Announcement

Collapse
No announcement yet.

Bootlin Working To Boost OpenWrt Security With SELinux + DM-Verity

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Bootlin Working To Boost OpenWrt Security With SELinux + DM-Verity

    Phoronix: Bootlin Working To Boost OpenWrt Security With SELinux + DM-Verity

    Embedded Linux consulting firm Bootlin has been working on improving the security of OpenWrt, the Linux distribution popular for running on routers / networking equipment and other embedded Linux networking use-cases...

    http://www.phoronix.com/scan.php?pag...-Security-2020

  • #2
    Anyone want to take a bet? We'll see systemd on mainline OpenWRT before we see SELinux.

    Comment


    • #3
      Originally posted by phoronix_anon View Post
      Anyone want to take a bet? We'll see systemd on mainline OpenWRT before we see SELinux.
      Whilst I think it would be nice as making services on OpenWRT is a pita, I don't see it happening because of the dbus dependency.

      Comment


      • #4
        systemd requires glibc. OpenWrt uses musl. SELinux is more likely.

        OpenWrt already uses procd, which is their version of systemd.

        Comment


        • #5
          Originally posted by Britoid View Post

          Whilst I think it would be nice as making services on OpenWRT is a pita, I don't see it happening because of the dbus dependency.
          Main reason making services in OpenWrt is a PITA is that there is shitty documentation to do anything more than basic stuff and you have to look at other service files to learn new undocumented ways.

          Comment


          • #6
            Originally posted by phoronix_anon View Post
            Anyone want to take a bet? We'll see systemd on mainline OpenWRT before we see SELinux.
            You'd lose, SELinux PRs and patches on mailing list have already received review and are now worked on to address the issues raised, while systemd has been deemed as too big for OpenWrt's usecase and any systemd functionality they need (hotplug, service tracking and restart on crash, jailed services) has been implemented in their own init called Procd.

            Comment

            Working...
            X