diff options
| -rw-r--r-- | README | 30 |
1 files changed, 30 insertions, 0 deletions
| @@ -86,6 +86,36 @@ VIRTUAL-RUNTIME_init_manager = "systemd" | |||
| 86 | DISTRO_FEATURES_BACKFILL_CONSIDERED = "" | 86 | DISTRO_FEATURES_BACKFILL_CONSIDERED = "" |
| 87 | 87 | ||
| 88 | 88 | ||
| 89 | Starting up the system | ||
| 90 | ---------------------- | ||
| 91 | Most likely the reference policy selected will not just work "out of the box". | ||
| 92 | |||
| 93 | As always, if you update the reference policy to better work with OpenEmbedded | ||
| 94 | or Poky configurations, please submit the changes back to the project. | ||
| 95 | |||
| 96 | When using 'core-image-selinux', the system will boot and automatically setup | ||
| 97 | the policy by running the "fixfiles -f -F relabel" for you. This is | ||
| 98 | implemented via the 'selinux-autorelabel' recipe. | ||
| 99 | |||
| 100 | The 'core-image-selinux-minimal' does not automatically relabel the system. | ||
| 101 | So you must boot using the parameters "selinux=1 enforcing=0", and then | ||
| 102 | manually perform the setup. Running 'fixfiles -f -F relabel' is available | ||
| 103 | in this configuration. | ||
| 104 | |||
| 105 | After logging in you can verify selinux is present using: | ||
| 106 | |||
| 107 | $ sestatus | ||
| 108 | |||
| 109 | Output should include: | ||
| 110 | SELinux status: enabled | ||
| 111 | ... | ||
| 112 | Current mode: enforcing | ||
| 113 | ... | ||
| 114 | |||
| 115 | The above indicates that selinux is currently running, and if you are running | ||
| 116 | in an enforcing mode or not. | ||
| 117 | |||
| 118 | |||
| 89 | License | 119 | License |
| 90 | ------- | 120 | ------- |
| 91 | 121 | ||