On 01/29/2016 12:25 PM, Thomas Downing wrote:
Hi, I need to get SELinux running on an appliance we are building, not based on a distro that already supports SELinux. I've got all the userspace stuff built, (including setools3) without any warnings or errors. I followed instructions for installing and loading refpolicy, no warnings or errors. (Except the python tools, which all import selinux.py, which does not seem to be included in the source tree.) I'm booting with kernel options "security=selinux selinux=1", and dmesg shows SELinux initializing, and no errors or warnings. sestatus output: SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: refpolicy Current mode: permissive Mode from config file: permissive Policy MLS status: disabled Policy deny_unknown status: denied Max kernel policy version: 30 Problem is: fixfiles does not actually label anything, and the underlying reason is that none of the mounted disk filesystems (all ext4) have option 'seclabel'. Any pointers? Also, given the absence of the seclabel option, I question if the kernel part of SELinux is in fact really happy...and if it isn't, I'm dead in the water anyway.
This implies that you haven't loaded a policy into the kernel. Normally this is done by init; both sysvinit and systemd should already include the necessary bits but you may have to enable them in your configure.
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
