AnsweredAssumed Answered

How to enable SMACK and SELinux in imx8mqevk agl-image-minimal

Question asked by Manikandan R on Aug 21, 2019
Latest reply on Aug 29, 2019 by gusarambula

I flashed the agl-image-minimal to imx8mqevk board.

I checked whether security credentials are enabled or not using grep smackfs /proc/filesystems command but output is empty. I confirmed SMACK is not enabled in kernel.

 

So, I tried to follow the below steps for smack configuration

Create the directories /smack and /etc/smack. Add this line to the /etc/fstab file:

  • smackfs /smack smackfs defaults 0 0

 

But it not worked.

 

==================================

journelctl log messages for imx8mqevk :

===================================

Aug 02 15:19:14 imx8mqevk systemd[1]: systemd 234 running in system mode. (+PAM -AUDIT -SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP -LIBCRYPTSETUP -GCRYPT -GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID -ELFUTILS +KMOD -IDN2 -IDN default-hierarchy=hybrid)

 

Aug 02 15:19:14 imx8mqevk systemd-remount-fs[1757]: /bin/mount for /sys/fs/smackfs exited with exit status 32.
Aug 02 15:19:14 imx8mqevk systemd-remount-fs[1757]: /bin/mount for /sys/kernel/security exited with exit status 32.
Aug 02 15:19:14 imx8mqevk systemd-remount-fs[1757]: mount: /sys/fs/smackfs: mount point does not exist.

 

Aug 02 15:19:15 imx8mqevk systemd-tmpfiles[1780]: Setting extended attribute security.SMACK64=* on /proc/sys/net/ipv4/conf/all/forwarding failed: Operation not supported
Aug 02 15:19:15 imx8mqevk systemd-tmpfiles[1780]: Setting extended attribute security.SMACK64=* on /proc/sys/net/ipv6/conf/all/forwarding failed: Operation not supported
Aug 02 15:19:15 imx8mqevk systemd-tmpfiles[1780]: Setting extended attribute security.SMACK64=* on /proc/sys/net/ipv4/conf/default/forwarding failed: Operation not supported
Aug 02 15:19:15 imx8mqevk systemd-tmpfiles[1780]: Setting extended attribute security.SMACK64=* on /proc/sys/net/ipv6/conf/default/forwarding failed: Operation not supported

 

Aug 02 15:19:30 imx8mqevk kernel[2969]: [    7.743846] systemd[1]: systemd 234 running in system mode. (+PAM -AUDIT -SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP -LIBCRYPTSETUP -GCRYPT -GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID -ELFUTILS +KMOD -IDN2 -IDN default-hierarchy=hybrid)

 

Could you provide the detailed steps, what are the places to be modified to be enable the SMACK and SELinux?

Outcomes