2010/3/17 KaiGai Kohei <kaigai@xxxxxxxxxxxxx>
I am very new to SELinux, so I may not be able to answer your all questions correctly. I compiled base policy and then included it in my rootfs ( at /etc/selinux/base_policy). I compiled busbox-1.13.0 and 2.6.29 linux-kernel with SELinux support. I faced lot of errors and problems while compiling busybox with SELinux (utilities) support. then I booted beagle. And faced above problem. I did not try any extra code other then base_policy, Because initially I wanted to see the kernel booting with SELinux support and working SELinux utilities provided by busybox.
I think my policy is standard reference policy.
(2010/03/17 16:12), Manvendra Pratap Singh wrote:Does it have correct format? Does it contains an entry which matches
> Hi KaiGai,
>
> I checked /etc/selinux/base_policy/contexts/default_contexts and
> /etc/selinux/base_policy/contexts/users/root both in my rootfs and it is
> in correct place. But it still giving me same SID problem. Please give
> some idea.
with the security context of your logind daemon?
If your policy does not define domain-transitions appropriately,
all the process may work with kernel_t, init_t or initrc_t.
If so, get_default_context() cannot find out configured entry.
I am very new to SELinux, so I may not be able to answer your all questions correctly. I compiled base policy and then included it in my rootfs ( at /etc/selinux/base_policy). I compiled busbox-1.13.0 and 2.6.29 linux-kernel with SELinux support. I faced lot of errors and problems while compiling busybox with SELinux (utilities) support. then I booted beagle. And faced above problem. I did not try any extra code other then base_policy, Because initially I wanted to see the kernel booting with SELinux support and working SELinux utilities provided by busybox.
What is your policy type? The standard reference policy?, or others?
I think my policy is standard reference policy.
Thanks,
> On Wed, Mar 17, 2010 at 11:38 AM, Manvendra Pratap Singh
> Thanks for reply KaiGai Kohei, I will follow your suggestion and let> <mailto:kaigai@xxxxxxxxxxxxx>>
> you know about it.
>
> ---
> Manav
> Hyderabad
>
> 2010/3/17 KaiGai Kohei <kaigai@xxxxxxxxxxxxx
>
> (2010/03/17 13:22), Manvendra Pratap Singh wrote:
> > Can anyone suggest me good guide for SELinux on omap3
> (beagleboard). I
> > tried it myself but I am not able to login after booting. On
> loging in
> > root I get a msg "Cann't get SID for root". Please help me on
> this
> > issue. Here take a look at boot-log.
> >
> >
> > [ 0.000000] Security Framework initialized
> > [ 0.000000] SELinux: Initializing.
> >
> >
> > beagleboard login: root
> > login: can't get SID for root
>
> This message come from logind applet of busybox.
>
> It tries to fetch the default security context of the root session.
>
> Put "/etc/selinux/<SELINUXTYPE>/contexts/default_contexts" or
> "/etc/selinux/<SELINUXTYPE>/contexts/users/root" correctly, and
> try it again.
>
> Thanks,
>
> >
> > Embinux Linux 1.1 beagleboard ttyS2
> >
> > beagleboard login:
> >
> >
> >
> > ---
> > Manav
> > Hyderabad
> >
> >
> >
> > On Thu, Mar 11, 2010 at 3:38 PM, Manvendra Pratap Singh
> > <manav.emb@xxxxxxxxx <mailto:manav.emb@xxxxxxxxx>
> <mailto:manav.emb@xxxxxxxxx <mailto:manav.emb@xxxxxxxxx>>> wrote:
> >
> > Thanks for the information. I asked about working busybox
> and linux
> > kernel versions because when I am enabling selinux in busybox
> > (1.13.0), it is giving me lot of compilation errors and I
> think some
> > code is also missing. Although the kernel (2.6.29) which
> I am using
> > is working fine. If you tell anything more on this then
> it will be a
> > great help.
> >
> >
> > --
> > Manav
> > Hyderabad
> >
> >
> >
> > On Wed, Mar 10, 2010 at 11:19 PM, Stephen Smalley
> <sds@xxxxxxxxxxxxx <mailto:sds@xxxxxxxxxxxxx>
> > <mailto:sds@xxxxxxxxxxxxx <mailto:sds@xxxxxxxxxxxxx>>> wrote:> KaiGai Kohei <kaigai@xxxxxxxxxxxxx <mailto:kaigai@xxxxxxxxxxxxx>>
> >
> > On Wed, 2010-03-10 at 22:44 +0530, Manvendra Pratap
> Singh wrote:
> > > Hi Stephen,
> > >
> > > May be I could not make myself clear to you. My question was
> > not about
> > > linux on omap3, it was about SELinux on omap3. Anyways thanks
> > for your
> > > reply. I will check the links given by you.
> >
> > SELinux isn't platform-specific, and is a component
> of the Linux 2.6
> > kernel.
> >
> > --
> > Stephen Smalley
> > National Security Agency
> >
> >
> >
>
>
> --
>
>
>
>
>
> --
> Manav
> Hyderabad
--
KaiGai Kohei <kaigai@xxxxxxxxxxxxx>
--
Manav
Hyderabad
