[yocto] SELinux with Busybox on morty
Marco Ostini
marco at ostini.org
Sun Jul 16 23:57:42 PDT 2017
Hi All,
At the moment I'm attempting to prepare a VM of morty with SELinux running
well in enforcing mode. Once bedded down this will be running on an
embedded system.
We use Busybox to keep the environment slim.
As you may be aware the file contexts
of /etc/selinux/targeted/contexts/files/file_contexts don't include
appropriate paths (/sbin + /usr/lib/busybox/sbin/) and relative file
contexts for commands provided by Busybox. The /sbin files provided by
Busybox are symlinks to their counterparts in /usr/lib/busybox/sbin/.
I've attempted to use semanage to apply file contexts and look up login
contexts. Any time I use semanage I receive this message:
Error: Failed to read //etc/selinux/targeted/policy/policy.30 policy file
In an attempt to mitigate this error I ran semodule --build and while it
did rebuild the policy file, it didn't mitigate the error message generated
by semanage. At the moment I'm applying temporary file contexts with chcon.
My questions are:
1. Is it possible to run Busybox (providing init, getty, syslog ...)
in SELinux enforcing. If so, where's the policy files?
2. Is there some documentation somewhere on reference builds of Morty
with SELinux enforcing ?
Kind regards,
Marco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20170717/9642bae5/attachment.html>
More information about the yocto
mailing list