| View previous topic :: View next topic |
| Author |
Message |
sadriver
n00b
Joined: 19 Apr 2025
Posts: 1
|
 Posted: Sat Apr 19, 2025 8:10 pm Post subject: install grub hardened/selinux without MCS |
 |
|
When i try to install grub i get the error:
make: Entering directory '/var/tmp/portage/sec-policy/selinux-makewhatis-2.20240916-r1/work/mcs'
Makefile:8: /usr/share/selinux/mcs/include/Makefile: No such file or directory
make: *** No rule to make target '/usr/share/selinux/mcs/include/Makefile'. Stop.
make: Leaving directory '/var/tmp/portage/sec-policy/selinux-makewhatis-2.20240916-r1/work/mcs'
* ERROR: sec-policy/selinux-makewhatis-2.20240916-r1::gentoo failed (compile phase):
* emake failed
the log files says:
^[[32m * ^[[39;49;00mPackage: sec-policy/selinux-makewhatis-2.20240916-r1:0
^[[32m * ^[[39;49;00mRepository: gentoo
^[[32m * ^[[39;49;00mMaintainer: selinux@gentoo.org
^[[32m * ^[[39;49;00mUSE: abi_x86_64 amd64 elibc_glibc kernel_linux
^[[32m * ^[[39;49;00mFEATURES: network-sandbox preserve-libs sandbox selinux sesandbox userpriv usersandbox
>>> Unpacking source...
>>> Unpacking refpolicy-2.20240916.tar.bz2 to /var/tmp/portage/sec-policy/selinux-makewhatis-2.20240916-r1/work
>>> Unpacking patchbundle-selinux-base-policy-2.20240916-r1.tar.bz2 to /var/tmp/portage/sec-policy/selinux-makewhatis-2.20240916-r1/work
>>> Source unpacked in /var/tmp/portage/sec-policy/selinux-makewhatis-2.20240916-r1/work
>>> Preparing source in /var/tmp/portage/sec-policy/selinux-makewhatis-2.20240916-r1/work ...
^[[32m*^[[0m Applying SELinux policy updates ...
^[[32m*^[[0m Applying 0001-full-patch-against-stable-release.patch ...
^[[A^[[160C ^[[34;01m[ ^[[32;01mok^[[34;01m ]^[[0m
>>> Source prepared.
>>> Configuring source in /var/tmp/portage/sec-policy/selinux-makewhatis-2.20240916-r1/work ...
>>> Source configured.
>>> Compiling source in /var/tmp/portage/sec-policy/selinux-makewhatis-2.20240916-r1/work ...
make -j32 NAME=strict SHAREDIR=/usr/share/selinux -C /var/tmp/portage/sec-policy/selinux-makewhatis-2.20240916-r1/work//strict
make: Entering directory '/var/tmp/portage/sec-policy/selinux-makewhatis-2.20240916-r1/work/strict'
Compiling strict makewhatis module
Creating strict makewhatis.pp policy package
rm tmp/makewhatis.mod tmp/makewhatis.mod.fc
make: Leaving directory '/var/tmp/portage/sec-policy/selinux-makewhatis-2.20240916-r1/work/strict'
make -j32 NAME=targeted SHAREDIR=/usr/share/selinux -C /var/tmp/portage/sec-policy/selinux-makewhatis-2.20240916-r1/work//targeted
make: Entering directory '/var/tmp/portage/sec-policy/selinux-makewhatis-2.20240916-r1/work/targeted'
Compiling targeted makewhatis module
Creating targeted makewhatis.pp policy package
rm tmp/makewhatis.mod tmp/makewhatis.mod.fc
make: Leaving directory '/var/tmp/portage/sec-policy/selinux-makewhatis-2.20240916-r1/work/targeted'
make -j32 NAME=mcs SHAREDIR=/usr/share/selinux -C /var/tmp/portage/sec-policy/selinux-makewhatis-2.20240916-r1/work//mcs
make: Entering directory '/var/tmp/portage/sec-policy/selinux-makewhatis-2.20240916-r1/work/mcs'
Makefile:8: /usr/share/selinux/mcs/include/Makefile: No such file or directory
make: *** No rule to make target '/usr/share/selinux/mcs/include/Makefile'. Stop.
