Fix bug #411377 - Additional details on working out corrupted policy store

1 files changed, 32 insertions, 2 deletions

diff --git a/xml/selinux/hb-using-troubleshoot.xml b/xml/selinux/hb-using-troubleshoot.xml
index 6a7d2dd..fc0323d 100644
--- a/xml/selinux/hb-using-troubleshoot.xml
+++ b/xml/selinux/hb-using-troubleshoot.xml
@@ -7,8 +7,8 @@
 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-appendix-troubleshoot.xml,v 1.2 2011/04/25 20:12:59 zorry Exp $ -->
 
 <sections>
-<version>1</version>
-<date>2011-12-11</date>
+<version>2</version>
+<date>2012-04-10</date>
 
 <section>
 <title>Unable To Load SELinux Policy</title>
@@ -111,6 +111,36 @@ points to a <path>selinux/v2refpolicy/...</path> profile.
 
 </body>
 </subsection>
+<subsection>
+<title>Policy Store is Corrupt</title>
+<body>
+
+<p>
+If you encounter problems during boot-up or <c>semodule</c> operations which
+fail with loading problems, but cannot be resolved with the above solution, then
+you might need to reinstall the policies after eliminating the corrupt store.
+</p>
+
+<pre caption="Recovering from store corruption">
+~# <i>semodule -n -B</i>
+libsemanage.semanage_load_module: Error while reading from module file
+/etc/selinux/targeted/modules/tmp/base.pp. (No such file or directory)
+
+~# <i>setenforce 0</i>
+~# <i>mv /etc/selinux/targeted /etc/selinux/targeted.old</i>
+~# <i>FEATURES="-selinux" emerge -1av $(qlist -IC sec-policy)</i>
+~# <i>restorecon -R /etc/selinux</i>
+</pre>
+
+<p>
+This will effectively disable the current, corrupted SELinux policy store and
+then use Portage to reinstall all SELinux policy packages that are installed on
+the system. When done, the file contexts of <path>/etc/selinux</path> are
+restored, after which you should be able to continue.
+</p>
+
+</body>
+</subsection>
 </section>
 
 <section>