How to enable SMACK and SELinux in imx8mqevk agl-image-minimal

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

How to enable SMACK and SELinux in imx8mqevk agl-image-minimal

1,695 次查看
rmani0029
Contributor I

I flashed the agl-image-minimal to imx8mqevk board.

I checked whether security credentials are enabled or not using grep smackfs /proc/filesystems command but output is empty. I confirmed SMACK is not enabled in kernel.

So, I tried to follow the below steps for smack configuration

Create the directories /smack and /etc/smack. Add this line to the /etc/fstab file:

  • smackfs /smack smackfs defaults 0 0

But it not worked.

==================================

journelctl log messages for imx8mqevk :

===================================

Aug 02 15:19:14 imx8mqevk systemd[1]: systemd 234 running in system mode. (+PAM -AUDIT -SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP -LIBCRYPTSETUP -GCRYPT -GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID -ELFUTILS +KMOD -IDN2 -IDN default-hierarchy=hybrid)

Aug 02 15:19:14 imx8mqevk systemd-remount-fs[1757]: /bin/mount for /sys/fs/smackfs exited with exit status 32.
Aug 02 15:19:14 imx8mqevk systemd-remount-fs[1757]: /bin/mount for /sys/kernel/security exited with exit status 32.
Aug 02 15:19:14 imx8mqevk systemd-remount-fs[1757]: mount: /sys/fs/smackfs: mount point does not exist.

Aug 02 15:19:15 imx8mqevk systemd-tmpfiles[1780]: Setting extended attribute security.SMACK64=* on /proc/sys/net/ipv4/conf/all/forwarding failed: Operation not supported
Aug 02 15:19:15 imx8mqevk systemd-tmpfiles[1780]: Setting extended attribute security.SMACK64=* on /proc/sys/net/ipv6/conf/all/forwarding failed: Operation not supported
Aug 02 15:19:15 imx8mqevk systemd-tmpfiles[1780]: Setting extended attribute security.SMACK64=* on /proc/sys/net/ipv4/conf/default/forwarding failed: Operation not supported
Aug 02 15:19:15 imx8mqevk systemd-tmpfiles[1780]: Setting extended attribute security.SMACK64=* on /proc/sys/net/ipv6/conf/default/forwarding failed: Operation not supported

Aug 02 15:19:30 imx8mqevk kernel[2969]: [    7.743846] systemd[1]: systemd 234 running in system mode. (+PAM -AUDIT -SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP -LIBCRYPTSETUP -GCRYPT -GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID -ELFUTILS +KMOD -IDN2 -IDN default-hierarchy=hybrid)

Could you provide the detailed steps, what are the places to be modified to be enable the SMACK and SELinux?

标记 (2)
0 项奖励
回复
1 回复

1,468 次查看
gusarambula
NXP TechSupport
NXP TechSupport

Hello Manikandan R,

Are you working with the AGL demo for i.MX6Q? You can find the readme here:

http://git.freescale.com/git/cgit.cgi/imx/meta-nxp-agl.git/tree/README.txt?h=krogoth

The AGL demo is provided “as is”, as a proof of concept, and it was tested only on the i.MX6Q so no support is provided for this demo and it hasn’t been tested on the i.MX8.

To enable kernel extensions and other options you may use menuconfig with the following command, although we do not have documentation on enabling SMACK step by step.

$ bitbake linux-imx -c menuconfig

My apologies for the inconvenience.

Regards,

0 项奖励
回复