[yocto] SELinux doesn't work on t4240qds

zhenhua.luo at freescale.com zhenhua.luo at freescale.com
Wed Jul 23 05:15:27 PDT 2014 

I tried dora(poky + meta-selinux + meta-fsl-ppc), following error message appears during kernel boot up, please help. 

RAMDISK: gzip image found at block 0
VFS: Mounted root (ext2 filesystem) on device 1:0.
devtmpfs: mounted
Freeing unused kernel memory: 340k freed
Mount failed for selinuxfs on /sys/fs/selinux:  No such file or directory
Unable to load SELinux Policy. Machine is in enforcing mode. Halting now.
Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000100

Call Trace:
[c0000002f9143ae0] [c000000000008b2c] .show_stack+0x7c/0x1f0 (unreliable)
[c0000002f9143bb0] [c000000000816e48] .panic+0xec/0x24c
[c0000002f9143c40] [c00000000003d094] .do_exit+0x964/0xa40
[c0000002f9143d30] [c00000000003e354] .do_group_exit+0x54/0xf0
[c0000002f9143dc0] [c00000000003e404] .SyS_exit_group+0x14/0x20
[c0000002f9143e30] [c000000000000598] syscall_exit+0x0/0x88
Rebooting in 180 seconds..


Best Regards,

Zhenhua


> -----Original Message-----
> From: yocto-bounces at yoctoproject.org [mailto:yocto-
> bounces at yoctoproject.org] On Behalf Of zhenhua.luo at freescale.com
> Sent: Wednesday, July 23, 2014 10:29 AM
> To: Mark Hatle; yocto at yoctoproject.org
> Subject: Re: [yocto] SELinux doesn't work on t4240qds
> 
> Hi Mark,
> 
> Thanks for your comments.
> 
> > -----Original Message-----
> > From: yocto-bounces at yoctoproject.org [mailto:yocto-
> > bounces at yoctoproject.org] On Behalf Of Mark Hatle
> >
> > On 7/22/14, 10:11 AM, zhenhua.luo at freescale.com wrote:
> > > Hi all,
> >
> > Which release are you using.
> [Luo Zhenhua-B19537] I tried poky daisy + meta-fsl-ppc master + meta-
> selinux master
> 
> > The last version I used w/ meta-selinux was the 1.5 release.
> >
> > We're planning on updating it to master in the 'near' future [patches
> > welcome!], and I've been told by a few others of success w/ 1.7.
> [Luo Zhenhua-B19537] I will try master and dora.
> 
> > Did you enable the 'selinux' distribution flag?
> > If so, it should have enabled all of the components necessary for this
> stuff to be enabled.
> [Luo Zhenhua-B19537] Yes, selinux is in DISTRO_FEATURES.
> 
> 
> Best Regards,
> 
> Zhenhua
> 
> > --Mark
> >
> > > I use the meta-selinux layer to build a core-image-selinux rootfs
> > > image, and build kernel with following options enabled.
> > >
> > > CONFIG_AUDIT=y
> > >
> > > CONFIG_NETWORK_SECMARK=y
> > >
> > > CONFIG_EXT2_FS_SECURITY=y
> > >
> > > CONFIG_EXT3_FS_SECURITY=y
> > >
> > > CONFIG_EXT4_FS_SECURITY=y
> > >
> > > CONFIG_JFS_SECURITY=y
> > >
> > > CONFIG_REISERFS_FS_SECURITY=y
> > >
> > > CONFIG_JFFS2_FS_SECURITY=y
> > >
> > > CONFIG_SECURITY_NETWORK=y
> > >
> > > CONFIG_SECURITY_SELINUX=y
> > >
> > > CONFIG_SECURITY_SELINUX_BOOTPARAM=y
> > >
> > > CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
> > >
> > > CONFIG_SECURITY_SELINUX_DISABLE=y
> > >
> > > CONFIG_SECURITY_SELINUX_DEVELOP=y
> > >
> > > CONFIG_SECURITY_SELINUX_AVC_STATS=y
> > >
> > > CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
> > >
> > > I use the generated images to boot up FSL PPC t4240qds board(tried
> > > both NFS boot and RAM boot with ext2.gz.u-boot rootfs), the SELinux
> > > is not turned on after kernel boot up.
> > >
> > > following is some information in rootfs.
> > >
> > > root at t4240qds:~# sestatus
> > >
> > > SELinux status:                 disabled
> > >
> > > root at t4240qds:~#
> > >
> > > root at t4240qds:~# cat /etc/selinux/config
> > >
> > > # This file controls the state of SELinux on the system.
> > >
> > > # SELINUX= can take one of these three values:
> > >
> > > #     enforcing - SELinux security policy is enforced.
> > >
> > > #     permissive - SELinux prints warnings instead of enforcing.
> > >
> > > #     disabled - No SELinux policy is loaded.
> > >
> > > SELINUX=enforcing
> > >
> > > # SELINUXTYPE= can take one of these two values:
> > >
> > > #     standard - Standard Security protection.
> > >
> > > #     mls - Multi Level Security protection.
> > >
> > > SELINUXTYPE=mls
> > >
> > > root at t4240qds:~# cat /proc/cmdline
> > >
> > > root=/dev/ram rw console=ttyS0,115200 selinux=1
> > >
> > > root at t4240qds:~# setenforce 1
> > >
> > > setenforce: SELinux is disabled
> > >
> > > root at t4240qds:~# getenforce
> > >
> > > Disabled
> > >
> > > root at t4240qds:~#
> > >
> > > Can somebody shed some light on the issue?
> > >
> > > Best Regards,
> > >
> > > Zhenhua
> > >
> > >
> > >
> >
> > --
> > _______________________________________________
> > yocto mailing list
> > yocto at yoctoproject.org
> > https://lists.yoctoproject.org/listinfo/yocto
> --
> _______________________________________________
> yocto mailing list
> yocto at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto

More information about the yocto mailing list