(2010/03/18 13:04), Manvendra Pratap Singh wrote: > > > 2010/3/18 KaiGai Kohei <kaigai@xxxxxxxxxxxxx <mailto:kaigai@xxxxxxxxxxxxx>> > > (2010/03/17 17:27), Manvendra Pratap Singh wrote: > > > > > > 2010/3/17 KaiGai Kohei <kaigai@xxxxxxxxxxxxx > <mailto:kaigai@xxxxxxxxxxxxx> <mailto:kaigai@xxxxxxxxxxxxx > <mailto:kaigai@xxxxxxxxxxxxx>>> > > > > (2010/03/17 16:12), Manvendra Pratap Singh wrote: > > > Hi KaiGai, > > > > > > I checked /etc/selinux/base_policy/contexts/default_contexts and > > > /etc/selinux/base_policy/contexts/users/root both in my rootfs > > and it is > > > in correct place. But it still giving me same SID problem. Please > > give > > > some idea. > > > > Does it have correct format? Does it contains an entry which > matches > > with the security context of your logind daemon? > > > > If your policy does not define domain-transitions appropriately, > > all the process may work with kernel_t, init_t or initrc_t. > > If so, get_default_context() cannot find out configured entry. > > > > > > I am very new to SELinux, so I may not be able to answer your all > > questions correctly. I compiled base policy and then included it > in my > > rootfs ( at /etc/selinux/base_policy). I compiled busbox-1.13.0 and > > 2.6.29 linux-kernel with SELinux support. I faced lot of errors and > > problems while compiling busybox with SELinux (utilities) support. > > What kind of errors did you see? > If we cannot build busybox with SELinux support in the recent releases, > we need to fix them. > > > > This time I tried with busybox-1.11.3, Please have a look at the errors: > > manav@manav-desktop:busybox-1.11.3$ make ARCH=arm > CROSS_CONFIG=arm-none-linux-gnueabi- > SPLIT include/autoconf.h -> include/config/* > GEN include/bbconfigopts.h > HOSTCC applets/usage > applets/usage.c: In function 'main': > applets/usage.c:27: warning: ignoring return value of 'write', declared > with attribute warn_unused_result > GEN include/usage_compressed.h > HOSTCC applets/applet_tables > In file included from applets/../include/busybox.h:10, > from applets/applet_tables.c:16: > applets/../include/libbb.h:56:29: error: selinux/selinux.h: No such file > or directory > applets/../include/libbb.h:57:29: error: selinux/context.h: No such file > or directory > applets/../include/libbb.h:58:27: error: selinux/flask.h: No such file > or directory > applets/../include/libbb.h:59:36: error: selinux/av_permissions.h: No > such file or directory > In file included from applets/../include/busybox.h:10, > from applets/applet_tables.c:16: > applets/../include/libbb.h:1007: error: expected ')' before 'sid' > applets/../include/libbb.h:1008: error: expected '=', ',', ';', 'asm' or > '__attribute__' before 'set_security_context_component' > applets/../include/libbb.h:1010: error: expected ')' before 'scontext' > make[1]: *** [applets/applet_tables] Error 1 > make: *** [applets] Error 2 It obviously looks like libselinux is not installed in your environment. Could you (cross) compile it and install first? > > then > > I booted beagle. And faced above problem. I did not try any extra > code > > other then base_policy, Because initially I wanted to see the kernel > > booting with SELinux support and working SELinux utilities > provided by > > busybox. > > > > What is your policy type? The standard reference policy?, or > others? > > > > > > I think my policy is standard reference policy. > > Hmm... It seems to me reason of the matter is still unclear. > > Could you check the following items at least? > - The security policy was correctly loaded? > If OK, the kernel exports log messages as Stephen noted. > > > > yes, I will surely check for this, and let you know the results. > > > - What kind of matter you faced when you build busybox and libselinux? > If you modified the code, what kind of changes were applied? > > - Is the filesystem correctly labeled? > If files don't have valid security context, SELinux considers all the > files have "unlabeled_t" context, but it is not expected for reference > policy. > > Right now, I doubt your /sbin/init could not load the security policy > correctly. SELinux performs permissive mode, if it failed to load the > policy. So, you can see the login prompt without any fails, because it > means bootstrap sequence was correctly done. > > Also note that /sbin/init applet of busybox also support to load the > policy at first. If you applied different binary, it needs to be > replaced. > > > I have replaced the binary. > > Thanks guys for your support, let me come up with results. > > > Thanks, > > > Thanks, > > > > > On Wed, Mar 17, 2010 at 11:38 AM, Manvendra Pratap