Indeed, the step "Configure the SELinux policy" needs to be done the moment that /etc/selinux/config is made available and before the world upgrade.
Strict isn't a requirement but it is of course important to configure it (the policy type) correctly beforehand. On Feb 25, 2014 3:33 AM, "Erik Mackdanz" <[email protected]> wrote: > Thank you. I confirmed that portage had been running under python 2.7. > > I found the problem, though... I'd set POLICY_TYPES="targeted" in > make.conf, and therefore portage installed policies into > /etc/selinux/targeted only. However, running /usr/sbin/selinuxconfig and > catting /etc/selinux/config both made clear that 'strict' was a requirement. > > I've worked through it by setting POLICY_TYPES="strict targeted", then > rebuilding selinux-base and selinux-base-policy. I feel like this is > another documentation bug - the user should be told either that 'strict' is > initially required in make.conf, or that /etc/selinux/config must be edited > before the selinux-base-policy install. > > Anyway, thanks again. I'm sure I'll be back... > > Erik > > > On Sun, Feb 23, 2014 at 8:00 PM, Dustin C. Hatch <[email protected]>wrote: > >> On 02/23/2014 06:18 PM, Erik Mackdanz wrote: >> > I'm attempting to convert my laptop to SELinux using the conversion >> > guide, and I've run into a few snags with documentation. I've consulted >> > the troubleshooting page, archives and forums, and now am reaching out >> > directly. >> > >> > 1) When I get to the world update ('emerge -uDN world'), every package >> > fails at install with 'Failed to set SELinux security labels.' Don't I >> > also need 'FEATURES="-selinux"' for that step (like the preceding step)? >> > >> I am fairly sure FEATURES=selinux is pretty important at this step; this >> is where you are re-installing all packages with SELinux support, and >> the security labels are supposed to be set. >> >> I had the same problem, though, on a recent conversion. In my case, the >> problem was emerge was using python3, but the selinux module only exists >> for python2. Try setting python2.7 as your default interpreter, or >> re-emerge portage with USE=python2. The latter is what I did and now >> everything works fine. >> >> -- >> ♫Dustin >> http://dustin.hatch.name/ >> >> >
