[yocto] SELinux doesn't work on t4240qds

zhenhua.luo at freescale.com zhenhua.luo at freescale.com
Tue Jul 22 19:28:38 PDT 2014 

Hi Mark, 

Thanks for your comments. 

> -----Original Message-----
> From: yocto-bounces at yoctoproject.org [mailto:yocto-
> bounces at yoctoproject.org] On Behalf Of Mark Hatle
> 
> On 7/22/14, 10:11 AM, zhenhua.luo at freescale.com wrote:
> > Hi all,
> 
> Which release are you using. 
[Luo Zhenhua-B19537] I tried poky daisy + meta-fsl-ppc master + meta-selinux master

> The last version I used w/ meta-selinux was the 1.5 release.
> 
> We're planning on updating it to master in the 'near' future [patches
> welcome!], and I've been told by a few others of success w/ 1.7.
[Luo Zhenhua-B19537] I will try master and dora. 

> Did you enable the 'selinux' distribution flag? 
> If so, it should have enabled all of the components necessary for this stuff to be enabled.
[Luo Zhenhua-B19537] Yes, selinux is in DISTRO_FEATURES.


Best Regards,

Zhenhua
 
> --Mark
> 
> > I use the meta-selinux layer to build a core-image-selinux rootfs
> > image, and build kernel with following options enabled.
> >
> > CONFIG_AUDIT=y
> >
> > CONFIG_NETWORK_SECMARK=y
> >
> > CONFIG_EXT2_FS_SECURITY=y
> >
> > CONFIG_EXT3_FS_SECURITY=y
> >
> > CONFIG_EXT4_FS_SECURITY=y
> >
> > CONFIG_JFS_SECURITY=y
> >
> > CONFIG_REISERFS_FS_SECURITY=y
> >
> > CONFIG_JFFS2_FS_SECURITY=y
> >
> > CONFIG_SECURITY_NETWORK=y
> >
> > CONFIG_SECURITY_SELINUX=y
> >
> > CONFIG_SECURITY_SELINUX_BOOTPARAM=y
> >
> > CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
> >
> > CONFIG_SECURITY_SELINUX_DISABLE=y
> >
> > CONFIG_SECURITY_SELINUX_DEVELOP=y
> >
> > CONFIG_SECURITY_SELINUX_AVC_STATS=y
> >
> > CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
> >
> > I use the generated images to boot up FSL PPC t4240qds board(tried
> > both NFS boot and RAM boot with ext2.gz.u-boot rootfs), the SELinux is
> > not turned on after kernel boot up.
> >
> > following is some information in rootfs.
> >
> > root at t4240qds:~# sestatus
> >
> > SELinux status:                 disabled
> >
> > root at t4240qds:~#
> >
> > root at t4240qds:~# cat /etc/selinux/config
> >
> > # This file controls the state of SELinux on the system.
> >
> > # SELINUX= can take one of these three values:
> >
> > #     enforcing - SELinux security policy is enforced.
> >
> > #     permissive - SELinux prints warnings instead of enforcing.
> >
> > #     disabled - No SELinux policy is loaded.
> >
> > SELINUX=enforcing
> >
> > # SELINUXTYPE= can take one of these two values:
> >
> > #     standard - Standard Security protection.
> >
> > #     mls - Multi Level Security protection.
> >
> > SELINUXTYPE=mls
> >
> > root at t4240qds:~# cat /proc/cmdline
> >
> > root=/dev/ram rw console=ttyS0,115200 selinux=1
> >
> > root at t4240qds:~# setenforce 1
> >
> > setenforce: SELinux is disabled
> >
> > root at t4240qds:~# getenforce
> >
> > Disabled
> >
> > root at t4240qds:~#
> >
> > Can somebody shed some light on the issue?
> >
> > Best Regards,
> >
> > Zhenhua
> >
> >
> >
> 
> --
> _______________________________________________
> yocto mailing list
> yocto at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto

More information about the yocto mailing list