[yocto] SELinux XATTR error - check_rootsfs failing

Gaurang Shastri gmshastri at gmail.com
Mon Sep 7 22:55:03 PDT 2015


Hi Divya,

May be you can go through this script and find out what is wrong:
meta-selinux/recipes-security/selinux/selinux-config/

*selinux-init.sh*
//Gaurang Shastri


On Sun, Sep 6, 2015 at 11:11 PM, Divya Vyas <edivya.vyas at gmail.com> wrote:

> Hi,
>
> Hi,
>
> I am getting this error while booting the selinux enabled image
> (core-image-selinux)
>
>
> * SELinux requires the root '/' filesystem support extended
>   filesystem attributes (XATTRs).  It does not appear that this
>   filesystem has extended attribute support or it is not enabled.
>
>   - To continue using SELinux you will need to enable extended
>     attribute support on the root device.
>
>   - To disable SELinux, please add "selinux=0" in the kernel
>     command line.
>
> * Halting the system now.
>
> My fstab is below :
>
> rootfs                  /               ext3
> defaults,acl,user_xattr 0 1
>
>
> Here is the kernel  configuration :
>
> KERNEL_CONFIG_AUDIT="y"
> KERNEL_CONFIG_NETWORK_SECMARK=
> "y"
> KERNEL_CONFIG_EXT2_FS_SECURITY="y"
> KERNEL_CONFIG_EXT3_FS_SECURITY="y"
> KERNEL_CONFIG_EXT4_FS_SECURITY="y"
> KERNEL_CONFIG_EXT2_FS_ATTR="y"
> KERNEL_CONFIG_EXT3_FS_ATTR="y"
> KERNEL_CONFIG_JFS_SECURITY="y"
> KERNEL_CONFIG_REISERFS_FS_SECURITY="y"
> KERNEL_CONFIG_JFFS2_FS_SECURITY="y"
> KERNEL_CONFIG_SECURITY_NETWORK="y"
> KERNEL_CONFIG_SECURITY_SELINUX="y"
> KERNEL_CONFIG_SECURITY_SELINUX_BOOTPARAM="y"
> KERNEL_CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE="1"
> KERNEL_CONFIG_SECURITY_SELINUX_DISABLE="y"
> KERNEL_CONFIG_SECURITY_SELINUX_DEVELOP="y"
> KERNEL_CONFIG_SECURITY_SELINUX_AVC_STATS="y"
> KERNEL_CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE="1"
> KERNEL_CONFIG_SECURITY="y"
> KERNEL_CONFIG_SECURITYFS="y"
> KERNEL_CONFIG_AUDIT_GENERIC="y"
> KERNEL_CONFIG_DEFAULT_SECURITY_SELINUX="y"
> KERNEL_CONFIG_SECURITY_PATH="y"
>
> My filesystem is ext3 . I think all configs are enabled.
>
>
> Any idea where is the problem?
>
> Thanks,
>
> --
> _______________________________________________
> yocto mailing list
> yocto at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20150908/9cea2bef/attachment.html>


More information about the yocto mailing list