make: Leaving directory '/var/tmp/portage/sec-policy/selinux-makewhatis-2.20240916-r1/work/mcs'
^[[31;01m*^[[0m ERROR: sec-policy/selinux-makewhatis-2.20240916-r1::gentoo failed (compile phase):
^[[31;01m*^[[0m emake failed
^[[31;01m*^[[0m
^[[31;01m*^[[0m If you need support, post the output of `emerge --info '=sec-policy/selinux-makewhatis-2.20240916-r1::gentoo'`,
^[[31;01m*^[[0m the complete build log and the output of `emerge -pqv '=sec-policy/selinux-makewhatis-2.20240916-r1::gentoo'`.
^[[31;01m*^[[0m The complete build log is located at '/var/tmp/portage/sec-policy/selinux-makewhatis-2.20240916-r1/temp/build.log'.
^[[31;01m*^[[0m The ebuild environment file is located at '/var/tmp/portage/sec-policy/selinux-makewhatis-2.20240916-r1/temp/environment'.
^[[31;01m*^[[0m Working directory: '/var/tmp/portage/sec-policy/selinux-makewhatis-2.20240916-r1/work'
^[[31;01m*^[[0m S: '/var/tmp/portage/sec-policy/selinux-makewhatis-2.20240916-r1/work/'
So it seems to think im using the MCS enforcement policy but when I check my SELINUXTYPE=strict so obviously /usr/share/selinux/mcs/ doesnt exist. The same issue occurs when i emerge efibootmgr and some other packages but most packages work fine.
how do i emerge grub such that it knows my enforcement type is set to strict not mcs?
Also here is the output of emerge --info '=sec-policy/selinux-makewhatis-2.20240916-r1::gentoo
Portage 3.0.67 (python 3.12.9-final-0, default/linux/amd64/23.0/hardened/selinux, gcc-14, glibc-2.40-r8, 6.8.0-38-generic x86_64)
=================================================================
System Settings
=================================================================
System uname: Linux-6.8.0-38-generic-x86_64-AMD_Ryzen_9_9950X_16-Core_Processor-with-glibc2.40
KiB Mem: 31928432 total, 21079928 free
KiB Swap: 67108860 total, 67108860 free
Timestamp of repository gentoo: Sat, 19 Apr 2025 08:45:00 +0000
Head commit of repository gentoo: f39a6e49c1ef6cb0b99ec34854abf87b6d695a0f
sh bash 5.2_p37
ld GNU ld (Gentoo 2.44 p1) 2.44.0
app-misc/pax-utils: 1.3.8::gentoo
app-shells/bash: 5.2_p37::gentoo
dev-build/autoconf: 2.72-r1::gentoo
dev-build/automake: 1.17-r1::gentoo
dev-build/libtool: 2.5.4::gentoo
dev-build/make: 4.4.1-r100::gentoo
dev-build/meson: 1.7.0::gentoo
dev-lang/perl: 5.40.0-r1::gentoo
dev-lang/python: 3.12.9::gentoo, 3.13.2::gentoo
sec-policy/selinux-base: 2.20240916-r1::gentoo
sys-apps/baselayout: 2.17::gentoo
sys-apps/openrc: 0.56::gentoo
sys-apps/sandbox: 2.39::gentoo
sys-devel/binutils: 2.44::gentoo
sys-devel/binutils-config: 5.5.2::gentoo
sys-devel/gcc: 14.2.1_p20241221::gentoo
sys-devel/gcc-config: 2.12.1::gentoo
sys-kernel/linux-headers: 6.12::gentoo (virtual/os-headers)
sys-libs/glibc: 2.40-r8::gentoo
sys-libs/libselinux: 3.7-r1::gentoo
Repositories:
gentoo
location: /var/db/repos/gentoo
sync-type: rsync
sync-uri: rsync://rsync.gentoo.org/gentoo-portage
priority: -1000
volatile: False
sync-rsync-verify-metamanifest: yes
sync-rsync-extra-opts:
sync-rsync-verify-max-age: 3
sync-rsync-verify-jobs: 1
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="@FREE @FREE"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/sandbox.d"
CXXFLAGS="-O2 -pipe"
