Created attachment 712098 [details] emerge --info, sec-policy/selinux-base-policy log and strace last lines result >>> Completed installing sec-policy/selinux-base-policy-2.20210203-r1 into /var/tmp/portage/sec-policy/selinux-base-policy-2.20210203-r1/image ^[[32;01m*^[[0m Final size of build directory: 56044 KiB (54.7 MiB) ^[[32;01m*^[[0m Final size of installed tree: 13948 KiB (13.6 MiB) ^[[32;01m*^[[39;49;00m checking 40 files for package collisions >>> Merging sec-policy/selinux-base-policy-2.20210203-r1 to / --- /usr/ --- /usr/share/ --- /usr/share/selinux/ --- /usr/share/selinux/strict/ !!! Failed to move /var/tmp/portage/sec-policy/selinux-base-policy-2.20210203-r1/image/usr/share/selinux/strict/application.pp to /usr/share/selinux/strict/application.pp !!! [Errno 61] No data available Emerging sec-policy/selinux-base-policy according to https://wiki.gentoo.org/wiki/SELinux/Installation#Installing_policies_and_utilities.2C_part_two results in "!!! [Errno 61] No data available". Tried to install SELinux 4 times, in two different computers, but always received the same Errno 61 every time.
I had the same exact thing happen to me. perhaps its related to sys-apps/systemd-tmpfiles being masked? I've installed SELinux on Gentoo before and I've never had any of these problems.
I believe this is a documentation error from rebooting into the SELinux enabled kernel too early.
(In reply to Sam James from comment #2) > I believe this is a documentation error from rebooting into the SELinux > enabled kernel too early. I didn't reboot into the SELinux-enabled kernel though.
(In reply to Lorenzo Iannuzzi from comment #3) > (In reply to Sam James from comment #2) > > I believe this is a documentation error from rebooting into the SELinux > > enabled kernel too early. > > I didn't reboot into the SELinux-enabled kernel though. I mention it because https://wiki.gentoo.org/wiki/SELinux/Installation#Installing_a_SELinux_kernel comes too early, and basically all of the configuration should be done first. But that definitely makes things more confusing if you haven't.
(In reply to Lorenzo Iannuzzi from comment #3) > (In reply to Sam James from comment #2) > > I believe this is a documentation error from rebooting into the SELinux > > enabled kernel too early. > > I didn't reboot into the SELinux-enabled kernel though. Rather, what I mean is that my Kernel already was configured for SELinux so I didn't need to reboot. I don't know why this would be an issue as I've always done installed SELinux like this.
Lorenzo, please check: $ cat /proc/cmdline $ sestatus And also: $ getfattr -m . -d /var/tmp/portage/sec-policy/selinux-base-policy-2.20210203-r1/image/usr/share/selinux/strict/application.pp ...but on the file which it says is getting no data for you, this error indicates that there's no SELinux label for the file in question.
(In reply to Jonathan Davies from comment #6) > Lorenzo, please check: > > $ cat /proc/cmdline > $ sestatus > > And also: > > $ getfattr -m . -d > /var/tmp/portage/sec-policy/selinux-base-policy-2.20210203-r1/image/usr/ > share/selinux/strict/application.pp > > ...but on the file which it says is getting no data for you, this error > indicates that there's no SELinux label for the file in question. I'm not sure I follow?
(In reply to Lorenzo Iannuzzi from comment #7) > I'm not sure I follow? You said that you have the same problem, but you haven't provided an error message/log - and we also have to make sure you haven't enabled SELinux while booting as this error is usually cause by portage over-eagerly enabling its SELinux features.
(In reply to Jonathan Davies from comment #8) > (In reply to Lorenzo Iannuzzi from comment #7) > > I'm not sure I follow? > > You said that you have the same problem, but you haven't provided an error > message/log - and we also have to make sure you haven't enabled SELinux > while booting as this error is usually cause by portage over-eagerly > enabling its SELinux features. Ah sure thing. ``cat /proc/cmdline`` resulted in ``BOOT_IMAGE=/vmlinuz-5.10.52-gentoo-i2n2z root=UUID=a24b7a58-bda9-4f45-9351-5e8691de1400 ro`` ``sestatus` ``SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: strict Current mode: permissive Mode from config file: disabled Policy MLS status: disabled Policy deny_unknown status: denied Memory protection checking: actual (secure) Max kernel policy version: 33`` and ``getfattr -m . -d ``getfattr -m . -d /var/tmp/portage/sec-policy/selinux-base-policy-2.20200818-r2/image/usr/share/selinux/strict/application.pp`` didn't return anything
(In reply to Lorenzo Iannuzzi from comment #9) sorry seems like i might have formatted things incorrectly
(In reply to Lorenzo Iannuzzi from comment #9) > SELinux status: enabled As Sam said, you have SELinux enabled, and in permissive mode, whereas you need to completely disable it during the initial setup (via selinux=0 as a temporary option in your bootloader). Otherwise, Portage prematurely enables some selinux features, and this error occurs.
I have had issues related to this in the past, there are a couple of things that can go wrong. One is mentioned which is booting with the selinux=0 parameter. It is also mentioned that it can start enforcing prematurely and an issue here a kernel option which appears unneeded but for some reason it isn't. This is the "SELinux development support" which is actually required for the kernel to start in permissive mode. Both of these issues will have the issue installing selinux-base-policy where one will get error mentioned in this bug. Why not have the selinux-base ebuild throw a warning if both things are an issue on someone's system?
