# SELiunx policy install error.. any ideas?

## scottd34

I am getting the following error output from the "make load" step after emergeing selinux-base-policy while following the SE linux quickstart guide.  Any ideas where I went wrong?  I wasn't able to find anything in bugzilla or in the forums about a fix action.  I tried a few things including re-emerging the other files it needs prior to the policy emerge, unmerging and re emerging the policy, checking the bugzilla and forums with no clues.

```

mkdir -p tmp

( cd domains/program/ ; for n in *.te ; do echo "define(\`$n')"; done ) > tmp/program_used_flags.te

( cd domains/misc/ ; for n in *.te ; do echo "define(\`$n')"; done ) >> tmp/program_used_flags.te

cat macros/program/chkpwd_macros.te macros/program/chroot_macros.te macros/program/crond_macros.te macros/program/crontab_macros.te macros/program/gph_macros.te macros/program/lpr_macros.te macros/program/mount_macros.te macros/program/mta_macros.te macros/program/netscape_macros.te macros/program/run_program_macros.te macros/program/ssh_macros.te macros/program/su_macros.te > tmp/all_program_macros.te

cat macros/admin_macros.te macros/global_macros.te macros/user_macros.te tmp/all_program_macros.te > tmp/all_macros.te

cat types/*.te > tmp/all_types.te

cat domains/*.te domains/misc/*.te domains/program/*.te > tmp/all_domains.te

cat attrib.te tmp/program_used_flags.te tmp/all_macros.te tmp/all_types.te tmp/all_domains.te assert.te > tmp/all.te

m4 -Imacros -s tmp/all.te rbac > tmp/te-rbac.m4

m4 -Imacros -s tmp/program_used_flags.te tmp/all_macros.te constraints initial_sid_contexts fs_use genfs_contexts net_contexts > tmp/constraints-contexts.m4

mkdir -p tmp

cat flask/security_classes flask/initial_sids flask/access_vectors tmp/te-rbac.m4 users tmp/constraints-contexts.m4 > policy.conf

mkdir -p /etc/security/selinux/src

install -m 644 -o root -g root policy.conf /etc/security/selinux/src/policy.conf

mkdir -p /etc/security/selinux

/usr/bin/checkpolicy -o /etc/security/selinux/policy.15 /etc/security/selinux/src/policy.conf

/usr/bin/checkpolicy:  loading policy configuration from /etc/security/selinux/src/policy.conf

security:  3 users, 6 roles, 341 types

security:  30 classes, 22954 rules

/usr/bin/checkpolicy:  policy configuration loaded

/usr/bin/checkpolicy:  writing binary representation (version 15) to /etc/security/selinux/policy.15

/usr/sbin/load_policy /etc/security/selinux/policy.15

```

----------

## scottd34

anyone seen this error before, or have any ideas what else to look at?  im out of ideas...

----------

## klasikahl

 *scottd34 wrote:*   

> I am getting the following error output from the "make load" step after emergeing selinux-base-policy while following the SE linux quickstart guide.  Any ideas where I went wrong?  I wasn't able to find anything in bugzilla or in the forums about a fix action.  I tried a few things including re-emerging the other files it needs prior to the policy emerge, unmerging and re emerging the policy, checking the bugzilla and forums with no clues.
> 
> ```
> 
> mkdir -p tmp
> ...

 

Look at the line 

```
/usr/bin/checkpolicy:  policy configuration loaded
```

.  As you can see, the policy loaded just fine.  There is no error here, but the output of "make load" is rather verbose, this is true.  Also, we (the hardened team) can help you much more easily if you are in #gentoo-hardened on IRC.

----------

## scottd34

Looks like the last few lines got cut off.. the error reads as follows 

```

/usr/sbin/load_policy /etc/security/selinux/policy.15

/usr/sbin/load_policy:   security_load_policy failed

make: *** [tmp/load] Error 3

```

There, that makes more sence..

Ill pop over to the IRC channel also

----------

## midknight_gentoo

i had this error as well...

the nice guys on the irc channel helped me figure out it was because i had

 *Quote:*   

> [ ]   NSA SELinux MLS policy (EXPERIMENTAL)

 

enabled in the kernel...

removing it allowed the policy to load no probs

----------

## fuqnbastard

Yep, had the same problem and midknight_gentoo's solution worked for me too.

----------

## Krawiec

Maybe try this before:

```
cd /etc/security/selinux/src/policy

make clean

mkdir -p /selinux

mount /selinux

[color=red](here You can adjust Your POLICYCOMPAT in Makefile)[/color]

make policy

make load

```

It worked for me ;]

----------

