于 14-9-20 上午5:17, Joe MacDonald 写道:
[Re: [meta-selinux] refpolicy update in master-next] On 14.09.18 (Thu 15:06)
Mark Hatle wrote:
On 9/18/14, 2:57 PM, Joe MacDonald wrote:
Hey all,
As we'd all discussed at different times in the past, we're well behind
the curve on a refpolicy update for meta-selinux. With the 1.7 release
of Yocto coming up, we thought it was important to update the policy
sooner rather than later, so I'm starting that work now.
It's being done in master-next and currently the only recipe that has
been updated is the -mls one. Over the next few days I'll be updating
the others, then working through testing and trying to make sure they're
all sane. It would help me out immensely if you had time to kick the
tires as well on your favourite policy variant.
Depending on how long this takes, the next step is updating the
userspace. Fortunately this time around, though, the current userspace
is still officially up to the task of managing the current policy, so a
full update isn't strictly required. It'd be a really nice thing to
have done, though. :-)
I spoke with Joe about this work this morning, and I think
master-next is the right place to do this. So if you have immediate
bug fixes, we'll try to apply them to both master and master-next.
And then continue to use master-next to stage the policy changes (or
anything else that requires a bit more 'soak' time) before merging.
I'd like to try to get 'master' of meta-selinux fully synced and
working with the 'master' of Poky around the time of Poky's release
(within a week or so of the release at least).. then we can branch
and let the master continue to flow with any "new" work. (It's a
plan, I'm not sure if it'll happen or not.)
If anyone has any concerns let me know.. otherwise I think this is the plan!
The plan proceeds! :-)
Anyway, so I've now updated all of the policies in refpolicy/ and I'm
starting in on the testing.
Pascal: Can you pay particular attention to refpolicy-minimum? The
straight forward-port of it failed to install the unconfined module
(obviously kind of important to r-min) due to some failure inside
prepare_policy_store(). I started debugging it, then saw that there was
a copy in the refpolicy-minimum recipe as well as one in
refpolicy_common.inc. Both of them need to be cleaned up, but they both
appeared to be doing the same thing in slightly different ways. Given
that, I turfed the one from refpolicy-minimum and it looks like the
unconfined.pp is installed properly using the version from
refpolicy_common. It wasn't clear looking at either the function or the
commit log why a duplicate version of the function was placed in
refpolicy-minimum, so please have a look to see why it was there and if
it's still needed.
Hi Joe,
The original prepare_policy_store() has a naming bug for
compressed_policy, and I have fixed it.
A "clear compressed_policy distro feature" commit is also pushed, as I
have mentioned to you.
Thanks. :)
- Pascal
Thanks.
--
- Pascal
--
_______________________________________________
yocto mailing list
[email protected]
https://lists.yoctoproject.org/listinfo/yocto
