I am very interested in Thomas Petazzoni's work to add SELinux support to OpenWrt. I spent some time today trying to reproduce his build. I found a few things needed updating, so I wanted to share my results here.
1. I pulled Thomas Petazzoni's package tree, available at https://github.com/openwrt/packages/pull/10664. 2. I updated Thomas' selinux-python, libselinux, libsemanage, checkpolicy, and policycoreutils packages to version 3.1, and I modified the packages to make use of Python 3. I pushed this work to https://github.com/flyn-org/packages/tree/selinux. I also submitted the following patches to the upstream SELinux project: - https://github.com/SELinuxProject/selinux/pull/255 - https://github.com/SELinuxProject/selinux/issues/254 3. I applied the patches Thomas Petazzoni made for the core OpenWrt tree: - http://lists.infradead.org/pipermail/openwrt-devel/2019-November/025974.html - http://lists.infradead.org/pipermail/openwrt-devel/2019-November/025975.html - http://lists.infradead.org/pipermail/openwrt-devel/2019-November/025976.html - http://lists.infradead.org/pipermail/openwrt-devel/2019-November/025977.html - http://lists.infradead.org/pipermail/openwrt-devel/2019-November/025978.html - http://lists.infradead.org/pipermail/openwrt-devel/2019-November/025979.html - http://lists.infradead.org/pipermail/openwrt-devel/2019-November/025980.html 4. I ran "./scripts/feeds install python3 pcre libselinux audi libcap- ng policycoreutils libsemanage checkpolicy refpolicy selinux-python". 5. I used "make menuconfig" to select: - x86_64 build - Base system->busybox->Settings->Support NSA Security ... - ...->busybox->Archival Utilities->Support extracting SELinux - ...->busybox->SELinux utilities (I selected all of them) - Languages->Python->{python-sepolgen,python-sepolicy} - Utilities->selinux-* 6. The build prompted me to answer a number of kernel configuration questions. This is common when changes to the kernel configuration get out of sync. 7. I am currently working through some build errors in busybox when configured to support SELinux: ... In file included from /usr/include/features.h:465, from /usr/include/bits/libc-header-start.h:33, from /usr/include/limits.h:26, from include/platform.h:153, from include/libbb.h:13, from include/busybox.h:8, from applets/applets.c:9: /usr/include/bits/stdio2.h:78:35: error: unknown type name '__gnuc_va_list'; did you mean 'va_list'? const char *__restrict __fmt, __gnuc_va_list __ap)) ^~~~~~~~~~~~~~ /usr/include/sys/cdefs.h:57:59: note: in definition of macro '__NTH' # define __NTH(fct) __attribute__ ((__nothrow__ __LEAF)) fct ^~~ In file included from /usr/include/stdlib.h:1017, from include/libbb.h:32, from include/busybox.h:8, from applets/applets.c:9: /usr/include/bits/stdlib.h: In function 'wctomb': /usr/include/bits/stdlib.h:90:3: error: #error "Assumed value of MB_LEN_MAX wrong" # error "Assumed value of MB_LEN_MAX wrong" ^~~~~ make[5]: *** [scripts/Makefile.build:198: applets/applets.o] Error 1 make[4]: *** [Makefile:372: applets_dir] Error 2 make[4]: Leaving directory '/home/mike/Scratch/openwrt/build_dir/target-x86_64_musl/busybox- 1.31.1' make[3]: *** [Makefile:134: /home/mike/Scratch/openwrt/build_dir/target-x86_64_musl/busybox- 1.31.1/.built] Error 2 make[3]: Leaving directory '/home/mike/Scratch/openwrt/package/utils/busybox' time: package/utils/busybox/compile#0.96#0.64#3.25 make[2]: *** [package/Makefile:113: package/utils/busybox/compile] Error 2 make[2]: Leaving directory '/home/mike/Scratch/openwrt' make[1]: *** [package/Makefile:107: /home/mike/Scratch/openwrt/staging_dir/target- x86_64_musl/stamp/.package_compile] Error 2 make[1]: Leaving directory '/home/mike/Scratch/openwrt' make: *** [/home/mike/Scratch/openwrt/include/toplevel.mk:235: world] Error 2 -- Mike :wq _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
