From patchwork Tue Dec 16 03:54:21 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matt Weber X-Patchwork-Id: 421788 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from whitealder.osuosl.org (whitealder.osuosl.org [140.211.166.138]) by ozlabs.org (Postfix) with ESMTP id E20B71400E2 for ; Tue, 16 Dec 2014 14:57:38 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 30BE38ADD4; Tue, 16 Dec 2014 03:57:38 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CTopo0d+VyQ9; Tue, 16 Dec 2014 03:57:35 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id 096398AF88; Tue, 16 Dec 2014 03:55:37 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (whitealder.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 238D71C2238 for ; Tue, 16 Dec 2014 03:54:56 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 167A58AA09 for ; Tue, 16 Dec 2014 03:54:56 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8mtC2Z25zdRd for ; Tue, 16 Dec 2014 03:54:50 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from secvs02.rockwellcollins.com (secvs02.rockwellcollins.com [205.175.225.241]) by whitealder.osuosl.org (Postfix) with ESMTPS id 265008A932 for ; Tue, 16 Dec 2014 03:54:44 +0000 (UTC) Received: from nosuchhost.198.131.in-addr.arpa (HELO crulimr02.rockwellcollins.com) ([131.198.26.125]) by secvs02.rockwellcollins.com with ESMTP; 15 Dec 2014 21:54:43 -0600 X-Received: from smtplb.rockwellcollins.com (smtplb.rockwellcollins.com [131.198.63.134]) by crulimr02.rockwellcollins.com (Postfix) with ESMTP id 3AE7B608CD; Mon, 15 Dec 2014 21:54:43 -0600 (CST) X-Received: from largo.rockwellcollins.com (unknown [192.168.140.76]) by smtplb.rockwellcollins.com (Postfix) with ESMTP id 33415801EC; Mon, 15 Dec 2014 21:54:43 -0600 (CST) From: Matt Weber To: buildroot@busybox.net Date: Mon, 15 Dec 2014 21:54:21 -0600 Message-Id: <1418702062-61039-30-git-send-email-matthew.weber@rockwellcollins.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1418702062-61039-1-git-send-email-matthew.weber@rockwellcollins.com> References: <1418702062-61039-1-git-send-email-matthew.weber@rockwellcollins.com> Subject: [Buildroot] [PATCH 29/30] qemu x86 readme: documented selinux target X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Signed-off-by: Matt Weber --- board/qemu/x86/readme.txt | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/board/qemu/x86/readme.txt b/board/qemu/x86/readme.txt index c702557..faa4804 100644 --- a/board/qemu/x86/readme.txt +++ b/board/qemu/x86/readme.txt @@ -5,3 +5,21 @@ Run the emulation with: The login prompt will appear in the graphical window. Tested with QEMU 2.1.2 + +------------------------------------------------------------------- + +Run the SElinux target emulation with: + + qemu-system-i386 -M pc -kernel output/images/bzImage -drive file=output/images/rootfs.ext2,if=ide -append "root=/dev/sda rw console=ttyS0 selinux=1" -net nic,model=rtl8139 -net user -display vnc=localhost:1 -serial stdio + +The emulation should reboot once the first time for relabeling and then +provide a login prompt. The login is username root and password root +because PAM requires a password in this secure configuration. +To enable SELinux enforcing at boot, login and edit the /etc/selinux/config +and set SELINUX to enforcing. Save and make sure to "sync" before restarting +the emulation as the ext2 fs would otherwise corrupt when the emulation +exits. After enforcing is default, the selinux= provided as part of the +qemu "append" above can be used to turn enforcing on/off. Currently +the enforcing policy configuration doesn't allow getty login, only ssh login. +This configuration would be tailored as part of a targets refpolicy +customization.