From: Mark Hatle <mark.hatle@windriver.com>
To: <yocto@yoctoproject.org>
Subject: Re: SELinux doesn't work on t4240qds
Date: Tue, 22 Jul 2014 12:30:42 -0500 [thread overview]
Message-ID: <53CE9FC2.3090507@windriver.com> (raw)
In-Reply-To: <dfd0afc8932f41e19daf0a1fe13578b3@CY1PR0301MB0715.namprd03.prod.outlook.com>
On 7/22/14, 10:11 AM, zhenhua.luo@freescale.com wrote:
> Hi all,
Which release are you using. The last version I used w/ meta-selinux was the
1.5 release.
We're planning on updating it to master in the 'near' future [patches welcome!],
and I've been told by a few others of success w/ 1.7.
Did you enable the 'selinux' distribution flag? If so, it should have enabled
all of the components necessary for this stuff to be enabled.
--Mark
> I use the meta-selinux layer to build a core-image-selinux rootfs image, and
> build kernel with following options enabled.
>
> CONFIG_AUDIT=y
>
> CONFIG_NETWORK_SECMARK=y
>
> CONFIG_EXT2_FS_SECURITY=y
>
> CONFIG_EXT3_FS_SECURITY=y
>
> CONFIG_EXT4_FS_SECURITY=y
>
> CONFIG_JFS_SECURITY=y
>
> CONFIG_REISERFS_FS_SECURITY=y
>
> CONFIG_JFFS2_FS_SECURITY=y
>
> CONFIG_SECURITY_NETWORK=y
>
> CONFIG_SECURITY_SELINUX=y
>
> CONFIG_SECURITY_SELINUX_BOOTPARAM=y
>
> CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
>
> CONFIG_SECURITY_SELINUX_DISABLE=y
>
> CONFIG_SECURITY_SELINUX_DEVELOP=y
>
> CONFIG_SECURITY_SELINUX_AVC_STATS=y
>
> CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
>
> I use the generated images to boot up FSL PPC t4240qds board(tried both NFS boot
> and RAM boot with ext2.gz.u-boot rootfs), the SELinux is not turned on after
> kernel boot up.
>
> following is some information in rootfs.
>
> root@t4240qds:~# sestatus
>
> SELinux status: disabled
>
> root@t4240qds:~#
>
> root@t4240qds:~# cat /etc/selinux/config
>
> # This file controls the state of SELinux on the system.
>
> # SELINUX= can take one of these three values:
>
> # enforcing - SELinux security policy is enforced.
>
> # permissive - SELinux prints warnings instead of enforcing.
>
> # disabled - No SELinux policy is loaded.
>
> SELINUX=enforcing
>
> # SELINUXTYPE= can take one of these two values:
>
> # standard - Standard Security protection.
>
> # mls - Multi Level Security protection.
>
> SELINUXTYPE=mls
>
> root@t4240qds:~# cat /proc/cmdline
>
> root=/dev/ram rw console=ttyS0,115200 selinux=1
>
> root@t4240qds:~# setenforce 1
>
> setenforce: SELinux is disabled
>
> root@t4240qds:~# getenforce
>
> Disabled
>
> root@t4240qds:~#
>
> Can somebody shed some light on the issue?
>
> Best Regards,
>
> Zhenhua
>
>
>
next prev parent reply other threads:[~2014-07-22 17:30 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-22 15:11 SELinux doesn't work on t4240qds zhenhua.luo
2014-07-22 17:30 ` Mark Hatle [this message]
2014-07-23 2:28 ` zhenhua.luo
2014-07-23 12:15 ` zhenhua.luo
2014-07-23 14:41 ` Mark Hatle
2014-07-24 12:08 ` zhenhua.luo
2014-07-23 14:37 ` Mark Hatle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53CE9FC2.3090507@windriver.com \
--to=mark.hatle@windriver.com \
--cc=yocto@yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.