On Tue, 7 Jul 2020, Yi Zhao wrote: > Here is the changelog for this is patchset: > > * Drop refpolicy 2.20190201 > If we still keep two versions of refpolicy, it is difficult to maintain two > huge local patchsets. So drop this version and only keep the git version. > > * Add patches to make systemd/sysvinit can work with all policy types. > > Here are the results with this patcheset: > > Machine: qemux86-64 > Image: core-image-selinux > Init manager: sysvinit and systemd > Policy types: minimum, targeted, standard, mcs, mls > Boot command: runqemu qemux86-64 kvm nographic bootparams="selinux=1 > enforcing=1" qemuparams="-m 1024" > > 1. All refpolicy type can be built without problems. > > 2. With parameter selinux=1 & enforcing=1 > The qemu can boot up and login with all policy types. [snip]
I suspect I'm really missing something, but I'm unable to successfully make this work with poky + meta-selinux and its meta-openembedded dependencies with either sysvinit or systemd; I see denials on boot and cannot log in due to denials on reading /etc/passwd. That's also the behavior I see without this update, so I'm wondering if I'm just doing something significantly wrong with respect to configuration. My local.conf additions for testing are just: DISTRO_FEATURES_append = " selinux" PREFERRED_PROVIDER_virtual/refpolicy = "refpolicy-targeted" Any ideas? Thanks, Scott
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#49951): https://lists.yoctoproject.org/g/yocto/message/49951 Mute This Topic: https://lists.yoctoproject.org/mt/75351492/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
