# [SOLVED] SELinux: id -Z says kernel is not SELinux enabled

## vyedmic

Hello,

I have built an SELinux enabled kernel and after following the Gentoo SELinux Handbook all seems to be fine. Filesystem is labeled, policies are loaded, sestatus reports SELinux as enabled, yet id -Z throws up

```
id: --context (-Z) works only on an SELinux-enabled kernel
```

I need it to troubleshoot some role contexts. 

Profile is set to hardened/linux/amd64/selinux, and running kernel is 3.8.6-hardened.

I have done emerge -eN system but it didn't help. What could be wrong? Thank you.Last edited by vyedmic on Sun May 26, 2013 9:14 pm; edited 1 time in total

----------

## vaxbrat

you did re-emerge coreutils with selinux enabled right?

----------

## vyedmic

Thank you for taking your time to get my dumb question out of the way.

I cannot emerge anything when selinux is enabled since the root role doesn't exist(i did create it and it is now in seusers) and my contexts are wrong for some reason. I have followed the selinux handbook down to a t. I managed to troubleshoot it last time somehow but i have forgotten what i did then.

More dumb questions:

Why does selinux need to be enabled for the build of coreutils? Why is not the selinux USE flag enough? (I have relabeled the filesystem after last rebuild)

Why is selinux preventing me emerging anything when it is set to permissive mode?

Sorry for taking up your time.

----------

## vaxbrat

However I recall just building everything first with selinux disabled from the kernel boot but with selinux USE flag enabled.  Then you boot up with selinux enabled in kernel and mount the /selinux filesystem to do the labeling.  Don't recall ever having trouble with coreutils not thinking selinux was enabled.  Did you miss emerging crucial parts of the reference policy?

----------

## vyedmic

So re-emerging all the policies solved it. Thanks. Very confusing error message IMO.

----------

