I flashed the agl-image-minimal to imx8mqevk board.
I checked whether security credentials are enabled or not using grep smackfs /proc/filesystems command but output is empty. I confirmed SMACK is not enabled in kernel.
So, I tried to follow the below steps for smack configuration
Create the directories /smack and /etc/smack. Add this line to the /etc/fstab file:
smackfs /smack smackfs defaults 0 0
But it not worked.
==================================
journelctl log messages for imx8mqevk :
===================================
Aug 02 15:19:14 imx8mqevk systemd[1]: systemd 234 running in system mode. (+PAM -AUDIT -SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP -LIBCRYPTSETUP -GCRYPT -GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID -ELFUTILS +KMOD -IDN2 -IDN default-hierarchy=hybrid)
Aug 02 15:19:14 imx8mqevk systemd-remount-fs[1757]: /bin/mount for /sys/fs/smackfs exited with exit status 32.
Aug 02 15:19:14 imx8mqevk systemd-remount-fs[1757]: /bin/mount for /sys/kernel/security exited with exit status 32.
Aug 02 15:19:14 imx8mqevk systemd-remount-fs[1757]: mount: /sys/fs/smackfs: mount point does not exist.
Aug 02 15:19:15 imx8mqevk systemd-tmpfiles[1780]: Setting extended attribute security.SMACK64=* on /proc/sys/net/ipv4/conf/all/forwarding failed: Operation not supported
Aug 02 15:19:15 imx8mqevk systemd-tmpfiles[1780]: Setting extended attribute security.SMACK64=* on /proc/sys/net/ipv6/conf/all/forwarding failed: Operation not supported
Aug 02 15:19:15 imx8mqevk systemd-tmpfiles[1780]: Setting extended attribute security.SMACK64=* on /proc/sys/net/ipv4/conf/default/forwarding failed: Operation not supported
Aug 02 15:19:15 imx8mqevk systemd-tmpfiles[1780]: Setting extended attribute security.SMACK64=* on /proc/sys/net/ipv6/conf/default/forwarding failed: Operation not supported
Aug 02 15:19:30 imx8mqevk kernel[2969]: [ 7.743846] systemd[1]: systemd 234 running in system mode. (+PAM -AUDIT -SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP -LIBCRYPTSETUP -GCRYPT -GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID -ELFUTILS +KMOD -IDN2 -IDN default-hierarchy=hybrid)
Could you provide the detailed steps, what are the places to be modified to be enable the SMACK and SELinux?
Hello Manikandan R,
Are you working with the AGL demo for i.MX6Q? You can find the readme here:
http://git.freescale.com/git/cgit.cgi/imx/meta-nxp-agl.git/tree/README.txt?h=krogoth
The AGL demo is provided “as is”, as a proof of concept, and it was tested only on the i.MX6Q so no support is provided for this demo and it hasn’t been tested on the i.MX8.
To enable kernel extensions and other options you may use menuconfig with the following command, although we do not have documentation on enabling SMACK step by step.
$ bitbake linux-imx -c menuconfig
My apologies for the inconvenience.
Regards,