My Gentoo box is running Gentoo Hardened/SELinux (32bit), I followed the Gentoo Hardened Guide to install it and the machine doesn't boot.
Here is an extract from dmesg:
Mar 12 19:15:04 localhost kernel: [ 1.961353] type=1400 audit(1331576099.547:3): avc: denied { read } for pid=1 comm="init" name="ld.so.cache" dev=md2 ino=971 scontext=system_u:system_r:init_t tcontext=system_u:object_r:file_t tclass=file
Mar 12 19:15:04 localhost kernel: [ 2.200480] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
Mar 12 19:15:04 localhost kernel: [ 2.260640] type=1400 audit(1331576099.847:8): avc: denied { execute } for pid=1169 comm="rc" path="/lib/rc/runscript_selinux.so" dev=md2 ino=1287 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:file_t tclass=file
udev is mounted via `udev /dev tmpfs
rw,rootcontext=system_u:object_r:device_t,seclabel,nosuid,relatime,size=10m,mode=755 0 0
The filesystems can't be mounted and therefore it doesn't really start the system. What am I doing wrong here?
Best Answer
The target types are file_t. That normally is the case where no type was ever set on the file and that is the default.
You'll need to relabel the filesystem in order to get things going again.
Normally the command fixfiles is used for this on redhat but I'm pretty sure that relates to RPM databases for some work so isn't likely as relevent in gentoo. You should be able to use restorecon though.
You'll need to boot into a permissive mode to try and relabel the filesystem.