Singh > > > <manav.emb@xxxxxxxxx <mailto:manav.emb@xxxxxxxxx> > <mailto:manav.emb@xxxxxxxxx <mailto:manav.emb@xxxxxxxxx>> > > <mailto:manav.emb@xxxxxxxxx <mailto:manav.emb@xxxxxxxxx> > <mailto:manav.emb@xxxxxxxxx <mailto:manav.emb@xxxxxxxxx>>>> wrote: > > > > > > Thanks for reply KaiGai Kohei, I will follow your suggestion > > and let > > > you know about it. > > > > > > --- > > > Manav > > > Hyderabad > > > > > > 2010/3/17 KaiGai Kohei <kaigai@xxxxxxxxxxxxx > <mailto:kaigai@xxxxxxxxxxxxx> > > <mailto:kaigai@xxxxxxxxxxxxx <mailto:kaigai@xxxxxxxxxxxxx>> > > > <mailto:kaigai@xxxxxxxxxxxxx <mailto:kaigai@xxxxxxxxxxxxx> > <mailto:kaigai@xxxxxxxxxxxxx <mailto:kaigai@xxxxxxxxxxxxx>>>> > > > > > > (2010/03/17 13:22), Manvendra Pratap Singh wrote: > > > > Can anyone suggest me good guide for SELinux on omap3 > > > (beagleboard). I > > > > tried it myself but I am not able to login after booting. On > > > loging in > > > > root I get a msg "Cann't get SID for root". Please help me on > > > this > > > > issue. Here take a look at boot-log. > > > > > > > > > > > > [ 0.000000] Security Framework initialized > > > > [ 0.000000] SELinux: Initializing. > > > > > > > > > > > > beagleboard login: root > > > > login: can't get SID for root > > > > > > This message come from logind applet of busybox. > > > > > > It tries to fetch the default security context of the > > root session. > > > > > > Put > "/etc/selinux/<SELINUXTYPE>/contexts/default_contexts" or > > > "/etc/selinux/<SELINUXTYPE>/contexts/users/root" correctly, and > > > try it again. > > > > > > Thanks, > > > > > > > > > > > Embinux Linux 1.1 beagleboard ttyS2 > > > > > > > > beagleboard login: > > > > > > > > > > > > > > > > --- > > > > Manav > > > > Hyderabad > > > > > > > > > > > > > > > > On Thu, Mar 11, 2010 at 3:38 PM, Manvendra Pratap Singh > > > > <manav.emb@xxxxxxxxx <mailto:manav.emb@xxxxxxxxx> > <mailto:manav.emb@xxxxxxxxx <mailto:manav.emb@xxxxxxxxx>> > > <mailto:manav.emb@xxxxxxxxx <mailto:manav.emb@xxxxxxxxx> > <mailto:manav.emb@xxxxxxxxx <mailto:manav.emb@xxxxxxxxx>>> > > > <mailto:manav.emb@xxxxxxxxx <mailto:manav.emb@xxxxxxxxx> > <mailto:manav.emb@xxxxxxxxx <mailto:manav.emb@xxxxxxxxx>> > > <mailto:manav.emb@xxxxxxxxx <mailto:manav.emb@xxxxxxxxx> > <mailto:manav.emb@xxxxxxxxx <mailto:manav.emb@xxxxxxxxx>>>>> wrote: > > > > > > > > Thanks for the information. I asked about working busybox > > > and linux > > > > kernel versions because when I am enabling selinux in busybox > > > > (1.13.0), it is giving me lot of compilation errors and I > > > think some > > > > code is also missing. Although the kernel (2.6.29) which > > > I am using > > > > is working fine. If you tell anything more on this then > > > it will be a > > > > great help. > > > > > > > > > > > > -- > > > > Manav > > > > Hyderabad > > > > > > > > > > > > > > > > On Wed, Mar 10, 2010 at 11:19 PM, Stephen Smalley > > > <sds@xxxxxxxxxxxxx <mailto:sds@xxxxxxxxxxxxx> > <mailto:sds@xxxxxxxxxxxxx <mailto:sds@xxxxxxxxxxxxx>> > > <mailto:sds@xxxxxxxxxxxxx <mailto:sds@xxxxxxxxxxxxx> > <mailto:sds@xxxxxxxxxxxxx <mailto:sds@xxxxxxxxxxxxx>>> > > > > <mailto:sds@xxxxxxxxxxxxx <mailto:sds@xxxxxxxxxxxxx> > <mailto:sds@xxxxxxxxxxxxx <mailto:sds@xxxxxxxxxxxxx>> > > <mailto:sds@xxxxxxxxxxxxx <mailto:sds@xxxxxxxxxxxxx> > <mailto:sds@xxxxxxxxxxxxx <mailto:sds@xxxxxxxxxxxxx>>>>> wrote: > > > > > > > > On Wed, 2010-03-10 at 22:44 +0530, Manvendra Pratap > > > Singh wrote: > > > > > Hi Stephen, > > > > > > > > > > May be I could not make myself clear to you. My question was > > > > not about > > > > > linux on omap3, it was about SELinux on omap3. Anyways thanks > > > > for your > > > > > reply. I will check the links given by you. > > > > > > > > SELinux isn't platform-specific, and is a component > > > of the Linux 2.6 > > > > kernel. > > > > > > > > -- > > > > Stephen Smalley > > > > National Security Agency > > > > > > > > > > > > > > > > > > > > > -- > > > KaiGai Kohei <kaigai@xxxxxxxxxxxxx > <mailto:kaigai@xxxxxxxxxxxxx> > > <mailto:kaigai@xxxxxxxxxxxxx <mailto:kaigai@xxxxxxxxxxxxx>> > <mailto:kaigai@xxxxxxxxxxxxx <mailto:kaigai@xxxxxxxxxxxxx> > > <mailto:kaigai@xxxxxxxxxxxxx <mailto:kaigai@xxxxxxxxxxxxx>>>> > > > > > > > > > > > > > > > > > > -- > > > Manav > > > Hyderabad > > > > > > -- > > KaiGai Kohei <kaigai@xxxxxxxxxxxxx > <mailto:kaigai@xxxxxxxxxxxxx> <mailto:kaigai@xxxxxxxxxxxxx > <mailto:kaigai@xxxxxxxxxxxxx>>> > > > > > > > > > > -- > > Manav > > Hyderabad > > > -- > KaiGai Kohei <kaigai@xxxxxxxxxxxxx <mailto:kaigai@xxxxxxxxxxxxx>> > > > > > -- > Manav > Hyderabad -- KaiGai Kohei <kaigai@xxxxxxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
