[yocto] SELinux XATTR error - check_rootsfs failing

Divya Vyas edivya.vyas at gmail.com
Mon Sep 7 23:31:49 PDT 2015 

Hi Gaurang,

I tried to debug the script and found that root filesystem was mounting as
read-only mode which is preventing to label the filesystem.

Is this script calling when root filesystem is mounted ro mode? My fstab is
default one. For a workaround I added a remount in rw mode step in
selinux-init script before check_rootfs.

Thanks,
Divya





On Tue, Sep 8, 2015 at 11:25 AM, Gaurang Shastri <gmshastri at gmail.com>
wrote:

> Hi Divya,
>
> May be you can go through this script and find out what is wrong:
> meta-selinux/recipes-security/selinux/selinux-config/
>
> *selinux-init.sh*
> //Gaurang Shastri
>
>
> On Sun, Sep 6, 2015 at 11:11 PM, Divya Vyas <edivya.vyas at gmail.com> wrote:
>
>> Hi,
>>
>> Hi,
>>
>> I am getting this error while booting the selinux enabled image
>> (core-image-selinux)
>>
>>
>> * SELinux requires the root '/' filesystem support extended
>>   filesystem attributes (XATTRs).  It does not appear that this
>>   filesystem has extended attribute support or it is not enabled.
>>
>>   - To continue using SELinux you will need to enable extended
>>     attribute support on the root device.
>>
>>   - To disable SELinux, please add "selinux=0" in the kernel
>>     command line.
>>
>> * Halting the system now.
>>
>> My fstab is below :
>>
>> rootfs                  /               ext3
>> defaults,acl,user_xattr 0 1
>>
>>
>> Here is the kernel  configuration :
>>
>> KERNEL_CONFIG_AUDIT="y"
>> KERNEL_CONFIG_NETWORK_SECMARK=
>> "y"
>> KERNEL_CONFIG_EXT2_FS_SECURITY="y"
>> KERNEL_CONFIG_EXT3_FS_SECURITY="y"
>> KERNEL_CONFIG_EXT4_FS_SECURITY="y"
>> KERNEL_CONFIG_EXT2_FS_ATTR="y"
>> KERNEL_CONFIG_EXT3_FS_ATTR="y"
>> KERNEL_CONFIG_JFS_SECURITY="y"
>> KERNEL_CONFIG_REISERFS_FS_SECURITY="y"
>> KERNEL_CONFIG_JFFS2_FS_SECURITY="y"
>> KERNEL_CONFIG_SECURITY_NETWORK="y"
>> KERNEL_CONFIG_SECURITY_SELINUX="y"
>> KERNEL_CONFIG_SECURITY_SELINUX_BOOTPARAM="y"
>> KERNEL_CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE="1"
>> KERNEL_CONFIG_SECURITY_SELINUX_DISABLE="y"
>> KERNEL_CONFIG_SECURITY_SELINUX_DEVELOP="y"
>> KERNEL_CONFIG_SECURITY_SELINUX_AVC_STATS="y"
>> KERNEL_CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE="1"
>> KERNEL_CONFIG_SECURITY="y"
>> KERNEL_CONFIG_SECURITYFS="y"
>> KERNEL_CONFIG_AUDIT_GENERIC="y"
>> KERNEL_CONFIG_DEFAULT_SECURITY_SELINUX="y"
>> KERNEL_CONFIG_SECURITY_PATH="y"
>>
>> My filesystem is ext3 . I think all configs are enabled.
>>
>>
>> Any idea where is the problem?
>>
>> Thanks,
>>
>> --
>> _______________________________________________
>> yocto mailing list
>> yocto at yoctoproject.org
>> https://lists.yoctoproject.org/listinfo/yocto
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20150908/bc7bc238/attachment.html>

More information about the yocto mailing list