[yocto] [selinux] sumo compilation

Stefano Cappa stefano.cappa.ks89 at gmail.com
Mon Jan 14 15:28:27 PST 2019 

I tried with yocto thud and your repo (thud branch) and I can build without
issues.
However when I try to run "fixfiles -f -F relabel" the result is:
**Cleaning out /tmp*
**fixfiles: No suitable file systems found*
**Cleaning up labels on /tmp*
**cat: /initial_contexts/unlabeled: No such file or directory*
**secon: SELinux is not enabled*

I tried to check If I have xattrs in my ext4 partition and I can run these
commands as suggested here https://bbs.archlinux.org/viewtopic.php?id=176400
:

$ touch testfile
$ getfattr -n user.comment testfile
testfile: user.comment: No such attribute
$ getfattr testfile
$ setfattr -n user.comment -v "this is a comment" testfile
$ getfattr testfile
# file: testfile
user.comment

$ getfattr -n user.comment testfile
# file: testfile
user.comment="this is a comment"

$ setfattr -x user.comment testfile
$ getfattr testfile


My config.gz contains these:
# CONFIG_IP_NF_SECURITY is not set
# CONFIG_IP6_NF_SECURITY is not set
CONFIG_EXT2_FS_SECURITY=y
CONFIG_EXT3_FS_SECURITY=y
CONFIG_EXT4_FS_SECURITY=y
CONFIG_SECURITY_DMESG_RESTRICT=y
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_NETWORK_XFRM is not set
# CONFIG_SECURITY_PATH is not set
CONFIG_SECURITY_SELINUX=y
# CONFIG_SECURITY_SELINUX_BOOTPARAM is not set
# CONFIG_SECURITY_SELINUX_DISABLE is not set
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
# CONFIG_SECURITY_APPARMOR is not set
# CONFIG_SECURITY_LOADPIN is not set
# CONFIG_SECURITY_YAMA is not set
# CONFIG_DEFAULT_SECURITY_SELINUX is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_DEFAULT_SECURITY=""

Is there a way to debug this issue with some tricks?
Am I missing something?

Thank u.


Il giorno mer 9 gen 2019 alle ore 21:55 Stefano Cappa <
stefano.cappa.ks89 at gmail.com> ha scritto:

> Ok thank you, I'll try it.
>
> Il giorno lun 31 dic 2018 alle ore 03:52 MacDonald, Joe <
> Joe_MacDonald at mentor.com> ha scritto:
>
>> One additional quick note, in hope of avoiding any further confusion, I'm
>> working on the refpolicy version from July not January 2018.  Sorry about
>> that.
>>
>> -J.
>>
>> ________________________________________
>> From: yocto-bounces at yoctoproject.org <yocto-bounces at yoctoproject.org> on
>> behalf of MacDonald, Joe
>> Sent: Sunday, December 30, 2018 9:46 PM
>> To: Stefano Cappa
>> Cc: yocto at yoctoproject.org
>> Subject: Re: [yocto] [selinux] sumo compilation
>>
>> [Re: [yocto] [selinux] sumo compilation] On 18.12.30 (Sun 14:31)
>> MacDonald, Joe wrote:
>>
>> > I have both ready to go, there's been a few hiccups with my access to
>> the git
>> > server. I'll push my queued changes somewhere public when I get to a
>> keyboard
>> > later today so at least everyone can see what's coming.
>>
>> Update on this.  While we're sorting out the access issue, the current
>> master, sumo and thud branches on my personal mirror
>> (https://github.com/joeythesaint/meta-selinux) are mostly up-to-date
>> (the only thing I haven't included in there yet is the refpolicy update
>> for the 20180114 release, little overdue, that) and build for the
>> respective Yocto releases.  If that's not your experience, please let me
>> know and we'll get that sorted out right away.
>>
>> Thanks.
>>
>> -Joe.
>>
>> >
>> > -J.
>> >
>> > On Dec 30, 2018 6:29 AM, Stefano Cappa <stefano.cappa.ks89 at gmail.com>
>> wrote:
>> > Are there any news about this? Also for thud branch.
>> >
>> > Il mar 30 ott 2018, 14:46 Sinan Kaya <okaya at kernel.org> ha scritto:
>> >
>> >     On 10/24/2018 7:49 PM, Joe MacDonald wrote:
>> >     > Hey all,
>> >     >
>> >     > I just thought I should quickly follow up on this.  I have a
>> change set
>> >     > ready that includes tagging and a minor tweak for sumo,
>> integration of
>> >     > the current outstanding patch list and a tag for thud and a
>> couple of
>> >     > additional things (possibly) for post-thud.  I'll send out a set
>> for
>> >     > sumo and maybe an additional one for thud/post- possibly tomorrow
>> or
>> >     > after I get home on Friday.
>> >
>> >     Thanks, we are looking forward to see it on yocto.
>> >
>> >     >
>> >     > -J.
>> >
>> >     --
>> >     _______________________________________________
>> >     yocto mailing list
>> >     yocto at yoctoproject.org
>> >     https://lists.yoctoproject.org/listinfo/yocto
>> >
>>
>> > --
>> > _______________________________________________
>> > yocto mailing list
>> > yocto at yoctoproject.org
>> > https://lists.yoctoproject.org/listinfo/yocto
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20190115/1975b206/attachment.html>

More information about the yocto mailing list