How to enable SMACK and SELinux in imx8mqevk agl-image-minimal

cancel
Showing results for 
Search instead for 
Did you mean: 

How to enable SMACK and SELinux in imx8mqevk agl-image-minimal

275 Views
Contributor I

I flashed the agl-image-minimal to imx8mqevk board.

I checked whether security credentials are enabled or not using grep smackfs /proc/filesystems command but output is empty. I confirmed SMACK is not enabled in kernel.

So, I tried to follow the below steps for smack configuration

Create the directories /smack and /etc/smack. Add this line to the /etc/fstab file:

  • smackfs /smack smackfs defaults 0 0

But it not worked.

==================================

journelctl log messages for imx8mqevk :

===================================

Aug 02 15:19:14 imx8mqevk systemd[1]: systemd 234 running in system mode. (+PAM -AUDIT -SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP -LIBCRYPTSETUP -GCRYPT -GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID -ELFUTILS +KMOD -IDN2 -IDN default-hierarchy=hybrid)

Aug 02 15:19:14 imx8mqevk systemd-remount-fs[1757]: /bin/mount for /sys/fs/smackfs exited with exit status 32.
Aug 02 15:19:14 imx8mqevk systemd-remount-fs[1757]: /bin/mount for /sys/kernel/security exited with exit status 32.
Aug 02 15:19:14 imx8mqevk systemd-remount-fs[1757]: mount: /sys/fs/smackfs: mount point does not exist.

Aug 02 15:19:15 imx8mqevk systemd-tmpfiles[1780]: Setting extended attribute security.SMACK64=* on /proc/sys/net/ipv4/conf/all/forwarding failed: Operation not supported
Aug 02 15:19:15 imx8mqevk systemd-tmpfiles[1780]: Setting extended attribute security.SMACK64=* on /proc/sys/net/ipv6/conf/all/forwarding failed: Operation not supported
Aug 02 15:19:15 imx8mqevk systemd-tmpfiles[1780]: Setting extended attribute security.SMACK64=* on /proc/sys/net/ipv4/conf/default/forwarding failed: Operation not supported
Aug 02 15:19:15 imx8mqevk systemd-tmpfiles[1780]: Setting extended attribute security.SMACK64=* on /proc/sys/net/ipv6/conf/default/forwarding failed: Operation not supported

Aug 02 15:19:30 imx8mqevk kernel[2969]: [    7.743846] systemd[1]: systemd 234 running in system mode. (+PAM -AUDIT -SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP -LIBCRYPTSETUP -GCRYPT -GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID -ELFUTILS +KMOD -IDN2 -IDN default-hierarchy=hybrid)

Could you provide the detailed steps, what are the places to be modified to be enable the SMACK and SELinux?

Tags (2)
0 Kudos
1 Reply

48 Views
NXP TechSupport
NXP TechSupport

Hello Manikandan R,

Are you working with the AGL demo for i.MX6Q? You can find the readme here:

http://git.freescale.com/git/cgit.cgi/imx/meta-nxp-agl.git/tree/README.txt?h=krogoth

The AGL demo is provided “as is”, as a proof of concept, and it was tested only on the i.MX6Q so no support is provided for this demo and it hasn’t been tested on the i.MX8.

To enable kernel extensions and other options you may use menuconfig with the following command, although we do not have documentation on enabling SMACK step by step.

$ bitbake linux-imx -c menuconfig

My apologies for the inconvenience.

Regards,

0 Kudos