I like both this and your follow-up changes, I'd been thinking it was time to do such a cleanup myself the other day. So thanks. :-)
I just had two small things. One here, one over on the common.inc file. [[yocto] [meta-selinux][PATCH] Add recipe to build the MCS refpolicy.] On 13.10.29 (Tue 23:44) Philip Tricca wrote: > This is the default policy type used by most (all?) distros that > support SELinux. > > Signed-off-by: Philip Tricca <[email protected]> > --- > .../refpolicy/refpolicy-mcs_2.20130424.bb | 23 > ++++++++++++++++++++ > 1 file changed, 23 insertions(+) > create mode 100644 recipes-security/refpolicy/refpolicy-mcs_2.20130424.bb > > diff --git a/recipes-security/refpolicy/refpolicy-mcs_2.20130424.bb > b/recipes-security/refpolicy/refpolicy-mcs_2.20130424.bb > new file mode 100644 > index 0000000..38b78f1 > --- /dev/null > +++ b/recipes-security/refpolicy/refpolicy-mcs_2.20130424.bb > @@ -0,0 +1,23 @@ > +SUMMARY = "MCS (Multi Category Security) variant of the SELinux policy" > +DESCRIPTION = "\ > +This is the reference policy for SE Linux built with MCS support. \ > +An MCS policy is the same as an MLS policy but with only one sensitivity \ > +level. This is useful on systems where a hierarchical policy (MLS) isn't \ > +needed (pretty much all systems) but the non-hierarchical categories are. \ > +" > + > +PR = "r0" I don't think we need this, even for the sake of clarity. -J. > + > +POLICY_NAME = "mcs" > +POLICY_TYPE = "mcs" > +POLICY_DISTRO = "redhat" > +POLICY_UBAC = "n" > +POLICY_UNK_PERMS = "allow" > +POLICY_DIRECT_INITRC = "n" > +POLICY_MONOLITHIC = "n" > +POLICY_CUSTOM_BUILDOPT = "" > +POLICY_QUIET = "y" > + > +POLICY_MCS_CATS = "1024" > + > +include refpolicy_${PV}.inc -- -Joe MacDonald. :wq
signature.asc
Description: Digital signature
_______________________________________________ yocto mailing list [email protected] https://lists.yoctoproject.org/listinfo/yocto
