* [gentoo-hardened] Problem with installation gentoo selinux @ 2005-11-23 16:09 pedro 2005-11-23 20:30 ` DeadManMoving 2005-11-23 22:43 ` Dale Pontius 0 siblings, 2 replies; 6+ messages in thread From: pedro @ 2005-11-23 16:09 UTC (permalink / raw To: gentoo-hardened [-- Attachment #1: Type: text/plain, Size: 503 bytes --] Hello: I'm trying install gentoo selinux. I read the handbook: http://www.gentoo.org/proj/en/hardened/selinux/selinux-x86-handbook.xml and have a lot of problems. Errors: ERROR sys_kernel/hardened-sources-2.6.11-r15 failed function dyn_preinst, Line 1231 Exitcode 1 Failed to set SELinux Security Labels. ERROR sys_libs/readline-5.0-r2 failed function dyn_preinst, Line 1231 Exitcode 1 Failed to set SELinux Security Labels. What can I do. Atte. Pedro Chávez Lugo. [-- Attachment #2: Type: text/html, Size: 1207 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-hardened] Problem with installation gentoo selinux 2005-11-23 16:09 [gentoo-hardened] Problem with installation gentoo selinux pedro @ 2005-11-23 20:30 ` DeadManMoving 2005-11-23 22:43 ` Dale Pontius 1 sibling, 0 replies; 6+ messages in thread From: DeadManMoving @ 2005-11-23 20:30 UTC (permalink / raw To: gentoo-hardened Move to /etc/security/selinux/src/policy (under the chroot) adjust the Makefile policycompat to version 16 (you can verify the current policy version with sestatus, i think) and make load. Hope that help. Tony On Wed, 2005-11-23 at 10:09 -0600, pedro wrote: > Hello: > I'm trying install gentoo selinux. I read the handbook: > http://www.gentoo.org/proj/en/hardened/selinux/selinux-x86-handbook.xml > and have a lot of problems. > > Errors: > ERROR sys_kernel/hardened-sources-2.6.11-r15 failed > function dyn_preinst, Line 1231 Exitcode 1 > Failed to set SELinux Security Labels. > > ERROR sys_libs/readline-5.0-r2 failed > function dyn_preinst, Line 1231 Exitcode 1 > Failed to set SELinux Security Labels. > What can I do. > > Atte. > > Pedro Chávez Lugo. -- gentoo-hardened@gentoo.org mailing list ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-hardened] Problem with installation gentoo selinux 2005-11-23 16:09 [gentoo-hardened] Problem with installation gentoo selinux pedro 2005-11-23 20:30 ` DeadManMoving @ 2005-11-23 22:43 ` Dale Pontius 2005-11-26 19:15 ` Re[2]: " boger 1 sibling, 1 reply; 6+ messages in thread From: Dale Pontius @ 2005-11-23 22:43 UTC (permalink / raw To: gentoo-hardened pedro wrote: >Hello: > >I'm trying install gentoo selinux. I read the handbook: >http://www.gentoo.org/proj/en/hardened/selinux/selinux-x86-handbook.xml > > >and have a lot of problems. > > > >Errors: > >ERROR sys_kernel/hardened-sources-2.6.11-r15 failed >function dyn_preinst, Line 1231 Exitcode 1 >Failed to set SELinux Security Labels. > >ERROR sys_libs/readline-5.0-r2 failed >function dyn_preinst, Line 1231 Exitcode 1 >Failed to set SELinux Security Labels. > > >What can I do. > > Let's begin with the first question: Which LiveCD did you use to do the install? The one that's easy to find is "merely hardened," but doesn't have an SELinux kernel. It sounds like that's the one you used, and actually you should have first failed when you tried to mount the "selinux" filesystem inside the chroot. But if you missed that, you'd next fail when it came to set security labels. I wish I could tell you exactly where the correct CD is, but I've forgotten. I can just assure you that it is possible to browse the mirror and find an SELinux LiveCD. One other problem with it... the included kernel is too old for nptl. Therefore you can't bring the system up from the ground with nptl, you have to convert after your first boot. Hope this helps, Dale -- gentoo-hardened@gentoo.org mailing list ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re[2]: [gentoo-hardened] Problem with installation gentoo selinux 2005-11-23 22:43 ` Dale Pontius @ 2005-11-26 19:15 ` boger 2005-11-26 19:26 ` Re[3]: " boger 2005-11-27 10:48 ` Ewald Wasscher 0 siblings, 2 replies; 6+ messages in thread From: boger @ 2005-11-26 19:15 UTC (permalink / raw To: Dale Pontius Hello Dale, Thursday, November 24, 2005, 1:43:39 AM, you wrote: DP> pedro wrote: >>Hello: >> >>I'm trying install gentoo selinux. I read the handbook: >>http://www.gentoo.org/proj/en/hardened/selinux/selinux-x86-handbook.xml >> >> >>and have a lot of problems. >> >> >> >>Errors: >> >>ERROR sys_kernel/hardened-sources-2.6.11-r15 failed >>function dyn_preinst, Line 1231 Exitcode 1 >>Failed to set SELinux Security Labels. >> >>ERROR sys_libs/readline-5.0-r2 failed >>function dyn_preinst, Line 1231 Exitcode 1 >>Failed to set SELinux Security Labels. >> >> >>What can I