I cannot build and install a kernel with selinux enabled. Here is what happens towards the end of the modules_install stage: if [ -r System.map ]; then /sbin/depmod -ae -F System.map -b /var/tmp/kernel-2.6.6-root -r 2.6.6; fi WARNING: Couldn't open directory /var/tmp/kernel-2.6.6-root/lib/modules/2.6.6: Permission denied FATAL: Could not open /var/tmp/kernel-2.6.6-root/lib/modules/2.6.6/modules.dep.temp for writing: Permission denied make[1]: *** [_modinst_post] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.11877 (%install) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.11877 (%install) make: *** [rpm] Error 1 Here are the error messages: [root@localhost linux-2.6.6]# dmesg |tail {snip} audit(1085609097.359:0): avc: denied { search } for pid=17414 exe=/sbin/depmod name=tmp dev=hda2 ino=196228 scontext=root:sysadm_r:depmod_t tcontext=system_u:object_r:tmp_t tclass=dir audit(1085609097.359:0): avc: denied { search } for pid=17414 exe=/sbin/depmod name=tmp dev=hda2 ino=196228 scontext=root:sysadm_r:depmod_t tcontext=system_u:object_r:tmp_t tclass=dir I hope that someone can help me with this!! Maybe I am going about the compiling the wrong way, but it works fine with selinux disabled. Many thanks in advance, Matt p.s. Just for the record, or in case they are useful, here are the error messages I get when booting my new kernel which was compiled with selinux set to permissive. Freeing unused kernel memory: 160k freed security: 5 users, 7 roles, 1244 types, 1 bools security: 30 classes, 303377 rules SELinux: Completing initialization. SELinux: Setting up existing superblocks. SELinux: initialized (dev , type selinuxfs), uses genfs_contexts SELinux: initialized (dev hda2, type ext3), uses xattr audit(1085619351.268:0): avc: denied { ioctl } for pid=164 exe=/bin/bash path=/dev/null dev=hda2 ino=283937 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file audit(1085619351.271:0): avc: denied { getattr } for pid=176 exe=/bin/bash path=/etc/hotplug dev=hda2 ino=49185 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=dir audit(1085619351.271:0): avc: denied { read } for pid=164 exe=/bin/bash path=pipe:[842] dev= ino=842 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file audit(1085619351.272:0): avc: denied { ioctl } for pid=165 exe=/bin/bash path=/dev/null dev=hda2 ino=283937 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file audit(1085619351.274:0): avc: denied { search } for pid=177 exe=/bin/bash name=hotplug dev=hda2 ino=49185 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=dir audit(1085619351.274:0): avc: denied { read } for pid=165 exe=/bin/bash path=pipe:[843] dev= ino=843 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file audit(1085619351.274:0): avc: denied { ioctl } for pid=167 exe=/bin/bash path=/dev/null dev=hda2 ino=283937 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file audit(1085619351.277:0): avc: denied { search } for pid=178 exe=/bin/bash name=hotplug dev=hda2 ino=49185 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=dir audit(1085619351.277:0): avc: denied { read } for pid=167 exe=/bin/bash path=pipe:[844] dev= ino=844 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file audit(1085619351.277:0): avc: denied { ioctl } for pid=166 exe=/bin/bash path=/dev/null dev=hda2 ino=283937 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file audit(1085619351.280:0): avc: denied { search } for pid=179 exe=/bin/bash name=hotplug dev=hda2 ino=49185 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=dir audit(1085619351.280:0): avc: denied { read } for pid=166 exe=/bin/bash path=pipe:[845] dev= ino=845 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file audit(1085619351.290:0): avc: denied { getattr } for pid=177 exe=/bin/env path=/etc/ld.so.cache dev=hda2 ino=50220 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=file audit(1085619351.290:0): avc: denied { read } for pid=177 exe=/bin/env name=libc-2.3.3.so dev=hda2 ino=131669 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=file audit(1085619351.290:0): avc: denied { getattr } for pid=177 exe=/bin/env path=/lib/tls dev=hda2 ino=130821 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=dir audit(1085619351.290:0): avc: denied { read } for pid=176 exe=/bin/bash path=/lib/ld-2.3.3.so dev=hda2 ino=130827 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=file audit(1085619351.290:0): avc: denied { getattr } for pid=176 exe=/bin/bash path=/dev/null dev=hda2 ino=283937 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file audit(1085619351.291:0): avc: denied { write } for pid=176 exe=/bin/bash path=/dev/null dev=hda2 ino=283937 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file audit(1085619351.292:0): avc: denied { search } for pid=164 exe=/bin/bash name=hotplug dev=hda2 ino=49185 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=dir audit(1085619351.292:0): avc: denied { read } for pid=179 exe=/bin/bash path=/lib/ld-2.3.3.so dev=hda2 ino=130827 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=file audit(1085619351.293:0): avc: denied { getattr } for pid=179 exe=/bin/bash path=/dev/null dev=hda2 ino=283937 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file audit(1085619351.293:0): avc: denied { write } for pid=179 exe=/bin/bash path=/dev/null dev=hda2 ino=283937 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file audit(1085619351.294:0): avc: denied { search } for pid=166 exe=/bin/bash name=hotplug dev=hda2 ino=49185 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=dir audit(1085619351.294:0): avc: denied { read } for pid=178 exe=/bin/bash path=/lib/ld-2.3.3.so dev=hda2 ino=130827 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=file audit(1085619351.294:0): avc: denied { getattr } for pid=178 exe=/bin/bash path=/dev/null dev=hda2 ino=283937 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file audit(1085619351.295:0): avc: denied { write } for pid=178 exe=/bin/bash path=/dev/null dev=hda2 ino=283937 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file audit(1085619351.296:0): avc: denied { search } for pid=167 exe=/bin/bash name=hotplug dev=hda2 ino=49185 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=dir audit(1085619351.699:0): avc: denied { getattr } for pid=177 exe=/bin/env path=pipe:[843] dev= ino=843 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file audit(1085619351.700:0): avc: denied { write } for pid=177 exe=/bin/env path=pipe:[843] dev= ino=843 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file SELinux: initialized (dev ram0, type ext2), uses xattr SELinux: initialized (dev , type mqueue), not configured for labeling SELinux: initialized (dev , type hugetlbfs), not configured for labeling SELinux: initialized (dev , type devpts), uses transition SIDs SELinux: initialized (dev , type eventpollfs), uses genfs_contexts SELinux: initialized (dev , type pipefs), uses task SIDs SELinux: initialized (dev , type tmpfs), uses transition SIDs SELinux: initialized (dev , type futexfs), uses genfs_contexts SELinux: initialized (dev , type sockfs), uses task SIDs SELinux: initialized (dev , type proc), uses genfs_contexts SELinux: initialized (dev , type bdev), uses genfs_contexts SELinux: initialized (dev , type rootfs), uses genfs_contexts SELinux: initialized (dev , type sysfs), uses genfs_contexts