[yocto] SELinux doesn't work on t4240qds
zhenhua.luo at freescale.com
zhenhua.luo at freescale.com
Tue Jul 22 08:11:25 PDT 2014
Hi all,
I use the meta-selinux layer to build a core-image-selinux rootfs image, and build kernel with following options enabled.
CONFIG_AUDIT=y
CONFIG_NETWORK_SECMARK=y
CONFIG_EXT2_FS_SECURITY=y
CONFIG_EXT3_FS_SECURITY=y
CONFIG_EXT4_FS_SECURITY=y
CONFIG_JFS_SECURITY=y
CONFIG_REISERFS_FS_SECURITY=y
CONFIG_JFFS2_FS_SECURITY=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_DISABLE=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
I use the generated images to boot up FSL PPC t4240qds board(tried both NFS boot and RAM boot with ext2.gz.u-boot rootfs), the SELinux is not turned on after kernel boot up.
following is some information in rootfs.
root at t4240qds:~# sestatus
SELinux status: disabled
root at t4240qds:~#
root at t4240qds:~# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# standard - Standard Security protection.
# mls - Multi Level Security protection.
SELINUXTYPE=mls
root at t4240qds:~# cat /proc/cmdline
root=/dev/ram rw console=ttyS0,115200 selinux=1
root at t4240qds:~# setenforce 1
setenforce: SELinux is disabled
root at t4240qds:~# getenforce
Disabled
root at t4240qds:~#
Can somebody shed some light on the issue?
Best Regards,
Zhenhua
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20140722/f344af0a/attachment.html>
More information about the yocto
mailing list