selinux January 2010 archive
Main Archive Page > Month Archives  > selinux archives
selinux: Re: Policy is not managed or store cannot be accessed

Re: Policy is not managed or store cannot be accessed

From: Justin P. Mattock <justinmattock_at_nospam>
Date: Wed Jan 20 2010 - 20:45:48 GMT
To: AlannY <>

On 01/20/10 12:21, AlannY wrote:
> Hi there. I'm new in SELinux world. I'm trying to setup SELinux in Archlinux. Everything seems ok.
> Everything successfully built and even runs.
> But when I'm trying to do something with SELinux (semanage, semodule), I'm getting to following error:
> %# semanage login -l
> /usr/sbin/semanage: SELinux policy is not managed or store cannot be accessed.
> I don't know what I can do in this situation. I've already asked on Archlinux forum about this problem,
> but there are no experts in SELinux, so no one answered.
> Sestatus tells me, that SELinux is working:
> %# sestatus
> SELinux status: enabled
> SELinuxfs mount: /selinux
> Current mode: permissive
> Mode from config file: permissive
> Policy version: 24
> Policy from config file: refpolicy
> When I'm trying to go to enforcement, the system is hang off. I think, it's normal, because of AVC deniels in log.
> I can solve it by creating new module, but I cannot load it, because of 1st error (not managed/not accessed).
> I'm
> %# id -Z
> root:staff_r:insmod_t
> What can I do?
> I think, that my problem is with version mismatch of selinux tools (checkpolicy,semanage) and refpolicy.
> Where can I check it? Currently I have:
> kernel26-selinux-2.6.31
> selinux-coreutils-7.6
> selinux-pam-1.1.0
> refpolicy-2.20091117
> selinux-sysvinit-2.86
> checkpolicy-2.0.20
> libselinux-2.0.89
> libsemanage-2.0.42
> libsepol-2.0.41
> selinux-usr-policycoreutils-2.0.77
> sepolgen-1.0.18
> That everything I have.
> Thanks for patience.

I was getting the same thing until
I did sudo /usr/sbin/semanage *

Justin P. mattock -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to with the words "unsubscribe selinux" without quotes as the message.