Not to be fixed
Created: May 17, 2016
Updated: Mar 6, 2019
Resolved Date: Feb 19, 2019
Found In Version: 8.0
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace
root@qemu0:~# seedit-init
root@qemu0:~# reboot
root@qemu0:~# pgrep 'vsftpd'
291
root@qemu0:~# seedit-unconfined -e | grep vsftpd
291 vsftpd Unconfined(initrc_t)
root@qemu0:~# seedit-template -d ftpd_t -e /usr/sbin/vsftpd -o /etc/seedit/policy/
Following is outputted in file: /etc/seedit/policy//ftpd_t.sp
{
domain ftpd_t;
program /usr/sbin/vsftpd;
include common-relaxed.sp;
include daemon.sp;
include nameservice.sp;
}
root@qemu0:~# seedit-load
Audit chdir:
True
WARNING - 32/64 bit syscall mismatch, you should specify an arch
SELinux: Permission audit_read in class capability2 not defined in policy.
SELinux: Permission attach_queue in class tun_socket not defined in policy.
SELinux: Class binder not defined in policy.
SELinux: the above unknown classes and permissions will be denied
seedit-load: Success
root@qemu0:~# /etc/init.d/vsftpd restart
* restarting FTP Server: vsftpd...
* stopping FTP Server: vsftpd... stopped /usr/sbin/vsftpd (pid 291)
done.
* starting FTP Server: vsftpd... done.
done.
root@qemu0:~# seedit-unconfined -e | grep vsftpd
497 vsftpd Unconfined(initrc_t)
shoulde be Confiened by ftpd_t
1)configure --enable-board=qemux86-64 --enable-kernel=secure --enable-rootfs=secure-core --with-init=sysvinit
2)make vsftpd.addpkg
3)make fs
4)make start-target TARGET_VIRT_BOOT_TYPE=disk TARGET_VIRT_DISK=$(/bin/ls -1 `pwd`/export/*.ext4) TARGET_QEMU_KERNEL_OPTS='selinux=1 enforcing=0'
5) see description for detail
