SELinux support question
Andrew Jeffery
andrew at aj.id.au
Mon Nov 2 11:54:12 AEDT 2020
On Fri, 30 Oct 2020, at 16:25, Artem Senichev wrote:
> Hi Ivan,
>
> Yocto has a layer for SELinux
> (http://git.yoctoproject.org/cgit/cgit.cgi/meta-selinux), you can try
> it.
> But the layer depends on Python for management tools, which does not
> exist in the OpenBMC image anymore.
> The problem is that Python significantly increases image size, it will
> be more than 32MiB, which causes some troubles with qemu emulation.
The problem is broader than qemu though, it would also be broken on
any platform shipping a 32MiB flash part if the image exceeds 32MiB.
That said, if there are systems that ship bigger parts and enabling SELinux
for those is feasible, we should add those platform models to qemu so
emulating them isn't constrained by the existing platform support.
Andrew
More information about the openbmc
mailing list