do. >> >> DP> Let's begin with the first question: DP> Which LiveCD did you use to do the install? DP> The one that's easy to find is "merely hardened," but doesn't have an DP> SELinux kernel. It sounds like that's the one you used, and actually you DP> should have first failed when you tried to mount the "selinux" DP> filesystem inside the chroot. But if you missed that, you'd next fail DP> when it came to set security labels. DP> I wish I could tell you exactly where the correct CD is, but I've DP> forgotten. I can just assure you that it is possible to browse the DP> mirror and find an SELinux LiveCD. One other problem with it... the DP> included kernel is too old for nptl. Therefore you can't bring the DP> system up from the ground with nptl, you have to convert after your DP> first boot. DP> Hope this helps, DP> Dale Today I had same problems. i've used livecd-x86-selinux-20040616-1.iso and stage3-x86-selinux-piessp-20050726.tar.bz2 Changing policycompat didn't help, because not only selinux versions was different, but policy on livecd and chrooted enviroment was different. Overwriting livecd policy with stage didn't help. I've solved it booting without selinux (at boot time choose "nose" or something like this), merge needed ebuilds, and after reboot relabel fs. -- Best regards, boger mailto:boger@ttk.ru -- gentoo-hardened@gentoo.org mailing list ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re[3]: [gentoo-hardened] Problem with installation gentoo selinux 2005-11-26 19:15 ` Re[2]: " boger @ 2005-11-26 19:26 ` boger 2005-11-27 10:48 ` Ewald Wasscher 1 sibling, 0 replies; 6+ messages in thread From: boger @ 2005-11-26 19:26 UTC (permalink / raw To: boger Hello boger, b> Today I had same problems. b> i've used livecd-x86-selinux-20040616-1.iso and b> stage3-x86-selinux-piessp-20050726.tar.bz2 b> Changing policycompat didn't help, because not only selinux b> versions was different, but policy on livecd and chrooted b> enviroment was different. b> Overwriting livecd policy with stage didn't help. b> I've solved it booting without selinux (at boot time choose b> "nose" or something like this), merge needed ebuilds, and after b> reboot relabel b> fs. Correction, when livecd promts for kernel choise - press f1 and type seoff. Portage will complain, that selinux disabled and skip relabeling. Should this information be in selinux handbook? -- Best regards, boger mailto:boger@ttk.ru -- gentoo-hardened@gentoo.org mailing list ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-hardened] Problem with installation gentoo selinux 2005-11-26 19:15 ` Re[2]: " boger 2005-11-26 19:26 ` Re[3]: " boger @ 2005-11-27 10:48 ` Ewald Wasscher 1 sibling, 0 replies; 6+ messages in thread From: Ewald Wasscher @ 2005-11-27 10:48 UTC (permalink / raw To: gentoo-hardened [-- Attachment #1: Type: text/plain, Size: 1387 bytes --] Hey all, I encountered the same problems, I solved them by not loading the SELinux policy from within the chroot, see below. >>> Errors: >>> >>> ERROR sys_kernel/hardened-sources-2.6.11-r15 failed >>> function dyn_preinst, Line 1231 Exitcode 1 >>> Failed to set SELinux Security Labels. >>> >>> > DP> I wish I could tell you exactly where the correct CD is, but I've > DP> forgotten. I can just assure you that it is possible to browse the > DP> mirror and find an SELinux LiveCD. One other problem with it... the > DP> included kernel is too old for nptl. > > <snip> > Today I had same problems. > i've used livecd-x86-selinux-20040616-1.iso and stage3-x86-selinux-piessp-20050726.tar.bz2 > I use the same stage and this livecd: "http://my.gentoo.mirror.tld/gentoo/experimental/x86/hardened/livecd/hardened-x86-2005.1.iso" IIRC I encounter the "Failed to set SELinux Security Labels." error message when I somehow try to load the selinux policy from within the chroot. I simply don't bother about the policy at this stage and just relabel the fs after first boot. I have FEATURES="loadpolicy" commented out in make.conf to prevent portage from loading the policy from within the chroot. I haven't used nptl, but the livecd I use has a pretty recent kernel (2.6.11?), so I guess that shouldn't be a problem. Ewald Wasscher [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 208 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2005-11-27 10:49 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2005-11-23 16:09 [gentoo-hardened] Problem with installation gentoo selinux pedro 2005-11-23 20:30 ` DeadManMoving 2005-11-23 22:43 ` Dale Pontius 2005-11-26 19:15 ` Re[2]: " boger 2005-11-26 19:26 ` Re[3]: " boger 2005-11-27 10:48 ` Ewald Wasscher
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox