Tech Memorandums

SELinux on the cubox-i4

Start by reading the handbook.

Grub is not used on the cubox so selinux-activate will not DTRT. Edit /etc/default/flash-kernel to add selinux=1 ... to the command line.

Reboot.

It will take a while for the box to come back up. I left it for an hour and came back to find that the box was still not up. Connected via serial console (remember to connect to minicom before powering the cubox on) to find that the boot was hung on some auditd messages. I figured that my kernel command line selinux=1 security=selinux audit=1 enforcing=1 was too ambitious for the first run.

After some googling I came up with the u-boot incantation to boot a Debian kernel by hand:

setenv bootargs root=/dev/mmcblk1p1 rootfstype=ext4 ro rootwait console=ttymxc0,115200 console=tty1
ext2load mmc 0:1 0x10800000 /boot/vmlinuz-4.9.0-3-armmp
ext2load mmc 0:1 0x18000000 /boot/dtb-4.9.0-3-armmp
ext2load mmc 0:1 0x18100000 /boot/initrd.img-4.9.0-3-armmp
bootz 0x10800000 0x18100000:${filesize} 0x18000000  

${filesize} is set by the last ext2load.