OK, I see. Let's just drop this patch so that libselinux is still a dependency and the layer check is still there. I'll send out V2 of the README change to match the current situation.
Regards, Qi -----Original Message----- From: Bruce Ashfield <[email protected]> Sent: Friday, February 17, 2023 10:11 PM To: Chen, Qi <[email protected]> Cc: [email protected] Subject: Re: [meta-virtualization][PATCH 2/5] cri-o: use PACKAGECONFIG to handle selinux On Fri, Feb 17, 2023 at 8:56 AM Chen, Qi <[email protected]> wrote: > > I disable it by default to align with oe-core/meta-openembedded practice, > although some of the recipes there are using DISTRO_FEATURES to determine the > default value. > Also, selinux is set to 'false' by default in crio.conf, both in the old > crio.conf and the new one. > There's no such policy in meta-virt. My point is that libselinux was previously a DEPENDS. Which means that it would always be available to be discovered/probed by the cri-o build. Which means that it is (at least theoretically) enabled by default when cri-o is used. By making this a packageconfig, and then not enabling it by default, means that we are changing the default behaviour. Which we won't do unless something is broken. > Do you think the default value should be set according to DISTRO_FEATURES? Or > we should just make selinux enabled by default? > Doing it by distro feature check is acceptable, and in theory, we should take it a step further and do a sed operation to change the crio.conf at the same time. Bruce > Regards, > Qi > > -----Original Message----- > From: Bruce Ashfield <[email protected]> > Sent: Friday, February 17, 2023 9:48 PM > To: Chen, Qi <[email protected]> > Cc: [email protected] > Subject: Re: [meta-virtualization][PATCH 2/5] cri-o: use PACKAGECONFIG > to handle selinux > > This still needs to be enabled by default in the packageconfig, unless you > can show that the existing builds were not detecting libselinux and using it. > > Bruce > > On Fri, Feb 17, 2023 at 12:32 AM Chen Qi <[email protected]> wrote: > > > > For cri-o, libselinux is optional, this can be seen from its Makefile. > > So let's make selinux optional by using PACKAGECONFIG. > > In this way, meta-selinux dependency could be removed. > > > > Signed-off-by: Chen Qi <[email protected]> > > --- > > recipes-containers/cri-o/cri-o_git.bb | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/recipes-containers/cri-o/cri-o_git.bb > > b/recipes-containers/cri-o/cri-o_git.bb > > index 66d1116..7af698f 100644 > > --- a/recipes-containers/cri-o/cri-o_git.bb > > +++ b/recipes-containers/cri-o/cri-o_git.bb > > @@ -39,14 +39,14 @@ DEPENDS = " \ > > ostree \ > > libdevmapper \ > > libseccomp \ > > - libselinux \ > > " > > RDEPENDS:${PN} = " \ > > cni \ > > libdevmapper \ > > " > > > > -SKIP_RECIPE[cri-o] ?= "${@bb.utils.contains('BBFILE_COLLECTIONS', > > 'selinux', '', 'Depends on libselinux from meta-selinux which is not > > included', d)}" > > +PACKAGECONFIG ?= "" > > +PACKAGECONFIG[selinux] = ",,libselinux" > > > > PACKAGES =+ "${PN}-config" > > > > -- > > 2.37.1 > > > > > > > > > > > -- > - Thou shalt not follow the NULL pointer, for chaos and madness await > thee at its end > - "Use the force Harry" - Gandalf, Star Trek II -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#7872): https://lists.yoctoproject.org/g/meta-virtualization/message/7872 Mute This Topic: https://lists.yoctoproject.org/mt/97023221/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
