openbmc.lists.ozlabs.org archive mirror
 help / color / mirror / Atom feed
From: "Andrew Jeffery" <andrew@aj.id.au>
To: "Artem Senichev" <artemsen@gmail.com>, "Ivan Li11" <rli11@lenovo.com>
Cc: "openbmc@lists.ozlabs.org" <openbmc@lists.ozlabs.org>
Subject: Re: SELinux support question
Date: Mon, 02 Nov 2020 11:24:12 +1030	[thread overview]
Message-ID: <ef502742-673b-4aeb-8614-f305a0f0053a@www.fastmail.com> (raw)
In-Reply-To: <CAHsrh9KO6jxKY1Oi6=8Gk74gF+Rrhz+9HN3UgRpO16st0RmjRQ@mail.gmail.com>



On Fri, 30 Oct 2020, at 16:25, Artem Senichev wrote:
> Hi Ivan,
> 
> Yocto has a layer for SELinux
> (http://git.yoctoproject.org/cgit/cgit.cgi/meta-selinux), you can try
> it.
> But the layer depends on Python for management tools, which does not
> exist in the OpenBMC image anymore.
> The problem is that Python significantly increases image size, it will
> be more than 32MiB, which causes some troubles with qemu emulation.

The problem is broader than qemu though, it would also be broken on
any platform shipping a 32MiB flash part if the image exceeds 32MiB.

That said, if there are systems that ship bigger parts and enabling SELinux
for those is feasible, we should add those platform models to qemu so
emulating them isn't constrained by the existing platform support.

Andrew

  parent reply	other threads:[~2020-11-02  0:56 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-29 16:34 SELinux support question Ivan Li11
2020-10-30  5:55 ` Artem Senichev
2020-10-30 21:07   ` Joseph Reynolds
2020-10-31  0:06     ` Anton Kachalov
2020-11-02  0:54   ` Andrew Jeffery [this message]
2020-11-02 17:45     ` [External] " Ivan Li11
2020-11-02 19:49       ` Anton Kachalov
2020-11-03 17:51         ` Ivan Li11
2020-11-04 14:34           ` Anton Kachalov
2020-11-05  7:36             ` Jayanth Othayoth
2020-11-06 10:06               ` Ivan Li11
2020-11-06 13:40                 ` Anton Kachalov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ef502742-673b-4aeb-8614-f305a0f0053a@www.fastmail.com \
    --to=andrew@aj.id.au \
    --cc=artemsen@gmail.com \
    --cc=openbmc@lists.ozlabs.org \
    --cc=rli11@lenovo.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).