Ashish Mishra <ashishm@xxxxxxxxxx> writes: > Hi Dominick , > Thanks for your valuable time and inputs . > > As a background w.r.t ROOTFS : > a) We had an custom SDK which is a basic makefile based SDK . > > b) The rootfs was RAMFS based . > For selinux we switched from RAMFS to TEMPFS > > c) It was not having SELINUX , so we added refpolicy & selinux-userland > Expectation was we will get working selinux context & policy. > I have the policy but the context is being the same for each file > and folder . You also have to address labeling. If your filesystem is ram-based (volatile) then I suspect you will have to address labeling at runtime (ie run setfiles/restorecon to label the filesystem). The point is that your filesystem is currently not labeled according to the reference policy. > > d) The setup is being evaluated for tempfs ( INITRAMFS-as -TEMPFS + > SELINUX ) w.r.t output of mount command : > ~ # mount > rootfs on / type rootfs (rw,seclabel,size=253620k,nr_inodes=63405) > sysfs on /sys type sysfs (rw,seclabel,relatime) > selinuxfs on /sys/fs/selinux type selinuxfs (rw,nosuid,noexec,relatime) > nodev on /dev type devtmpfs > (rw,seclabel,relatime,size=253620k,nr_inodes=63405,mode=755) > none on /proc type proc (rw,relatime) > none on /dev/shm type tmpfs (rw,seclabel,relatime) > none on /dev/pts type devpts (rw,seclabel,relatime,mode=600,ptmxmode=000) > none on /sys/kernel/debug type debugfs (rw,seclabel,relatime) > none on /mnth type hugetlbfs (rw,seclabel,relatime) > cgroup on /sys/fs/cgroup type tmpfs (rw,seclabel,relatime,mode=755) > cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,relatime,cpuset) > cgroup on /sys/fs/cgroup/cpu type cgroup (rw,relatime,cpu) > cgroup on /sys/fs/cgroup/cpuacct type cgroup (rw,relatime,cpuacct) > cgroup on /sys/fs/cgroup/blkio type cgroup (rw,relatime,blkio) > cgroup on /sys/fs/cgroup/memory type cgroup (rw,relatime,memory) > cgroup on /sys/fs/cgroup/devices type cgroup (rw,relatime,devices) > cgroup on /sys/fs/cgroup/freezer type cgroup (rw,relatime,freezer) > cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,relatime,net_cls) > cgroup on /sys/fs/cgroup/net_prio type cgroup (rw,relatime,net_prio) > cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,relatime,hugetlb) > cgroup on /sys/fs/cgroup/pids type cgroup (rw,relatime,pids) > cgroup on /sys/fs/cgroup/debug type cgroup (rw,relatime,debug) > cgroups on /sys/fs/cgroup/unified type cgroup2 (rw,relatime) > > > Thanks , > Ashish -- gpg --locate-keys dominick.grift@xxxxxxxxxxx Key fingerprint = FCD2 3660 5D6B 9D27 7FC6 E0FF DA7E 521F 10F6 4098 https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098 Dominick Grift
