Re: [yocto] busybox + SELinux (warrior) - reboot issue

[Mark Hatle]

I've been trying to find time to look into it, but I've not had any so far.

I'd suggest trying it on more full Linux system first to see if that resolves
the issue.  If it does, then it's simply a configuration and you can use the
audit messages to help figure it out..  but the fact it's rebooting suggests to
me that something is incorrect in the initscripts when used with busybox.

--Mark

On 11/21/19 8:54 AM, Yair Itzhaki wrote:
> Anybody?
> 
>  
> 
> Thanks,
> 
> Yair
> 
>  
> 
>  
> 
> 
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] busybox + SELinux (warrior) - reboot issue

[Yair Itzhaki]

Anybody?

Thanks,
Yair


-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] busybox + SELinux (warrior) - reboot issue

[Yair Itzhaki]

Hi ,
I'm using Poky (Warrior), with busybox (aiming at a lightweight system).
Recently, added SELinux to my project (by adding "packagegroup-core-selinux" to 
my local.conf, with mls policy).

Booted with "selinux=1 enforing=0".
The auto-relabeling reported an error, since the root is mounted RO.
So, patched slelinux-autorelabel script to mount "/" RW before relabeling.

Booted again.
This time, selinux-init had the same issue ( / mounted RO).
Patched this one as well, but the system keeps rebooting:
It seems that the init process keeps it's kernel_t context, which forces 
re-labeling, reboot and so on…. (per the selinux-init script)

Q1: Is SELinux+busybox a valid combination, or should I switch to systemd?
Q2: Which context should the init process end up as?

BTW – the build of "core-image-selinux" fails, with the following error
   Copying files into the device: set_inode_xattr: No data available while 
reading attribute "security.selinux" of "network"
Any idea?

Thanks,
Yair


-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto