Hi Dominick ,
Thanks for your valuable time and inputs .
As a background w.r.t ROOTFS :
a) We had an custom SDK which is a basic makefile based SDK .
b) The rootfs was RAMFS based .
For selinux we switched from RAMFS to TEMPFS
c) It was not having SELINUX , so we added refpolicy & selinux-userland
Expectation was we will get working selinux context & policy.
I have the policy but the context is being the same for each file
and folder .
d) The setup is being evaluated for tempfs ( INITRAMFS-as -TEMPFS +
SELINUX ) w.r.t output of mount command :
~ # mount
rootfs on / type rootfs (rw,seclabel,size=253620k,nr_inodes=63405)
sysfs on /sys type sysfs (rw,seclabel,relatime)
selinuxfs on /sys/fs/selinux type selinuxfs (rw,nosuid,noexec,relatime)
nodev on /dev type devtmpfs
(rw,seclabel,relatime,size=253620k,nr_inodes=63405,mode=755)
none on /proc type proc (rw,relatime)
none on /dev/shm type tmpfs (rw,seclabel,relatime)
none on /dev/pts type devpts (rw,seclabel,relatime,mode=600,ptmxmode=000)
none on /sys/kernel/debug type debugfs (rw,seclabel,relatime)
none on /mnth type hugetlbfs (rw,seclabel,relatime)
cgroup on /sys/fs/cgroup type tmpfs (rw,seclabel,relatime,mode=755)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu type cgroup (rw,relatime,cpu)
cgroup on /sys/fs/cgroup/cpuacct type cgroup (rw,relatime,cpuacct)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,relatime,blkio)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,relatime,memory)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,relatime,net_cls)
cgroup on /sys/fs/cgroup/net_prio type cgroup (rw,relatime,net_prio)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,relatime,hugetlb)
cgroup on /sys/fs/cgroup/pids type cgroup (rw,relatime,pids)
cgroup on /sys/fs/cgroup/debug type cgroup (rw,relatime,debug)
cgroups on /sys/fs/cgroup/unified type cgroup2 (rw,relatime)
Thanks ,
Ashish
