Thanks to all of you who have been interested in my previous message. I'm encountering much more problems than expected and I can't find a forum where to discuss about SELinux in Gentoo. I didn't find much help in this one http://forums.gentoo.org/viewforum-f-18.html . If this is not the right place to ask help, please tell me!
Now I'm trying to install the targeted policy but I can't succeed. Trying to relabel the filesystem I obtain an error: localhost ~ # rlpkg -a -r Relabeling filesystem types: ext2 ext3 jfs xfs /etc/selinux/targeted/contexts/files/file_contexts.homedirs: line 21 has invalid context user_u:object_r:user_tmp_t /etc/selinux/targeted/contexts/files/file_contexts.homedirs: line 32 has invalid context root:object_r:user_tmp_t Scanning for shared libraries with text relocations... 0 libraries with text relocations, 0 not relabeled. Scanning for PIE binaries with text relocations... 0 binaries with text relocations detected. The same error appears trying to emerge any package. Commenting this line: /tmp/gconfd-USER -d system_u:object_r:ROLE_tmp_t in /etc/selinux/targeted/contexts/files/homedir_template and then launching the genhomedircon command, successive rlpk (and emerge) succeed until next reboot. I think that this is a bad solution! In SELinux FAQ http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=3&chap=3 (section 3.f. Setfiles error messages ) it's written that "If /selinux is mounted, then most likely there is new policy that has not yet been loaded; therefore, the contexts have not yet become valid." I emerged a lot of modules, much more than needed considering that this is a Gentoo stage 3 system. localhost ~ # equery list selinux- [ Searching for package 'selinux-' in all categories among: ] * installed packages [I--] [ ] sec-policy/selinux-apache-20070928 (0) [I--] [ ] sec-policy/selinux-arpwatch-20070928 (0) [I--] [ ] sec-policy/selinux-base-policy-20070928 (0) [I--] [ ] sec-policy/selinux-bind-20070928 (0) [I--] [ ] sec-policy/selinux-dbus-20070928 (0) [I--] [ ] sec-policy/selinux-desktop-20070928 (0) [I--] [ ] sec-policy/selinux-dhcp-20070928 (0) [I--] [ ] sec-policy/selinux-dnsmasq-20070928 (0) [I--] [ ] sec-policy/selinux-games-20070928 (0) [I--] [ ] sec-policy/selinux-gnupg-20070928 (0) [I--] [ ] sec-policy/selinux-gpm-20070928 (0) [I--] [ ] sec-policy/selinux-logrotate-20070928 (0) [I--] [ ] sec-policy/selinux-nfs-20070928 (0) [I--] [ ] sec-policy/selinux-openldap-20070928 (0) [I--] [ ] sec-policy/selinux-portmap-20070928 (0) [I--] [ ] sec-policy/selinux-samba-20070928 (0) [I--] [ ] sec-policy/selinux-sudo-20070928 (0) [I--] [ ] sec-policy/selinux-tcpd-20070928 (0) [I--] [ ] sec-policy/selinux-tftpd-20070928 (0) localhost ~ # semodule -l apache 1.8.0 arpwatch 1.4.0 bind 1.5.0 dbus 1.7.0 dhcp 1.4.0 dnsmasq 1.4.0 games 1.4.0 gpg 1.4.0 gpm 1.3.0 java 1.6.0 ldap 1.5.0 logrotate 1.6.0 mono 1.3.0 mozilla 1.4.0 mplayer 1.3.0 portmap 1.5.0 rpc 1.6.0 samba 1.6.0 sudo 1.2.0 tftp 1.5.0 wine 1.4.0 xfs 1.2.0 xserver 1.6.0 localhost ~ # cat /etc/selinux/targeted/contexts/files/homedir_template HOME_DIR/.+ system_u:object_r:ROLE_home_t HOME_DIR/((www)|(web)|(public_html))(/.+)? system_u:object_r:httpd_user_content_t HOME_ROOT/lost\+found/.* <<none>> HOME_DIR -d system_u:object_r:ROLE_home_dir_t HOME_ROOT -d system_u:object_r:home_root_t /tmp/gconfd-USER -d system_u:object_r:ROLE_tmp_t HOME_ROOT/\.journal <<none>> HOME_ROOT/lost\+found -d system_u:object_r:lost_found_t
