Hello, Ivan. Some OpenBMC hardening work is ongoing: https://github.com/openbmc/openbmc/issues/3383 Do you have a specific use-cases for SELinux? On Fri, 30 Oct 2020 at 22:07, Joseph Reynolds wrote: > On 10/30/20 12:55 AM, Artem Senichev wrote: > > Hi Ivan, > > > > Yocto has a layer for SELinux > > (http://git.yoctoproject.org/cgit/cgit.cgi/meta-selinux), you can try > > it. > > But the layer depends on Python for management tools, which does not > > exist in the OpenBMC image anymore. > > The problem is that Python significantly increases image size, it will > > be more than 32MiB, which causes some troubles with qemu emulation. > > > > -- > > Best regards, > > Artem Senichev > > > > On Thu, Oct 29, 2020 at 7:48 PM Ivan Li11 wrote: > >> Hi Team, > >> > >> > >> > >> I would like to ask about SELinux support. It’s seems that there’s no > SELinux related package in current OpenBMC. > >> > >> Therefore, is it not supported for now ? > >> > >> Please help to advise. > > SELinux and alternatives such as AppArmor and KRSI (Kernel Runtime > Security Instrumentation) were discussed in various OpenBMC security > working group meetings including 2020-05-13, 2020-04-01, and earlier. > See the meeting minutes: > > https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI > > I don't have any additional insight. > > - Joseph > > >> > >> > >> > >> Thanks. > >