[yocto] SELinux with Busybox on morty
Justin Clacherty
justin at redfish.com.au
Tue Jul 18 23:05:44 PDT 2017
Hi Joe,
Is this something you or one of the other meta-selinux devs are able to help out with or is it more of an upstream question?
Cheers,
Justin.
> On 17 Jul 2017, at 4:57 pm, Marco Ostini <marco at ostini.org> wrote:
>
>
> Hi All,
>
> At the moment I'm attempting to prepare a VM of morty with SELinux running well in enforcing mode. Once bedded down this will be running on an embedded system.
>
> We use Busybox to keep the environment slim.
>
> As you may be aware the file contexts of /etc/selinux/targeted/contexts/files/file_contexts don't include appropriate paths (/sbin + /usr/lib/busybox/sbin/) and relative file contexts for commands provided by Busybox. The /sbin files provided by Busybox are symlinks to their counterparts in /usr/lib/busybox/sbin/.
>
> I've attempted to use semanage to apply file contexts and look up login contexts. Any time I use semanage I receive this message:
>
> Error: Failed to read //etc/selinux/targeted/policy/policy.30 policy file
>
> In an attempt to mitigate this error I ran semodule --build and while it did rebuild the policy file, it didn't mitigate the error message generated by semanage. At the moment I'm applying temporary file contexts with chcon.
>
> My questions are:
>
> 1. Is it possible to run Busybox (providing init, getty, syslog ...) in SELinux enforcing. If so, where's the policy files?
> 2. Is there some documentation somewhere on reference builds of Morty with SELinux enforcing ?
>
> Kind regards,
> Marco
>
More information about the yocto
mailing list