"audit" doesn't get included in Yocto final image

0
votes

I have included meta-selinux layer in my project source code. As audit is already present in meta-selinux/recipes-security/audit, have added this audit recipe to my yocto image by IMAGE_INSTALL_append = " audit" in machine specific conf file, but when I compile image(core-image-sato) and flash it on device, I do not see any user space audit process running. I need audit to figure out SELinux violations and other debugging purpose.

Why 'audit' is not getting installed in yocto image(core-iamge-sato)?

I know I can see SELinux violations messages in /var/log/messages but I want to have user space audit running on my device so that I can debug better

Thanks for time !!

2
yoctoauditselinux
Does your kernel support audit?Nayfe
How do I know that?Raxesh Oriya
I'm not audit user yet so I'm not sure about all of this. Which virtual/kernel provider do you use? Is it linux-yocto as it is enabled by those bbappend files. If I remember correctly, linux-audit patches are integrated from 4.18 kernel version.Nayfe
uname -r gives me 4.14.35-intel-pk-standardRaxesh Oriya

2 Answers

0
votes

Can you check meta-selinux is included in bblayers.conf. Check your build-***/conf/bblayers.conf. Then include the audit package in build-***/conf/local.conf.

IMAGE_INSTALL_append = " audit"

Then build audit package and check its built successfully. Then build the core-image-sato and flash the image.

0
votes

You need to include auditd

like: IMAGE_INSTALL_append = " audit auditd"