SE Linux on ArchLinux

AMI:
I think https://www.uplinklabs.net/projects/arch-linux-on-ec2/
hvm / hvm for my zone (us-east-1).
Then follow my instructions in this file and
https://admc.atlassian.net/wiki/spaces/TECH/pages/150995106/SELinux#ArchLinux


archlinux-ec2
    ext4 FS
    Provides the only pre-built ArchLinux AMIs, but the linux-ec2 kernels do
      not support SE like these kernels do: linux, linux-zen, linux-hardened.
    For some reason has Grub2 but has file "/boot/grub/menu.lst" which a
      comment says is PV-specific.  Maybe a PV-variant AMI would install Grub1?
    does boot have entry "Arch Linux"?
    Which AMI do I use????  ami-0b3d8250da6abcb2a
      Local is screwed up so redo
      https://wiki.archlinux.org/index.php/installation_guide#Localization

https://wiki.archlinux.org/index.php/SELinux
Via "build_and_install_all.sh" method.
After completes everything, writes this when exiting:
    error: unable to write to pipe (Broken pipe)"
Says during "selinux-refpolicy-git" installation:
    >>> In order to use this policy, set SELINUXTYPE=refpolicy-git in /etc/selinux/config.
    >>> Building refpolicy-git policy store. Please wait...
    >>> Relabeling the filesystem may be needed.
    >>> This can be done with: /usr/bin/restorecon -rF /
    Optional dependencies for selinux-refpolicy-git
        linux-hardened: Linux kernel with SELinux support
        linux-selinux: Linux kernel with SELinux support

"Via AUR" method.  I doubt that GitHub method will work.
As of Sun 27 Oct 2019 08:05:34 PM EDT, there's a bug with selinux-python.
Just edit the PKGBUILD file and change "python2-audit" to "python-audit".

For many of the AUR packages, can't use --noconfirm for makepkg because you must
explicitly say to remove the replace package.


After reboot:
Get network up.  Write /etc/systemd/*.network file; systemctl systemd.networkd start; vi /etc/resolv.conf
Run my regular installation instructions up to "Pull package-query...".
pacman --noconfirm -S expect



FUCK IT!!!
Both build methods fail when building setools:
    checking for Tk configuration... configure: WARNING: Cant' find TK configuration definitions
    sed: can't read libseaudit/swit/python/Makefile


---------------------------------------
OBSOLETE
Run for each of these:
    curl -O https://aur.archlinux.org/cgit/aur.git/snapshot/<PKC>.tar.gz

    libsepol
    libselinux
    checkpolicy
    setools
    ustr-selinux
    libsemanage (which needs python2-ipy from the community repository)
    sepolgen

    pambase-selinux
    pam-selinux and make sure you can login again after the installation completed

    libcgroup
    policycoreutils

    coreutils-selinux
    findutils-selinux
    iproute2-selinux
    logrotate-selinux
    openssh-selinux
Run "file *.gz" to verify all downloaded correctly to gzip files.

Install them by extracting and running "makepkg -sri" in each dir, IN THE ORDER ABOVE!