SELinux support question

Anton Kachalov rnouse at google.com
Sat Oct 31 11:06:24 AEDT 2020


Hello, Ivan.

Some OpenBMC hardening work is ongoing:
https://github.com/openbmc/openbmc/issues/3383

Do you have a specific use-cases for SELinux?

On Fri, 30 Oct 2020 at 22:07, Joseph Reynolds <jrey at linux.ibm.com> wrote:

> On 10/30/20 12:55 AM, Artem Senichev wrote:
> > Hi Ivan,
> >
> > Yocto has a layer for SELinux
> > (http://git.yoctoproject.org/cgit/cgit.cgi/meta-selinux), you can try
> > it.
> > But the layer depends on Python for management tools, which does not
> > exist in the OpenBMC image anymore.
> > The problem is that Python significantly increases image size, it will
> > be more than 32MiB, which causes some troubles with qemu emulation.
> >
> > --
> > Best regards,
> > Artem Senichev
> >
> > On Thu, Oct 29, 2020 at 7:48 PM Ivan Li11 <rli11 at lenovo.com> wrote:
> >> Hi Team,
> >>
> >>
> >>
> >> I would like to ask about SELinux support. It’s seems that there’s no
> SELinux related package in current OpenBMC.
> >>
> >> Therefore, is it not supported for now ?
> >>
> >> Please help to advise.
>
> SELinux and alternatives such as AppArmor and KRSI (Kernel Runtime
> Security Instrumentation) were discussed in various OpenBMC security
> working group meetings including 2020-05-13, 2020-04-01, and earlier.
> See the meeting minutes:
>
> https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI
>
> I don't have any additional insight.
>
> - Joseph
>
> >>
> >>
> >>
> >> Thanks.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20201031/97458489/attachment-0001.htm>


More information about the openbmc mailing list