how to add libselinux into the openwrt build system?

Question

I am building an openwrt system with selinux support. First I meet the bug that cannot find , during busybox compiling. And then I know that there is a libselinux library needed to build busybox with selinux support. As I am not very familiar with the openwrt Makefile, I want to know how to add a library in to it? Is there any guide? Further more, I have really find that the code in selinux github( https://github.com/SELinuxProject/selinux) is much different with the code I have find in my local linux source in openwrt ("/linux/security/selinux/*"). Why? I know that selinux is already supported in linux2.6. But it seems that I still have to port selinux to linux my self?

This problem has blocked me long time. Any soft of help will be greatly appreciated, thanks!

Answer 1

I only know SELinux on Debian, but since you mix different things, I will answer the "Why?" part:

• The Linux-Kernel offers an interface via Linux Security Modules (LSM) for SELinux and other security modules (that is what you see in your "local linux source").
• To manage SELinux and its policies there are some userland tools (that is your github link).
• SELinux policies itself are compiled .pp files which consist of .te/if/fc files and there are ready-to-use rules called SELinux Reference Policy Project.
• There are some more tools needed to work with SELinux like fixfiles and restorecon to set the needed labels.

To check if SELinux is already enabled try the command id -Z but if you see an error message, the LSM SELinux is not active. I guess it could be possible to activate it with openwrt, because its part of busybox/config/selinux, so you could try the command sestatus to see if it is enabled.

On Debian one can do touch /.autorelabel and reboot to force relabeling the system.