Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[ SOLVED ] SELinux - Missing contexts
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Thistled
Guru
Guru


Joined: 06 Jan 2011
Posts: 572
Location: Scotland
PostPosted: Mon Jul 08, 2013 1:53 pm    Post subject: [ SOLVED ] SELinux - Missing contexts Reply with quote
This is a weird one.

It seems I am unable to create and install policy modules, as I see the same error every time.

Code:
Error opening /etc/selinux/strict/contexts/files/file_contexts.local: No such file or directory


Which is absolutely correct. It does not exist. Why?

I thought I might try to re-install selinux-base-policy, but each time it fails with..
Code:
>>> Failed to emerge sec-policy/selinux-base-policy-2.20130424-r1, Log file:
>>>  '/var/tmp/portage/sec-policy/selinux-base-policy-2.20130424-r1/temp/build.log'
>>> Jobs: 0 of 1 complete, 1 failed                 Load avg: 0.44, 0.13, 0.08
 * Package:    sec-policy/selinux-base-policy-2.20130424-r1
 * Repository: gentoo
 * Maintainer: selinux@gentoo.org
 * USE:        abi_x86_32 elibc_glibc kernel_linux selinux unconfined userland_GNU x86
 * FEATURES:   preserve-libs sandbox sesandbox
>>> Unpacking source...
>>> Unpacking refpolicy-2.20130424.tar.bz2 to /var/tmp/portage/sec-policy/selinux-base-policy-2.20130424-r1/work
>>> Unpacking patchbundle-selinux-base-policy-2.20130424-r1.tar.bz2 to /var/tmp/portage/sec-policy/selinux-base-policy-2.20130424-r1/work
>>> Source unpacked in /var/tmp/portage/sec-policy/selinux-base-policy-2.20130424-r1/work
>>> Preparing source in /var/tmp/portage/sec-policy/selinux-base-policy-2.20130424-r1/work ...
 * Applying SELinux policy updates ...
 *   0001-full-diff-set-and-refpolicy-merger-r1.patch ...
 [ ok ]
 * Done with patching
>>> Source prepared.
>>> Configuring source in /var/tmp/portage/sec-policy/selinux-base-policy-2.20130424-r1/work ...
>>> Source configured.
>>> Compiling source in /var/tmp/portage/sec-policy/selinux-base-policy-2.20130424-r1/work ...
make -j1 -j1 NAME=targeted -C /var/tmp/portage/sec-policy/selinux-base-policy-2.20130424-r1/work//targeted
make: Entering directory `/var/tmp/portage/sec-policy/selinux-base-policy-2.20130424-r1/work/targeted'
Makefile:8: /usr/share/selinux/targeted/include/Makefile: No such file or directory
make: *** No rule to make target `/usr/share/selinux/targeted/include/Makefile'.  Stop.
make: Leaving directory `/var/tmp/portage/sec-policy/selinux-base-policy-2.20130424-r1/work/targeted'
 * ERROR: sec-policy/selinux-base-policy-2.20130424-r1 failed (compile phase):
 *   emake failed
 *

Why am I seeing.......?
Makefile:8: /usr/share/selinux/targeted/include/Makefile: No such file or directory
when my system is set to strict and not targeted?

Any ideas what the hell is going on with my SELinux box.
I create policies to hopefully clear the mess in the avc log, but the policies don't resolve the problems.

SELinux is not for thickos like myself.

I will never be able to run in enforce mode.

Damn. :evil:
_________________
Whatever you do, do it properly!

Last edited by Thistled on Tue Jul 09, 2013 12:36 pm; edited 1 time in total
Back to top
View user's profile Send private message
Thistled
Guru
Guru


Joined: 06 Jan 2011
Posts: 572
Location: Scotland
PostPosted: Tue Jul 09, 2013 12:36 pm    Post subject: Reply with quote
** UPDATE **

It seems after a few....
Code:
rlpkg

and a few reboots portage is now able to download the security policies for switching to a targeted policy.
_________________
Whatever you do, do it properly!
Back to top
View user's profile Send private message
samiswt
n00b
n00b


Joined: 13 Apr 2013
Posts: 20
PostPosted: Tue Jul 09, 2013 10:10 pm    Post subject: I have the same problem and this solution doesn't make sense Reply with quote
Thistled wrote:
** UPDATE **

It seems after a few....
Code:
rlpkg

and a few reboots portage is now able to download the security policies for switching to a targeted policy.


I've tried this way and it doesn't work for me. My SELinux config is 'strict', is this the problem?
Code:

sam ~ # sestatus
SELinux status:                 disabled
sam ~ # ls /etc/selinux/strict/contexts/files -l
total 368
-rw-r--r--. 1 root root  69196 Jul  9 10:47 file_contexts
-rw-r--r--. 1 root root 286351 Jul  9 10:47 file_contexts.bin
-rw-r--r--. 1 root root   1909 Jul  9 10:47 file_contexts.homedirs
-rw-r--r--. 1 root root    229 Jul  9 10:15 file_contexts.subs_dist
-rw-r--r--. 1 root root    130 Jul  9 10:15 media
sam ~ # rlpkg -a -r
Relabeling filesystem types: btrfs ext2 ext3 ext4 jfs xfs zfs
Scanning for shared libraries with text relocations...
0 libraries with text relocations, 0 not relabeled.
Scanning for PIE binaries with text relocations...
0 binaries with text relocations detected.


Dell PowerEdge 850
Gentoo/Linux latest

Please help me!

My SELinux type is permissive and strict, should I have to change it to target?
Back to top
View user's profile Send private message
Thistled
Guru
Guru


Joined: 06 Jan 2011
Posts: 572
Location: Scotland
PostPosted: Wed Jul 10, 2013 11:38 am    Post subject: Reply with quote
If you have it set to strict then that is fine.
It seems if you wish to switch to targeted then you may have a problem.

I was chatting with one of the developers / maintainers of SELinux for Gentoo last night.
He is intrigued by my problem and would like to help further.

If I switch to targeted portage fails, I have to switch back to strict to fix this.

My main issue now is, when I switch to targeted, I can't get SELinux to switch the policies.
It's kind of like the dependency hell you get with portage sometimes.

I will be chatting with Sven later today, to see if there is a resolution to this, otherwise I may have to file a bug.

Hey, you never know, it may be that I have done something terribly wrong. :lol:
_________________
Whatever you do, do it properly!
Back to top
View user's profile Send private message
Thistled
Guru
Guru


Joined: 06 Jan 2011
Posts: 572
Location: Scotland
PostPosted: Wed Jul 10, 2013 4:01 pm    Post subject: Reply with quote
Thistled wrote:
** UPDATE **

It seems after a few....
Code:
rlpkg

and a few reboots portage is now able to download the security policies for switching to a targeted policy.


Code:
Error opening /etc/selinux/strict/contexts/files/file_contexts.local: No such file or directory

This was resolved by touching the file. Big thanks to Swift for the tip.
_________________
Whatever you do, do it properly!
Back to top
View user's profile Send private message
aleiphoenix
n00b
n00b


Joined: 03 Sep 2012
Posts: 27
PostPosted: Sat Nov 30, 2013 1:09 pm    Post subject: Reply with quote
Same issue here, solving by touch the /etc/selinux/${POLICY}/contexts/files/file_contexts.local file.

Update:

seems change policy type can result in this problem, see https://bugs.gentoo.org/show_bug.cgi?id=473502

re-emerging the sys-libs/libselinux-2.1.13-r4 solves the problem too.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy