On Fri, 2018-02-02 at 11:01 +0000, sajjad ahmed wrote:
Hi,
Can SELinux enable Linux boot/operate with read-only rootfs? I'm working on an IoT project and read-only rootfs is a security constraint and SELinux enabled image is unable to properly boot/operate in this environment. Is this SELinux limitation, or we can fix this with proper mount configurations.
It should be possible to make this work. Android for example operates with SELinux and a read-only rootfs, although it has a very different userspace and policy layout. What exactly is the problem you are encountering with SELinux and a read-only rootfs? You should only have a problem if you are trying to make a change to the policy or the rootfs labels at runtime (as opposed to setting them all up at image build and having them remain static at runtime).