[yocto] [meta-selinux] Regarding "systemd" support with refpolicy-minimum v20151208

Shrikant Bobade bobadeshrikant at gmail.com
Mon Aug 29 07:07:33 PDT 2016 

Hi,


Patch set for systemd and related fixes for refpolicy-minimum v2.20151208
from https://lists.yoctoproject.org/pipermail/yocto/2016-August/031763.html
to https://lists.yoctoproject.org/pipermail/yocto/2016-August/031771.html

Verified core-image-selinux build with refpolicy-minimum and systemd as
init manager, below are reference logs.

refpolicy-minimum with patch set: http://paste.ubuntu.com/23107423/

refpolicy-minimum without patch set: http://paste.ubuntu.com/23107437/

Please advise !


Thanks
Shrikant


On Fri, Jul 29, 2016 at 2:54 PM, Shrikant Bobade <bobadeshrikant at gmail.com>
wrote:

> Hi,
>
>
> Request for comment set from: https://lists.yoctoproject.
> org/pipermail/yocto/2016-July/031362.html to https://lists.yoctoproject.
> org/pipermail/yocto/2016-July/031369.html
>
> checked on below build config. with refpolicy-minimum using systemd as
> init manager.
>
> These are comparative boot logs.
> refpolicy-minimum without RFC set: http://paste.ubuntu.com/21383917/
>
> refpolicy-minimum with RFC set: http://paste.ubuntu.com/21383939/
>
>
>
> Build Configuration:
> BB_VERSION        = "1.31.0"
> BUILD_SYS         = "x86_64-linux"
> NATIVELSBSTRING   = "universal"
> TARGET_SYS        = "arm-poky-linux-gnueabi"
> MACHINE           = "qemuarm"
> DISTRO            = "poky-selinux"
> DISTRO_VERSION    = "2.1+snapshot-20160729"
> TUNE_FEATURES     = "arm armv5 thumb dsp"
> TARGET_FPU        = "soft"
> meta
> meta-poky
> meta-yocto-bsp    = "master:039f47ad197a9a53109c9f3deadd9c35e62c056d"
> meta-selinux      = "master:d0f889259b610c3365962775c6e96a7cba407177"
>
>
>
> Please advice, It will be a great help !
>
>
> Thanks
> Shrikant
>
>
> On Fri, Jul 1, 2016 at 7:13 PM, Shrikant Bobade <bobadeshrikant at gmail.com>
> wrote:
>
>> Hi,
>>
>> Using refpolicy-minimum v20151208 with systemd as init manager,
>>
>> I am facing few issues during enforcing mode,
>> 1. systemd service status check, start & stop
>> 2. auditd logfile error, so it is mixing with the boot log.
>> 3. also other avc denials related to tmpfs & other types etc..
>>
>>
>> setup details:poky and meta-selinux: both at master head & systemd
>> enabled.
>> with these SELinux booleans enabled: i.systemd_tmpfiles_manage_all
>> ii.allow_mount_anyfile
>>
>> captured the avc denial to fix the systemd execution well, attached
>> SELinux-Modules.txt :- the allow rules generated using audit tools.
>> I am trying to merge these module into actual refpolicy modules, so we
>> get the out of box experience for smooth systemd execution.
>> Observed policy store seems corrupted some time, when start inserting the
>> prepared policy modules allow rules into actual refpolicy modules..
>>
>> Does anyone also faced similar issues?
>>
>> Any pointers or references will be a great help.
>>
>>
>> Thanks
>> Shrikant
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20160829/617460d0/attachment.html>

More information about the yocto mailing list