Re: [yocto] [meta-selinux][PATCH] selinux-autorelabel: disable enforcing mode before relabel

[Re: [meta-selinux][PATCH] selinux-autorelabel: disable enforcing mode before relabel] On 19.09.06 (Fri 11:31) Yi Zhao wrote: > > On 9/5/19 7:57 PM, Joe MacDonald wrote: > > [[meta-selinux][PATCH] selinux-autorelabel: disable enforcing mode before > > relabel] On 19.09.05 (Thu 16:57) Yi Zhao wr

Re: [yocto] [meta-selinux][PATCH] selinux-autorelabel: disable enforcing mode before relabel

On 9/5/19 7:57 PM, Joe MacDonald wrote: [[meta-selinux][PATCH] selinux-autorelabel: disable enforcing mode before relabel] On 19.09.05 (Thu 16:57) Yi Zhao wrote: The commit b0d31db104d9a4e94bc1409c2ffcc1d82f4a780f introduced an issue when first boot with bootparams="selinux=1 enforcing=1". A

Re: [yocto] [meta-selinux][PATCH] selinux-autorelabel: disable enforcing mode before relabel

[[meta-selinux][PATCH] selinux-autorelabel: disable enforcing mode before relabel] On 19.09.05 (Thu 16:57) Yi Zhao wrote: > The commit b0d31db104d9a4e94bc1409c2ffcc1d82f4a780f introduced an issue > when first boot with bootparams="selinux=1 enforcing=1". At first boot, > all files are unlabeled i

[yocto] [meta-selinux][PATCH] selinux-autorelabel: disable enforcing mode before relabel

The commit b0d31db104d9a4e94bc1409c2ffcc1d82f4a780f introduced an issue when first boot with bootparams="selinux=1 enforcing=1". At first boot, all files are unlabeled including /sbin/fixfiles. The relabel operation is not permitted under enforcing mode. Set /sys/fs/selinux/enforce to 0 to ensure t