Re: [yocto] SELinux doesn't work on t4240qds

Tue, 22 Jul 2014 10:31:39 -0700 

On 7/22/14, 10:11 AM, zhenhua....@freescale.com wrote:

Hi all,



Which release are you using.  The last version I used w/ meta-selinux was the 
1.5 release.



We're planning on updating it to master in the 'near' future [patches welcome!], 
and I've been told by a few others of success w/ 1.7.



Did you enable the 'selinux' distribution flag?  If so, it should have enabled 
all of the components necessary for this stuff to be enabled.


--Mark


I use the meta-selinux layer to build a core-image-selinux rootfs image, and
build kernel with following options enabled.

CONFIG_AUDIT=y

CONFIG_NETWORK_SECMARK=y

CONFIG_EXT2_FS_SECURITY=y

CONFIG_EXT3_FS_SECURITY=y

CONFIG_EXT4_FS_SECURITY=y

CONFIG_JFS_SECURITY=y

CONFIG_REISERFS_FS_SECURITY=y

CONFIG_JFFS2_FS_SECURITY=y

CONFIG_SECURITY_NETWORK=y

CONFIG_SECURITY_SELINUX=y

CONFIG_SECURITY_SELINUX_BOOTPARAM=y

CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1

CONFIG_SECURITY_SELINUX_DISABLE=y

CONFIG_SECURITY_SELINUX_DEVELOP=y

CONFIG_SECURITY_SELINUX_AVC_STATS=y

CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1

I use the generated images to boot up FSL PPC t4240qds board(tried both NFS boot
and RAM boot with ext2.gz.u-boot rootfs), the SELinux is not turned on after
kernel boot up.

following is some information in rootfs.

root@t4240qds:~# sestatus

SELinux status:                 disabled

root@t4240qds:~#

root@t4240qds:~# cat /etc/selinux/config

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

#     enforcing - SELinux security policy is enforced.

#     permissive - SELinux prints warnings instead of enforcing.

#     disabled - No SELinux policy is loaded.

SELINUX=enforcing

# SELINUXTYPE= can take one of these two values:

#     standard - Standard Security protection.

#     mls - Multi Level Security protection.

SELINUXTYPE=mls

root@t4240qds:~# cat /proc/cmdline

root=/dev/ram rw console=ttyS0,115200 selinux=1

root@t4240qds:~# setenforce 1

setenforce: SELinux is disabled

root@t4240qds:~# getenforce

Disabled

root@t4240qds:~#

Can somebody shed some light on the issue?

Best Regards,

Zhenhua





--
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto






















					Reply via email to