We currently require each image to depend on the policy (or multiple policies) that they want installed and the selinux-config package enables the DEFAULT_POLICY. Since only one policy can be in effect at a time, and we're targeting "embedded" systems it makes sense (to me at least) that we would treat the policy much like we do the kernel and use a virtual provider.
Feedback would be much appreciated, Philip Philip Tricca (3): refpolicy: Setup virtual/refpolicy provider. Integrate selinux-config into refpolicy_common. refpolicy_common: Sanity test DEFAULT_ENFORCING value and set default. conf/distro/oe-selinux.conf | 1 + .../packagegroups/packagegroup-core-selinux.bb | 4 +- .../packagegroups/packagegroup-selinux-minimal.bb | 3 +- recipes-security/refpolicy/refpolicy_common.inc | 43 +++++++++++++++++++++- recipes-security/selinux/selinux-config_0.1.bb | 41 --------------------- 5 files changed, 44 insertions(+), 48 deletions(-) delete mode 100644 recipes-security/selinux/selinux-config_0.1.bb -- 2.1.4 -- _______________________________________________ yocto mailing list [email protected] https://lists.yoctoproject.org/listinfo/yocto
