Relabeling of filesystems (SELinux) fails

Question

After compiling the policy modules and re-compiling my core packages (Gentoo 32bit) I wanted to relabel the filesystems (via rlpkg -a -r) and packages but I get these error messages:

Relabeling filesystem types: btrfs ext2 ext3 ext4 jfs xfs /usr/sbin/setfiles set context /->system_u:object_r:root_t failed:'Operation not supported'

/usr/sbin/setfiles set context /boot->system_u:object_r:boot_t failed:'Operation not supported'

/usr/sbin/setfiles set context /home->system_u:object_r:home_root_t failed:'Operation not supported'

/usr/sbin/setfiles set context /srv->system_u:object_r:var_t failed:'Operation not supported'

/usr/sbin/setfiles set context /tmp->system_u:object_r:tmp_t failed:'Operation not supported' /usr/sbin/setfiles set context /usr->system_u:object_r:usr_t failed:'Operation not supported'

/usr/sbin/setfiles set context /var->system_u:object_r:var_t failed:'Operation not supported'

Scanning for shared libraries with text relocations...

0 libraries with text relocations, 0 not relabeled. Scanning for PIE binaries with text relocations...

0 binaries with text relocations detected.

/boot, /home, /srv, /tmp, /usr and /var are on /dev/md1-7 which are formatted using ext4.

I have found old bugreports on similiar issues but no solution so far.

score 0 · Answer 1 · answered Mar 17 '12 at 18:49

0

It looks like you do not have support enabled for extended attributes on the filesystem. You may need to enable it in the kernel or mount with the 'xattr' option. On redhat systems it doesnt seem you need to explicitly set this flag, nevertheless gentoo might differ here.

answered Mar 17 '12 at 18:49

Matthew Ife

23,357
3
55
72

extended attributes for ext4 is enabled, security labels, too. Other suggestions? – thpetrus Mar 17 '12 at 19:54
Can you try to run the following command on /var? "attr -s test -V test /var && attr -r test /var" it should be successful. – Matthew Ife Mar 17 '12 at 19:56
Yes, it is. `Attribute "test" set to a 4 byte value for /var: test` – thpetrus Mar 17 '12 at 21:24

score 0 · Answer 2 · edited Jun 11 '20 at 10:02

0

In the meantime I did a fresh gentoo installation, same configuration.

However, udev seems to have problems, as /dev/console and the /dev/tty[1-2] aren't loaded:

/etc/init.d/sshd[1205]: ERROR: sshd failed to start

/etc/init.d/urandom[1219]: ERROR: urandom failed to start

init: open(/dev/console): No such file or directory

init: open(/dev/console): No such file or directory

agetty[1233]: /dev/tty2: not a character device

agetty[1232]: /dev/tty1: not a character device

edited Jun 11 '20 at 10:02

Community

1

answered Mar 21 '12 at 13:38

thpetrus

67
1
1
10

Turns out that that the udev fstab entry was the problem: `udev /dev tmpfs rw,rootcontext=system_u:object_r:device_t,seclabel,nosuid,relatime,size=10m,mode=755 0 0` However, SELinux is disabled. – thpetrus Mar 21 '12 at 15:36

Relabeling of filesystems (SELinux) fails

2 Answers2