Hi all, I use the meta-selinux layer to build a core-image-selinux rootfs image, and build kernel with following options enabled. CONFIG_AUDIT=y CONFIG_NETWORK_SECMARK=y CONFIG_EXT2_FS_SECURITY=y CONFIG_EXT3_FS_SECURITY=y CONFIG_EXT4_FS_SECURITY=y CONFIG_JFS_SECURITY=y CONFIG_REISERFS_FS_SECURITY=y CONFIG_JFFS2_FS_SECURITY=y CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_SELINUX=y CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_DISABLE=y CONFIG_SECURITY_SELINUX_DEVELOP=y CONFIG_SECURITY_SELINUX_AVC_STATS=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
I use the generated images to boot up FSL PPC t4240qds board(tried both NFS boot and RAM boot with ext2.gz.u-boot rootfs), the SELinux is not turned on after kernel boot up. following is some information in rootfs. root@t4240qds:~# sestatus SELinux status: disabled root@t4240qds:~# root@t4240qds:~# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of these two values: # standard - Standard Security protection. # mls - Multi Level Security protection. SELINUXTYPE=mls root@t4240qds:~# cat /proc/cmdline root=/dev/ram rw console=ttyS0,115200 selinux=1 root@t4240qds:~# setenforce 1 setenforce: SELinux is disabled root@t4240qds:~# getenforce Disabled root@t4240qds:~# Can somebody shed some light on the issue? Best Regards, Zhenhua
-- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
