ttk.ru> To: Dale Pontius Subject: Re[2]: [gentoo-hardened] Problem with installation gentoo selinux In-Reply-To: <4384F09B.9080401@edgehp.net> References: <4384941D.1030804@lsc.fie.umich.mx> <4384F09B.9080401@edgehp.net> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Archives-Salt: 13c6c017-8ef0-4332-bda0-f02270e8a278 X-Archives-Hash: 9df1e03b498811367242d6cad99a52ee Hello Dale, Thursday, November 24, 2005, 1:43:39 AM, you wrote: DP> pedro wrote: >>Hello: >> >>I'm trying install gentoo selinux. I read the handbook: >>http://www.gentoo.org/proj/en/hardened/selinux/selinux-x86-handbook.xml >> >> >>and have a lot of problems. >> >> >> >>Errors: >> >>ERROR sys_kernel/hardened-sources-2.6.11-r15 failed >>function dyn_preinst, Line 1231 Exitcode 1 >>Failed to set SELinux Security Labels. >> >>ERROR sys_libs/readline-5.0-r2 failed >>function dyn_preinst, Line 1231 Exitcode 1 >>Failed to set SELinux Security Labels. >> >> >>What can I do. >> >> DP> Let's begin with the first question: DP> Which LiveCD did you use to do the install? DP> The one that's easy to find is "merely hardened," but doesn't have an DP> SELinux kernel. It sounds like that's the one you used, and actually you DP> should have first failed when you tried to mount the "selinux" DP> filesystem inside the chroot. But if you missed that, you'd next fail DP> when it came to set security labels. DP> I wish I could tell you exactly where the correct CD is, but I've DP> forgotten. I can just assure you that it is possible to browse the DP> mirror and find an SELinux LiveCD. One other problem with it... the DP> included kernel is too old for nptl. Therefore you can't bring the DP> system up from the ground with nptl, you have to convert after your DP> first boot. DP> Hope this helps, DP> Dale Today I had same problems. i've used livecd-x86-selinux-20040616-1.iso and stage3-x86-selinux-piessp-20050726.tar.bz2 Changing policycompat didn't help, because not only selinux versions was different, but policy on livecd and chrooted enviroment was different. Overwriting livecd policy with stage didn't help. I've solved it booting without selinux (at boot time choose "nose" or something like this), merge needed ebuilds, and after reboot relabel fs. -- Best regards, boger mailto:boger@ttk.ru -- gentoo-hardened@gentoo.org mailing list