Hi Joe, Is this something you or one of the other meta-selinux devs are able to help out with or is it more of an upstream question?
Cheers, Justin. > On 17 Jul 2017, at 4:57 pm, Marco Ostini <ma...@ostini.org> wrote: > > > Hi All, > > At the moment I'm attempting to prepare a VM of morty with SELinux running > well in enforcing mode. Once bedded down this will be running on an embedded > system. > > We use Busybox to keep the environment slim. > > As you may be aware the file contexts of > /etc/selinux/targeted/contexts/files/file_contexts don't include appropriate > paths (/sbin + /usr/lib/busybox/sbin/) and relative file contexts for > commands provided by Busybox. The /sbin files provided by Busybox are > symlinks to their counterparts in /usr/lib/busybox/sbin/. > > I've attempted to use semanage to apply file contexts and look up login > contexts. Any time I use semanage I receive this message: > > Error: Failed to read //etc/selinux/targeted/policy/policy.30 policy file > > In an attempt to mitigate this error I ran semodule --build and while it did > rebuild the policy file, it didn't mitigate the error message generated by > semanage. At the moment I'm applying temporary file contexts with chcon. > > My questions are: > > 1. Is it possible to run Busybox (providing init, getty, syslog ...) in > SELinux enforcing. If so, where's the policy files? > 2. Is there some documentation somewhere on reference builds of Morty with > SELinux enforcing ? > > Kind regards, > Marco > -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto