<div dir="ltr">Hello, Ivan.<div><br></div><div>Some OpenBMC hardening work is ongoing:</div><div><a href="https://github.com/openbmc/openbmc/issues/3383">https://github.com/openbmc/openbmc/issues/3383</a><br></div><div><br></div><div>Do you have a specific use-cases for SELinux?</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 30 Oct 2020 at 22:07, Joseph Reynolds <<a href="mailto:jrey@linux.ibm.com">jrey@linux.ibm.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 10/30/20 12:55 AM, Artem Senichev wrote:<br>
> Hi Ivan,<br>
><br>
> Yocto has a layer for SELinux<br>
> (<a href="http://git.yoctoproject.org/cgit/cgit.cgi/meta-selinux" rel="noreferrer" target="_blank">http://git.yoctoproject.org/cgit/cgit.cgi/meta-selinux</a>), you can try<br>
> it.<br>
> But the layer depends on Python for management tools, which does not<br>
> exist in the OpenBMC image anymore.<br>
> The problem is that Python significantly increases image size, it will<br>
> be more than 32MiB, which causes some troubles with qemu emulation.<br>
><br>
> --<br>
> Best regards,<br>
> Artem Senichev<br>
><br>
> On Thu, Oct 29, 2020 at 7:48 PM Ivan Li11 <<a href="mailto:rli11@lenovo.com" target="_blank">rli11@lenovo.com</a>> wrote:<br>
>> Hi Team,<br>
>><br>
>><br>
>><br>
>> I would like to ask about SELinux support. It’s seems that there’s no SELinux related package in current OpenBMC.<br>
>><br>
>> Therefore, is it not supported for now ?<br>
>><br>
>> Please help to advise.<br>
<br>
SELinux and alternatives such as AppArmor and KRSI (Kernel Runtime <br>
Security Instrumentation) were discussed in various OpenBMC security <br>
working group meetings including 2020-05-13, 2020-04-01, and earlier. <br>
See the meeting minutes:<br>
<a href="https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI" rel="noreferrer" target="_blank">https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI</a><br>
<br>
I don't have any additional insight.<br>
<br>
- Joseph<br>
<br>
>><br>
>><br>
>><br>
>> Thanks.<br>
<br>
</blockquote></div>