[yocto] [meta-selinux] Regarding "systemd" support with refpolicy-minimum v20151208

Shrikant Bobade bobadeshrikant at gmail.com
Fri Jul 29 02:24:23 PDT 2016 

Hi,


Request for comment set from:
https://lists.yoctoproject.org/pipermail/yocto/2016-July/031362.html to
https://lists.yoctoproject.org/pipermail/yocto/2016-July/031369.html

checked on below build config. with refpolicy-minimum using systemd as init
manager.

These are comparative boot logs.
refpolicy-minimum without RFC set: http://paste.ubuntu.com/21383917/

refpolicy-minimum with RFC set: http://paste.ubuntu.com/21383939/



Build Configuration:
BB_VERSION        = "1.31.0"
BUILD_SYS         = "x86_64-linux"
NATIVELSBSTRING   = "universal"
TARGET_SYS        = "arm-poky-linux-gnueabi"
MACHINE           = "qemuarm"
DISTRO            = "poky-selinux"
DISTRO_VERSION    = "2.1+snapshot-20160729"
TUNE_FEATURES     = "arm armv5 thumb dsp"
TARGET_FPU        = "soft"
meta
meta-poky
meta-yocto-bsp    = "master:039f47ad197a9a53109c9f3deadd9c35e62c056d"
meta-selinux      = "master:d0f889259b610c3365962775c6e96a7cba407177"



Please advice, It will be a great help !


Thanks
Shrikant


On Fri, Jul 1, 2016 at 7:13 PM, Shrikant Bobade <bobadeshrikant at gmail.com>
wrote:

> Hi,
>
> Using refpolicy-minimum v20151208 with systemd as init manager,
>
> I am facing few issues during enforcing mode,
> 1. systemd service status check, start & stop
> 2. auditd logfile error, so it is mixing with the boot log.
> 3. also other avc denials related to tmpfs & other types etc..
>
>
> setup details:poky and meta-selinux: both at master head & systemd enabled.
> with these SELinux booleans enabled: i.systemd_tmpfiles_manage_all
> ii.allow_mount_anyfile
>
> captured the avc denial to fix the systemd execution well, attached
> SELinux-Modules.txt :- the allow rules generated using audit tools.
> I am trying to merge these module into actual refpolicy modules, so we get
> the out of box experience for smooth systemd execution.
> Observed policy store seems corrupted some time, when start inserting the
> prepared policy modules allow rules into actual refpolicy modules..
>
> Does anyone also faced similar issues?
>
> Any pointers or references will be a great help.
>
>
> Thanks
> Shrikant
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20160729/0c19a54b/attachment.html>

More information about the yocto mailing list