Gentoo Linux Handbook Page --

1.a. Change Profile

Warning: SELinux is only supported on ext2/3, XFS, and JFS. Other filesystems lack the complete extended attribute support.

Warning: Users should convert from a 2006.1 or newer profile otherwise there may be unpredictable results.

Important: As always, keep a LiveCD at hand in case things go wrong.

First switch your profile to the SELinux profile for your architecture:

Code Listing 1: Switch profiles

# rm -f /etc/make.profile

x86:
# ln -sf /usr/portage/profiles/selinux/2007.0/x86 /etc/make.profile
x86 (hardened):
# ln -sf /usr/portage/profiles/selinux/2007.0/x86/hardened /etc/make.profile
AMD64:
# ln -sf /usr/portage/profiles/selinux/2007.0/amd64 /etc/make.profile
AMD64 (hardened):
# ln -sf /usr/portage/profiles/selinux/2007.0/amd64/hardened /etc/make.profile
PPC:
# ln -sf /usr/portage/profiles/selinux/2007.0/ppc /etc/make.profile
SPARC64:
# ln -sf /usr/portage/profiles/selinux/2007.0/sparc64 /etc/make.profile

Important: Do not use any profiles other than the ones listed above, even if they seem to be out of date. SELinux profiles are not necessarily created as often as default Gentoo profiles.

Important: The SELinux profile has significanly fewer USE flags asserted than the default profile. Use emerge info to see if any use flags need to be reenabled in make.conf.

Note: It is not necessary to add selinux to your USE flags in make.conf. The SELinux profile already does this for you.

Note: You may encounter this message from portage: "!!! SELinux module not found. Please verify that it was installed." This is normal, and will be fixed later in the conversion process.

1.b. Update Kernel Headers

We will start by updating essential packages. First check which version of linux-headers is installed.

Code Listing 2: Check linux-headers version

# emerge -s linux-headers
or if you have gentoolkit installed:
# equery list -i linux-headers

If the linux-headers version is older than 2.4.20, newer headers must be merged.

Code Listing 3: Merge newer headers

# emerge \>=sys-kernel/linux-headers-2.4.20

1.c. Update Glibc

If you have merged new headers, or you are unsure if your glibc was compiled with newer headers, you must recompile glibc.

Code Listing 4: Recompile glibc

# emerge glibc

Important: This is a critical operation. Glibc must be compiled with newer linux-headers, otherwise some operations will malfunction.