All of lore.kernel.org
 help / color / mirror / Atom feed
* Re: Need information for building embedded system.
       [not found] <24010477.117631.1382460349532.JavaMail.root@vms170025>
@ 2013-10-22 17:12 ` Daniel J Walsh
  0 siblings, 0 replies; only message in thread
From: Daniel J Walsh @ 2013-10-22 17:12 UTC (permalink / raw)
  To: hoefer, selinux, SELinux

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/22/2013 12:45 PM, Don Hoefer wrote:
> We are building an embedded system where the customer is requiring SELinux.
> It is our own hardware so we build our own kernel and drivers and use the
> ext2, jfs and tempfs file systems.  This is not new for us, but
> incorporating SELinux is.
> 
> Does anyone know of a good knowledge resource for building embedded
> systems with SELinux?
> 
> We are currently plowing through a frustrating step ahead/step back
> process.  We have SELinux running but it seems to be broken, for example
> one of our problems is that ls -Z shows "?" for SELinux file contexts: 
> root@generic-powerpc:/#getfattr -m . -d var # file: var 
> security.selinux="system_u:object_r:var_t"
> 
> root@generic-powerpc:/# ls -Z ? bin  ? boot  ? dev  ? etc  ? home  ? lib
> ?lost+found  ? media  ? mnt  ? proc ? sbin  ?selinux  ? share  ? sys  ? tmp
> ? usr  ? var  ?www
> 
> We were unsuccessful building policies on any of our development systems 
> (Ubuntu/Debian based) but we are now using a Fedora 19 system and that is 
> looking promising.
> 
> Any pointers or help would be appreciated.
> 
> Don Hoefer
> 
> 
> 
> -- selinux mailing list selinux@lists.fedoraproject.org 
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 

You really should ask this question on the upstream SELinux
<selinux@tycho.nsa.gov> list.

The reason the ls -Z command might not be working, is you have MLS turned on
and are missing the s0, so your label is seen as invalid.

On Fedora 21.
# getfattr -m . -d /var
getfattr: Removing leading '/' from absolute path names
# file: var
security.selinux="system_u:object_r:var_t:s0"


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlJmsesACgkQrlYvE4MpobN4AACgrijpvSMl1/zDRbUvP3UnAZsj
5CMAoLfZ+ySGbO5/cLW8HCVtJPyjeXzo
=plDG
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2013-10-22 17:12 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <24010477.117631.1382460349532.JavaMail.root@vms170025>
2013-10-22 17:12 ` Need information for building embedded system Daniel J Walsh

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.