I tried with yocto thud and your repo (thud branch) and I can build without issues. However when I try to run "fixfiles -f -F relabel" the result is: **Cleaning out /tmp* **fixfiles: No suitable file systems found* **Cleaning up labels on /tmp* **cat: /initial_contexts/unlabeled: No such file or directory* **secon: SELinux is not enabled*
I tried to check If I have xattrs in my ext4 partition and I can run these commands as suggested here https://bbs.archlinux.org/viewtopic.php?id=176400 : $ touch testfile $ getfattr -n user.comment testfile testfile: user.comment: No such attribute $ getfattr testfile $ setfattr -n user.comment -v "this is a comment" testfile $ getfattr testfile # file: testfile user.comment $ getfattr -n user.comment testfile # file: testfile user.comment="this is a comment" $ setfattr -x user.comment testfile $ getfattr testfile My config.gz contains these: # CONFIG_IP_NF_SECURITY is not set # CONFIG_IP6_NF_SECURITY is not set CONFIG_EXT2_FS_SECURITY=y CONFIG_EXT3_FS_SECURITY=y CONFIG_EXT4_FS_SECURITY=y CONFIG_SECURITY_DMESG_RESTRICT=y CONFIG_SECURITY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_NETWORK_XFRM is not set # CONFIG_SECURITY_PATH is not set CONFIG_SECURITY_SELINUX=y # CONFIG_SECURITY_SELINUX_BOOTPARAM is not set # CONFIG_SECURITY_SELINUX_DISABLE is not set CONFIG_SECURITY_SELINUX_DEVELOP=y CONFIG_SECURITY_SELINUX_AVC_STATS=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 # CONFIG_SECURITY_SMACK is not set # CONFIG_SECURITY_TOMOYO is not set # CONFIG_SECURITY_APPARMOR is not set # CONFIG_SECURITY_LOADPIN is not set # CONFIG_SECURITY_YAMA is not set # CONFIG_DEFAULT_SECURITY_SELINUX is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_DEFAULT_SECURITY="" Is there a way to debug this issue with some tricks? Am I missing something? Thank u. Il giorno mer 9 gen 2019 alle ore 21:55 Stefano Cappa < stefano.cappa.k...@gmail.com> ha scritto: > Ok thank you, I'll try it. > > Il giorno lun 31 dic 2018 alle ore 03:52 MacDonald, Joe < > joe_macdon...@mentor.com> ha scritto: > >> One additional quick note, in hope of avoiding any further confusion, I'm >> working on the refpolicy version from July not January 2018. Sorry about >> that. >> >> -J. >> >> ________________________________________ >> From: yocto-boun...@yoctoproject.org <yocto-boun...@yoctoproject.org> on >> behalf of MacDonald, Joe >> Sent: Sunday, December 30, 2018 9:46 PM >> To: Stefano Cappa >> Cc: yocto@yoctoproject.org >> Subject: Re: [yocto] [selinux] sumo compilation >> >> [Re: [yocto] [selinux] sumo compilation] On 18.12.30 (Sun 14:31) >> MacDonald, Joe wrote: >> >> > I have both ready to go, there's been a few hiccups with my access to >> the git >> > server. I'll push my queued changes somewhere public when I get to a >> keyboard >> > later today so at least everyone can see what's coming. >> >> Update on this. While we're sorting out the access issue, the current >> master, sumo and thud branches on my personal mirror >> (https://github.com/joeythesaint/meta-selinux) are mostly up-to-date >> (the only thing I haven't included in there yet is the refpolicy update >> for the 20180114 release, little overdue, that) and build for the >> respective Yocto releases. If that's not your experience, please let me >> know and we'll get that sorted out right away. >> >> Thanks. >> >> -Joe. >> >> > >> > -J. >> > >> > On Dec 30, 2018 6:29 AM, Stefano Cappa <stefano.cappa.k...@gmail.com> >> wrote: >> > Are there any news about this? Also for thud branch. >> > >> > Il mar 30 ott 2018, 14:46 Sinan Kaya <ok...@kernel.org> ha scritto: >> > >> > On 10/24/2018 7:49 PM, Joe MacDonald wrote: >> > > Hey all, >> > > >> > > I just thought I should quickly follow up on this. I have a >> change set >> > > ready that includes tagging and a minor tweak for sumo, >> integration of >> > > the current outstanding patch list and a tag for thud and a >> couple of >> > > additional things (possibly) for post-thud. I'll send out a set >> for >> > > sumo and maybe an additional one for thud/post- possibly tomorrow >> or >> > > after I get home on Friday. >> > >> > Thanks, we are looking forward to see it on yocto. >> > >> > > >> > > -J. >> > >> > -- >> > _______________________________________________ >> > yocto mailing list >> > yocto@yoctoproject.org >> > https://lists.yoctoproject.org/listinfo/yocto >> > >> >> > -- >> > _______________________________________________ >> > yocto mailing list >> > yocto@yoctoproject.org >> > https://lists.yoctoproject.org/listinfo/yocto >> >>
-- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto