Re: How to start SELinux on embedded device

rajkumar <rajkumarmadhani@xxxxxxxxx> · Thu, 14 May 2015 15:11:16 +0530

    Hi 

    Thank you Emre Can Kucukoglu,

    I am just at understanding level.

    need your support further.

    Regards

    Rajkumar

    On Thursday 14 May 2015 01:14 PM, Emre
      Can Kucukoglu wrote:

      Hi Rajkumar,

        Basically, you need 3 major steps.

          1. Enable security framework and SELinux configurations
            from linux kernel.
          like: CONFIG_SECURITY_SELINUX, DEFAULT_SECURITY_SELINUX,
            SECURITY_SELINUX_AVC_STATS,
            CONFIG_SECURITY_SELINUX_BOOTPARAM, SECURITY_SELINUX_DEVELOP,
            CONFIG_SECURITY_SELINUX_DISABLE

          2. Then download and compile SELinux: https://github.com/SELinuxProject/selinux.
            Add cross-compiled files to your rootfs.
          3. Download and configure SELinux reference policy
            project, however keep in mind, you have lots of redundant
            policy modules in reference policy, you should keep them
            out. Load policies, enable your SELinux. (see setenforce,
            /etc/selinux/config, boot args, kernel configuration).
          4. Later, you 'can' download and compile setools3 (vs3 is
            stable one i guess) to ease your policy management.

          I think SELinux notebook is a good resource to learn how
            to use SELinux, not how to port it. 
          You can look my presentation about SELinux overview,
            however keep in mind that it is not reviewed yet.
          https://docs.google.com/presentation/d/1Qtl_vaxvcAPse47d2sCWH6IAhn9XYFKkHEsOddobHpw/edit?usp=sharing

          In which step do you think you are?

        2015-05-14 9:40 GMT+03:00 rajkumar <rajkumarmadhani@xxxxxxxxx>:

          Hi I am
            Rajkumar new to SELinux.

            My Requirement is to start SELinux porting on Embedded
            device consists of ARM processor.

            Using linux kernel version is 3.0.35.

            I started reading The SELinux notebook 4th edition.

            Made some changes in .config like enabling SELinux in
            kernel.

            And what are the changes need to be done rootfs apart from
            DAC  and in kernel.

            Please provide guidelines.

                -- 

                Regards

                Rajkumar.m

                +91 8501021114

                _______________________________________________

                Selinux mailing list

                Selinux@xxxxxxxxxxxxx

                To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.

                To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.

        -- 

        Emre Can Kucukoglu

    -- 
Regards
Rajkumar.m

_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.