* Re: busybox + SELinux (warrior) - reboot issue
@ 2019-11-21 14:54 Yair Itzhaki
2019-11-21 15:15 ` Mark Hatle
0 siblings, 1 reply; 4+ messages in thread
From: Yair Itzhaki @ 2019-11-21 14:54 UTC (permalink / raw)
To: yocto
[-- Attachment #1: Type: text/plain, Size: 31 bytes --]
Anybody?
Thanks,
Yair
[-- Attachment #2: Type: text/html, Size: 2124 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: busybox + SELinux (warrior) - reboot issue
2019-11-21 14:54 busybox + SELinux (warrior) - reboot issue Yair Itzhaki
@ 2019-11-21 15:15 ` Mark Hatle
0 siblings, 0 replies; 4+ messages in thread
From: Mark Hatle @ 2019-11-21 15:15 UTC (permalink / raw)
To: yocto
I've been trying to find time to look into it, but I've not had any so far.
I'd suggest trying it on more full Linux system first to see if that resolves
the issue. If it does, then it's simply a configuration and you can use the
audit messages to help figure it out.. but the fact it's rebooting suggests to
me that something is incorrect in the initscripts when used with busybox.
--Mark
On 11/21/19 8:54 AM, Yair Itzhaki wrote:
> Anybody?
>
>
>
> Thanks,
>
> Yair
>
>
>
>
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: busybox + SELinux (warrior) - reboot issue
2019-11-22 5:50 [yocto] " Yi Zhao
@ 2019-11-22 18:27 ` Ayoub Zaki
0 siblings, 0 replies; 4+ messages in thread
From: Ayoub Zaki @ 2019-11-22 18:27 UTC (permalink / raw)
To: yocto
[-- Attachment #1: Type: text/plain, Size: 232 bytes --]
Hi,
you should inherit in your image recipe the following bbclass:
inherit selinux-image
It will set the security label of your filesystem using your refpolicy offline so it does not need to relabel again.
Best regards
[-- Attachment #2: Type: text/html, Size: 279 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* busybox + SELinux (warrior) - reboot issue
@ 2019-11-13 18:06 Yair Itzhaki
0 siblings, 0 replies; 4+ messages in thread
From: Yair Itzhaki @ 2019-11-13 18:06 UTC (permalink / raw)
To: yocto
[-- Attachment #1: Type: text/plain, Size: 1021 bytes --]
Hi ,
I'm using Poky (Warrior), with busybox (aiming at a lightweight system).
Recently, added SELinux to my project (by adding "packagegroup-core-selinux" to my local.conf, with mls policy).
Booted with "selinux=1 enforing=0".
The auto-relabeling reported an error, since the root is mounted RO.
So, patched slelinux-autorelabel script to mount "/" RW before relabeling.
Booted again.
This time, selinux-init had the same issue ( / mounted RO).
Patched this one as well, but the system keeps rebooting:
It seems that the init process keeps it's kernel_t context, which forces re-labeling, reboot and so on…. (per the selinux-init script)
Q1: Is SELinux+busybox a valid combination, or should I switch to systemd?
Q2: Which context should the init process end up as?
BTW – the build of "core-image-selinux" fails, with the following error
Copying files into the device: set_inode_xattr: No data available while reading attribute "security.selinux" of "network"
Any idea?
Thanks,
Yair
[-- Attachment #2: Type: text/html, Size: 4831 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-11-22 18:27 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-21 14:54 busybox + SELinux (warrior) - reboot issue Yair Itzhaki
2019-11-21 15:15 ` Mark Hatle
-- strict thread matches above, loose matches on Subject: below --
2019-11-22 5:50 [yocto] " Yi Zhao
2019-11-22 18:27 ` Ayoub Zaki
2019-11-13 18:06 Yair Itzhaki
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.