[meta-freescale] Cannot enable selinux with imx6ULL. Why?
Stefano Cappa
stefano.cappa.ks89 at gmail.com
Thu Nov 1 04:22:21 PDT 2018
When I run zcat /proc/config.gz I see that some options aren't applied
Some of these aren't enabled:
CONFIG_AUDIT=y
CONFIG_NETWORK_SECMARK=y
CONFIG_EXT2_FS_SECURITY=y
CONFIG_EXT3_FS_SECURITY=y
CONFIG_EXT4_FS_SECURITY=y
CONFIG_JFS_SECURITY=y
CONFIG_REISERFS_FS_SECURITY=y
CONFIG_JFFS2_FS_SECURITY=y
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_DISABLE=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
CONFIG_AUDIT_GENERIC=y
For instance on my device I have:
#
# Security options
#
CONFIG_KEYS=y
# CONFIG_PERSISTENT_KEYRINGS is not set
# CONFIG_BIG_KEYS is not set
# CONFIG_ENCRYPTED_KEYS is not set
# CONFIG_KEY_DH_OPERATIONS is not set
# CONFIG_SECURITY_DMESG_RESTRICT is not set
*# CONFIG_SECURITY is not set*
CONFIG_SECURITYFS=y
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y
# CONFIG_HARDENED_USERCOPY is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_DEFAULT_SECURITY=""
CONFIG_CRYPTO=y
It seems that cgf file isn't applied at all.
Do you have other ideas to apply these changes manually, instead on a
custom-layer to try to understand if I made an error in my layer or if is
it something else?
thank you.
Il giorno lun 29 ott 2018 alle ore 18:34 Otavio Salvador <
otavio.salvador at ossystems.com.br> ha scritto:
> On Mon, Oct 29, 2018 at 9:34 AM Stefano Cappa
> <stefano.cappa.ks89 at gmail.com> wrote:
> > Do you know if there is a config property for xattrs in .Cfg file?
>
> Not on top of head.
>
> --
> Otavio Salvador O.S. Systems
> http://www.ossystems.com.br http://code.ossystems.com.br
> Mobile: +55 (53) 9 9981-7854 Mobile: +1 (347) 903-9750
> <(347)%20903-9750>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/meta-freescale/attachments/20181101/63b84c56/attachment.html>
More information about the meta-freescale
mailing list