DISTDIR="/var/cache/distfiles"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance buildpkg-live config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync merge-wait multilib-strict network-sandbox news parallel-fetch pkgdir-index-trusted preserve-libs protect-owned qa-unresolved-soname-deps sandbox selinux sesandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="https://gentoo.osuosl.org/ https://mirrors.mit.edu/gentoo-distfiles/"
LANG="C.UTF8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-z,pack-relative-relocs"
LEX="flex"
MAKEOPTS="-j32"
PKGDIR="/var/cache/binpkgs"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
RUSTFLAGS=" -C target-cpu=native"
SHELL="/bin/bash"
USE="acl amd64 audit bzip2 caps crypt flac gdbm hardened iconv ipv6 libtirpc multilib ncurses nls openmp pam pcre pic pie readline savedconfig seccomp selinux ssl ssp test-rust unicode x xattr xinerama xtpax zlib" ABI_X86="64" ADA_TARGET="gcc_14" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_anon authn_dbm authn_file authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires ext_filter file_cache filter headers include info log_config logio mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2 aes avx avx2 avx512_bf16 avx512_bitalg avx512_vbmi2 avx512_vnni avx512_vp2intersect avx512_vpopcntdq avx512bw avx512cd avx512dq avx512f avx512ifma avx512vbmi avx512vl f16c fma3 pclmul popcnt rdrand sha sse3 sse4_1 sse4_2 sse4a ssse3 vpclmulqdq" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax navcom oceanserver oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 tsip tripmate tnt ublox" GUILE_SINGLE_TARGET="3-0" GUILE_TARGETS="3-0" INPUT_DEVICES="libinput" KERNEL="linux" LCD_DEVICES="bayrad cfontz glk hd44780 lb216 lcdm001 mtxorb text" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-2" POSTGRES_TARGETS="postgres17" PYTHON_SINGLE_TARGET="python3_12" PYTHON_TARGETS="python3_12" RUBY_TARGETS="ruby32" VIDEO_CARDS="amdgpu fbdev intel nouveau radeon radeonsi vesa dummy" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipp2p iface geoip fuzzy condition tarpit sysrq proto logmark ipmark dhcpmac delude chaos account"
Unset: ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EMERGE_DEFAULT_OPTS, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LFLAGS, LIBTOOL, LINGUAS, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PYTHONPATH, RANLIB, READELF, SIZE, STRINGS, STRIP, YACC, YFLAGS |
|
| Back to top |
|
 |
BurningMemory
n00b
Joined: 17 Jan 2023
Posts: 58
|
| Posted: Sat Apr 19, 2025 10:31 pm Post subject: |
|
|
Hello. It seems you have the MCS policy enabled in the variable, but not
actually present. So, portage thinks it should be there. Try updating the
selinux set first and then installing grub. Looks like it did find the makefiles
in other policy's directories.
From what I know portage looks at its own variable instead of the SELINUXTYPE.
Take a look at POLICY_TYPES, declared in make.conf
Should look something like POLICY_TYPES="strict targeted", for example.
Also, take a look at https://wiki.gentoo.org/wiki/SELinux/Installation |
|
| Back to top |
|
|
pabloblo
Tux's lil' helper
Joined: 24 Jan 2024
Posts: 85
|
| Posted: Sat Apr 26, 2025 12:23 pm Post subject: |
|
|
i propose to edit /etc/portage/make.conf
and POLICY_TYPES="strict targeted"
Make sure mcs is not listed if you are not using it.
emerge -u1 @selinux
After that, you should be able to install GRUB without errors. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Installing Gentoo
