# [ SOLVED ] SELinux - Missing contexts

## Thistled

This is a weird one.

It seems I am unable to create and install policy modules, as I see the same error every time.

```
Error opening /etc/selinux/strict/contexts/files/file_contexts.local: No such file or directory
```

Which is absolutely correct. It does not exist. Why?

I thought I might try to re-install selinux-base-policy, but each time it fails with..

```
>>> Failed to emerge sec-policy/selinux-base-policy-2.20130424-r1, Log file:

>>>  '/var/tmp/portage/sec-policy/selinux-base-policy-2.20130424-r1/temp/build.log'

>>> Jobs: 0 of 1 complete, 1 failed                 Load avg: 0.44, 0.13, 0.08

 * Package:    sec-policy/selinux-base-policy-2.20130424-r1

 * Repository: gentoo

 * Maintainer: selinux@gentoo.org

 * USE:        abi_x86_32 elibc_glibc kernel_linux selinux unconfined userland_GNU x86

 * FEATURES:   preserve-libs sandbox sesandbox

>>> Unpacking source...

>>> Unpacking refpolicy-2.20130424.tar.bz2 to /var/tmp/portage/sec-policy/selinux-base-policy-2.20130424-r1/work

>>> Unpacking patchbundle-selinux-base-policy-2.20130424-r1.tar.bz2 to /var/tmp/portage/sec-policy/selinux-base-policy-2.20130424-r1/work

>>> Source unpacked in /var/tmp/portage/sec-policy/selinux-base-policy-2.20130424-r1/work

>>> Preparing source in /var/tmp/portage/sec-policy/selinux-base-policy-2.20130424-r1/work ...

 * Applying SELinux policy updates ... 

 *   0001-full-diff-set-and-refpolicy-merger-r1.patch ...

 [ ok ]

 * Done with patching

>>> Source prepared.

>>> Configuring source in /var/tmp/portage/sec-policy/selinux-base-policy-2.20130424-r1/work ...

>>> Source configured.

>>> Compiling source in /var/tmp/portage/sec-policy/selinux-base-policy-2.20130424-r1/work ...

make -j1 -j1 NAME=targeted -C /var/tmp/portage/sec-policy/selinux-base-policy-2.20130424-r1/work//targeted 

make: Entering directory `/var/tmp/portage/sec-policy/selinux-base-policy-2.20130424-r1/work/targeted'

Makefile:8: /usr/share/selinux/targeted/include/Makefile: No such file or directory

make: *** No rule to make target `/usr/share/selinux/targeted/include/Makefile'.  Stop.

make: Leaving directory `/var/tmp/portage/sec-policy/selinux-base-policy-2.20130424-r1/work/targeted'

 * ERROR: sec-policy/selinux-base-policy-2.20130424-r1 failed (compile phase):

 *   emake failed

 * 

```

Why am I seeing.......?

Makefile:8: /usr/share/selinux/targeted/include/Makefile: No such file or directory

when my system is set to strict and not targeted?

Any ideas what the hell is going on with my SELinux box.

I create policies to hopefully clear the mess in the avc log, but the policies don't resolve the problems.

SELinux is not for thickos like myself.

I will never be able to run in enforce mode.

Damn.  :Evil or Very Mad: 

----------

## Thistled

** UPDATE **

It seems after a few....

```
rlpkg
```

and a few reboots portage is now able to download the security policies for switching to a targeted policy.

----------

## samiswt

 *Thistled wrote:*   

> ** UPDATE **
> 
> It seems after a few....
> 
> ```
> ...

 

I've tried this way and it doesn't work for me. My SELinux config is 'strict', is this the problem?

```

sam ~ # sestatus

SELinux status:                 disabled

sam ~ # ls /etc/selinux/strict/contexts/files -l

total 368

-rw-r--r--. 1 root root  69196 Jul  9 10:47 file_contexts

-rw-r--r--. 1 root root 286351 Jul  9 10:47 file_contexts.bin

-rw-r--r--. 1 root root   1909 Jul  9 10:47 file_contexts.homedirs

-rw-r--r--. 1 root root    229 Jul  9 10:15 file_contexts.subs_dist

-rw-r--r--. 1 root root    130 Jul  9 10:15 media

sam ~ # rlpkg -a -r

Relabeling filesystem types: btrfs ext2 ext3 ext4 jfs xfs zfs

Scanning for shared libraries with text relocations...

0 libraries with text relocations, 0 not relabeled.

Scanning for PIE binaries with text relocations...

0 binaries with text relocations detected.

```

Dell PowerEdge 850

Gentoo/Linux latest

Please help me!

My SELinux type is permissive and strict, should I have to change it to target?

----------

## Thistled

If you have it set to strict then that is fine.

It seems if you wish to switch to targeted then you may have a problem.

I was chatting with one of the developers / maintainers of SELinux for Gentoo last night.

He is intrigued by my problem and would like to help further.

If I switch to targeted portage fails, I have to switch back to strict to fix this.

My main issue now is, when I switch to targeted, I can't get SELinux to switch the policies.

It's kind of like the dependency hell you get with portage sometimes.

I will be chatting with Sven later today, to see if there is a resolution to this, otherwise I may have to file a bug.

Hey, you never know, it may be that I have done something terribly wrong.   :Laughing: 

----------

## Thistled

 *Thistled wrote:*   

> ** UPDATE **
> 
> It seems after a few....
> 
> ```
> ...

 

```
Error opening /etc/selinux/strict/contexts/files/file_contexts.local: No such file or directory
```

This was resolved by touching the file. Big thanks to Swift for the tip.

----------

## aleiphoenix

Same issue here, solving by touch the /etc/selinux/${POLICY}/contexts/files/file_contexts.local file.

Update:

seems change policy type can result in this problem, see https://bugs.gentoo.org/show_bug.cgi?id=473502

re-emerging the sys-libs/libselinux-2.1.13-r4 solves the problem too.

----------

