While updating a system to become SELinux-enabled, in step "Installing policies and utilities, part two" of the installation instructions at https://wiki.gentoo.org/wiki/SELinux/Installation the emerge command gives an error like so: >>> Regenerating /etc/ld.so.cache../.. >>> Original instance of package unmerged safely. * Inserting the following modules, with base, into the strict module store: application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork tmpfiles udev userdomain usermanage unprivuser xdg The --base option is deprecated. Use --install instead. Relabeling: sys-apps/openrc-0.17 Traceback (most recent call last): File "/usr/lib/python-exec/python2.7/rlpkg", line 318, in <module> main() File "/usr/lib/python-exec/python2.7/rlpkg", line 313, in main rc += relabel_packages(packages,reset,verbose) File "/usr/lib/python-exec/python2.7/rlpkg", line 240, in relabel_packages childin.write(j+n) IOError: [Errno 32] Broken pipe >>> sec-policy/selinux-base-policy-2.20141203-r8 merged. Reproducible: Always
This is probably related to the switch of relabeling files through the selinux eclass. We might need to support FEATURES="-selinux" in that eclass, or check if SELinux is already active or not and if not, don't run the labelling step.