Hi,
Request for comment set from: https://lists.yoctoproject.org/pipermail/yocto/2016-July/031362.html to https://lists.yoctoproject.org/pipermail/yocto/2016-July/031369.html checked on below build config. with refpolicy-minimum using systemd as init manager. These are comparative boot logs. refpolicy-minimum without RFC set: http://paste.ubuntu.com/21383917/ refpolicy-minimum with RFC set: http://paste.ubuntu.com/21383939/ Build Configuration: BB_VERSION = "1.31.0" BUILD_SYS = "x86_64-linux" NATIVELSBSTRING = "universal" TARGET_SYS = "arm-poky-linux-gnueabi" MACHINE = "qemuarm" DISTRO = "poky-selinux" DISTRO_VERSION = "2.1+snapshot-20160729" TUNE_FEATURES = "arm armv5 thumb dsp" TARGET_FPU = "soft" meta meta-poky meta-yocto-bsp = "master:039f47ad197a9a53109c9f3deadd9c35e62c056d" meta-selinux = "master:d0f889259b610c3365962775c6e96a7cba407177" Please advice, It will be a great help ! Thanks Shrikant On Fri, Jul 1, 2016 at 7:13 PM, Shrikant Bobade <bobadeshrik...@gmail.com> wrote: > Hi, > > Using refpolicy-minimum v20151208 with systemd as init manager, > > I am facing few issues during enforcing mode, > 1. systemd service status check, start & stop > 2. auditd logfile error, so it is mixing with the boot log. > 3. also other avc denials related to tmpfs & other types etc.. > > > setup details:poky and meta-selinux: both at master head & systemd enabled. > with these SELinux booleans enabled: i.systemd_tmpfiles_manage_all > ii.allow_mount_anyfile > > captured the avc denial to fix the systemd execution well, attached > SELinux-Modules.txt :- the allow rules generated using audit tools. > I am trying to merge these module into actual refpolicy modules, so we get > the out of box experience for smooth systemd execution. > Observed policy store seems corrupted some time, when start inserting the > prepared policy modules allow rules into actual refpolicy modules.. > > Does anyone also faced similar issues? > > Any pointers or references will be a great help. > > > Thanks > Shrikant > >
-- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto