SELinux support question
rnouse at google.com
Sat Oct 31 11:06:24 AEDT 2020
Some OpenBMC hardening work is ongoing:
Do you have a specific use-cases for SELinux?
On Fri, 30 Oct 2020 at 22:07, Joseph Reynolds <jrey at linux.ibm.com> wrote:
> On 10/30/20 12:55 AM, Artem Senichev wrote:
> > Hi Ivan,
> > Yocto has a layer for SELinux
> > (http://git.yoctoproject.org/cgit/cgit.cgi/meta-selinux), you can try
> > it.
> > But the layer depends on Python for management tools, which does not
> > exist in the OpenBMC image anymore.
> > The problem is that Python significantly increases image size, it will
> > be more than 32MiB, which causes some troubles with qemu emulation.
> > --
> > Best regards,
> > Artem Senichev
> > On Thu, Oct 29, 2020 at 7:48 PM Ivan Li11 <rli11 at lenovo.com> wrote:
> >> Hi Team,
> >> I would like to ask about SELinux support. It’s seems that there’s no
> SELinux related package in current OpenBMC.
> >> Therefore, is it not supported for now ?
> >> Please help to advise.
> SELinux and alternatives such as AppArmor and KRSI (Kernel Runtime
> Security Instrumentation) were discussed in various OpenBMC security
> working group meetings including 2020-05-13, 2020-04-01, and earlier.
> See the meeting minutes:
> I don't have any additional insight.
> - Joseph
> >> Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openbmc