[yocto] [meta-selinux] Regarding "systemd" support with refpolicy-minimum v20151208
Shrikant Bobade
bobadeshrikant at gmail.com
Mon Aug 29 07:07:33 PDT 2016
Hi,
Patch set for systemd and related fixes for refpolicy-minimum v2.20151208
from https://lists.yoctoproject.org/pipermail/yocto/2016-August/031763.html
to https://lists.yoctoproject.org/pipermail/yocto/2016-August/031771.html
Verified core-image-selinux build with refpolicy-minimum and systemd as
init manager, below are reference logs.
refpolicy-minimum with patch set: http://paste.ubuntu.com/23107423/
refpolicy-minimum without patch set: http://paste.ubuntu.com/23107437/
Please advise !
Thanks
Shrikant
On Fri, Jul 29, 2016 at 2:54 PM, Shrikant Bobade <bobadeshrikant at gmail.com>
wrote:
> Hi,
>
>
> Request for comment set from: https://lists.yoctoproject.
> org/pipermail/yocto/2016-July/031362.html to https://lists.yoctoproject.
> org/pipermail/yocto/2016-July/031369.html
>
> checked on below build config. with refpolicy-minimum using systemd as
> init manager.
>
> These are comparative boot logs.
> refpolicy-minimum without RFC set: http://paste.ubuntu.com/21383917/
>
> refpolicy-minimum with RFC set: http://paste.ubuntu.com/21383939/
>
>
>
> Build Configuration:
> BB_VERSION = "1.31.0"
> BUILD_SYS = "x86_64-linux"
> NATIVELSBSTRING = "universal"
> TARGET_SYS = "arm-poky-linux-gnueabi"
> MACHINE = "qemuarm"
> DISTRO = "poky-selinux"
> DISTRO_VERSION = "2.1+snapshot-20160729"
> TUNE_FEATURES = "arm armv5 thumb dsp"
> TARGET_FPU = "soft"
> meta
> meta-poky
> meta-yocto-bsp = "master:039f47ad197a9a53109c9f3deadd9c35e62c056d"
> meta-selinux = "master:d0f889259b610c3365962775c6e96a7cba407177"
>
>
>
> Please advice, It will be a great help !
>
>
> Thanks
> Shrikant
>
>
> On Fri, Jul 1, 2016 at 7:13 PM, Shrikant Bobade <bobadeshrikant at gmail.com>
> wrote:
>
>> Hi,
>>
>> Using refpolicy-minimum v20151208 with systemd as init manager,
>>
>> I am facing few issues during enforcing mode,
>> 1. systemd service status check, start & stop
>> 2. auditd logfile error, so it is mixing with the boot log.
>> 3. also other avc denials related to tmpfs & other types etc..
>>
>>
>> setup details:poky and meta-selinux: both at master head & systemd
>> enabled.
>> with these SELinux booleans enabled: i.systemd_tmpfiles_manage_all
>> ii.allow_mount_anyfile
>>
>> captured the avc denial to fix the systemd execution well, attached
>> SELinux-Modules.txt :- the allow rules generated using audit tools.
>> I am trying to merge these module into actual refpolicy modules, so we
>> get the out of box experience for smooth systemd execution.
>> Observed policy store seems corrupted some time, when start inserting the
>> prepared policy modules allow rules into actual refpolicy modules..
>>
>> Does anyone also faced similar issues?
>>
>> Any pointers or references will be a great help.
>>
>>
>> Thanks
>> Shrikant
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20160829/617460d0/attachment.html>
More information about the yocto
mailing list