SELinux support
Ratan Gupta
ratankgupta31 at gmail.com
Wed Jun 23 16:31:56 AEST 2021
Hi Team,
I was working on supporting selinux on openbmc stack, I was able to create
the image with selinux.
root at test:~# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: mls (also tried targeted and minimum)
Current mode: permissive
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33
While I am creating the selinux user, I am getting the following error from
the libsemanage.
root at abc:~# useradd -G wheel -Z sysadm_u test_se
[libsemanage]: Error while renaming /var/lib/selinux/minimum/active to
/var/lib/selinux/minimum/previous.
Cannot commit SELinux transaction
useradd: warning: the user name test_se to sysadm_u SELinux user mapping
failed.
During building of the selinux : I have used the refpolicy as minimum and
added the selinux package (selinux-minimal) in the openbmc image
(
http://git.yoctoproject.org/cgit/cgit.cgi/meta-selinux/tree/recipes-security/refpolicy/refpolicy-minimum_git.bb
)
(
http://git.yoctoproject.org/cgit/cgit.cgi/meta-selinux/tree/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
)
Did anybody try creating the selinux user?
I have seen that Anton and Ivan were working on that, Did you also face
this issue? If not, Can you suggest what I am missing?
Regards
Ratan Gupta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20210623/fdae922d/attachment.htm>
More information about the openbmc
mailing list