Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[SOLVED] SELinux: id -Z says kernel is not SELinux enabled
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
vyedmic
n00b
n00b


Joined: 02 Dec 2010
Posts: 51
PostPosted: Tue May 21, 2013 5:49 pm    Post subject: [SOLVED] SELinux: id -Z says kernel is not SELinux enabled Reply with quote
Hello,

I have built an SELinux enabled kernel and after following the Gentoo SELinux Handbook all seems to be fine. Filesystem is labeled, policies are loaded, sestatus reports SELinux as enabled, yet id -Z throws up

Code:
id: --context (-Z) works only on an SELinux-enabled kernel


I need it to troubleshoot some role contexts.

Profile is set to hardened/linux/amd64/selinux, and running kernel is 3.8.6-hardened.

I have done emerge -eN system but it didn't help. What could be wrong? Thank you.

Last edited by vyedmic on Sun May 26, 2013 9:14 pm; edited 1 time in total
Back to top
View user's profile Send private message
vaxbrat
l33t
l33t


Joined: 05 Oct 2005
Posts: 731
Location: DC Burbs
PostPosted: Wed May 22, 2013 5:07 am    Post subject: getting the dumb question out of the way Reply with quote
you did re-emerge coreutils with selinux enabled right?
Back to top
View user's profile Send private message
vyedmic
n00b
n00b


Joined: 02 Dec 2010
Posts: 51
PostPosted: Thu May 23, 2013 11:28 pm    Post subject: Reply with quote
Thank you for taking your time to get my dumb question out of the way.

I cannot emerge anything when selinux is enabled since the root role doesn't exist(i did create it and it is now in seusers) and my contexts are wrong for some reason. I have followed the selinux handbook down to a t. I managed to troubleshoot it last time somehow but i have forgotten what i did then.

More dumb questions:

Why does selinux need to be enabled for the build of coreutils? Why is not the selinux USE flag enough? (I have relabeled the filesystem after last rebuild)

Why is selinux preventing me emerging anything when it is set to permissive mode?

Sorry for taking up your time.
Back to top
View user's profile Send private message
vaxbrat
l33t
l33t


Joined: 05 Oct 2005
Posts: 731
Location: DC Burbs
PostPosted: Fri May 24, 2013 2:21 am    Post subject: It's been a while since I've enabled it myself Reply with quote
However I recall just building everything first with selinux disabled from the kernel boot but with selinux USE flag enabled. Then you boot up with selinux enabled in kernel and mount the /selinux filesystem to do the labeling. Don't recall ever having trouble with coreutils not thinking selinux was enabled. Did you miss emerging crucial parts of the reference policy?
Back to top
View user's profile Send private message
vyedmic
n00b
n00b


Joined: 02 Dec 2010
Posts: 51
PostPosted: Sun May 26, 2013 9:13 pm    Post subject: Fixed Reply with quote
So re-emerging all the policies solved it. Thanks. Very confusing error message IMO.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy