On 9/28/24 01:57, PS wrote:
Hi Yocto team,
I'm trying to enable SELinux in my custom image with meta-selinux
layer. I have poky & meta-openembedded also in place. The refpolicy I
have used is "refpolicy-standard" & mode as "enforcing". I have
enabled monolithic by setting POLICY_MONOLITHIC to "y" in
https://git.yoctoproject.org/meta-selinux/tree/recipes-security/refpolicy/refpolicy_common.inc#n111
<https://urldefense.com/v3/__https://git.yoctoproject.org/meta-selinux/tree/recipes-security/refpolicy/refpolicy_common.inc*n111__;Iw!!AjveYdw8EvQ!e9-FLE_IzDF9nwjbscOzjcOhx36-DN7PF5033coGG60GxIN-jQJNPwP8lUYlMs8DUy6dadU5lrWY1ALECnM5aEXZCSu9WIY$>
But compiling refpolicy-standard is failing at do_install with
following error :
Creating policy.xml
Updating policy/booleans.conf and policy/modules.conf
support/sedoctool.py
<https://urldefense.com/v3/__http://sedoctool.py__;!!AjveYdw8EvQ!e9-FLE_IzDF9nwjbscOzjcOhx36-DN7PF5033coGG60GxIN-jQJNPwP8lUYlMs8DUy6dadU5lrWY1ALECnM5aEXZ5h4hUuI$>:269:
SyntaxWarning: "is not" with a literal. Did you mean "!="?
if desc.data
<https://urldefense.com/v3/__http://desc.data__;!!AjveYdw8EvQ!e9-FLE_IzDF9nwjbscOzjcOhx36-DN7PF5033coGG60GxIN-jQJNPwP8lUYlMs8DUy6dadU5lrWY1ALECnM5aEXZAGi5ISQ$>
is not '':
Installing local.users
Failed to open
/yocto/build/tmp/work/qemuarm64-gnu-linux/refpolicy-standard/2.20190201+gitAUTOINC+df696a3254-r0/image/usr/share/selinux/standard/*.*:
No such file or directory
bzip2: Can't open input file
/yocto/build/tmp/work/qemuarm64-gnu-linux/refpolicy-standard/2.20190201+gitAUTOINC+df696a3254-r0/image/usr/share/selinux/standard/*.*:
No such file or directory.
cp: cannot stat
'/yocto/build/tmp/work/qemuarm64-gnu-linux/refpolicy-standard/2.20190201+gitAUTOINC+df696a3254-r0/image/usr/share/selinux/standard/*.*':
No such file or directory
WARNING: exit code 1 from a shell command.
ERROR: Execution of
'/yocto/build/tmp/work/qemuarm64-gnu-linux/refpolicy-standard/2.20190201+gitAUTOINC+df696a3254-r0/temp/run.do_install.2247013'
failed with exit code 1:
Compiling and installing standard /yocto/build/tmp/work/qemuarm64-gnu-li
This seems like an issue with prepare_policy_store function in
https://git.yoctoproject.org/meta-selinux/tree/recipes-security/refpolicy/refpolicy_common.inc#n161
<https://urldefense.com/v3/__https://git.yoctoproject.org/meta-selinux/tree/recipes-security/refpolicy/refpolicy_common.inc*n161__;Iw!!AjveYdw8EvQ!e9-FLE_IzDF9nwjbscOzjcOhx36-DN7PF5033coGG60GxIN-jQJNPwP8lUYlMs8DUy6dadU5lrWY1ALECnM5aEXZ4_GY0Ik$>
which is trying to access each .pp file, but these files will not be
present when using monolithic option.
Any help on the installation failure? Thanks in advance!
Thanks for reporting this issue. We haven't considered POLICY_MONOLITHIC
= "y" in meta-selinux yet, so it should not be supported. I'll look at it.
//Yi
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#63906): https://lists.yoctoproject.org/g/yocto/message/63906
Mute This Topic: https://lists.yoctoproject.org/mt/108691326/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
