With the virutal package there's no need for a separate recipe to build the config. This can be generated and included as part of the policy package.
Signed-off-by: Philip Tricca <fl...@twobit.us> --- .../packagegroups/packagegroup-core-selinux.bb | 1 - .../packagegroups/packagegroup-selinux-minimal.bb | 1 - recipes-security/refpolicy/refpolicy_common.inc | 30 ++++++++++++++-- recipes-security/selinux/selinux-config_0.1.bb | 40 ---------------------- 4 files changed, 28 insertions(+), 44 deletions(-) delete mode 100644 recipes-security/selinux/selinux-config_0.1.bb diff --git a/recipes-security/packagegroups/packagegroup-core-selinux.bb b/recipes-security/packagegroups/packagegroup-core-selinux.bb index 62c5a76..c6d22b7 100644 --- a/recipes-security/packagegroups/packagegroup-core-selinux.bb +++ b/recipes-security/packagegroups/packagegroup-core-selinux.bb @@ -22,7 +22,6 @@ RDEPENDS_${PN} = " \ packagegroup-selinux-policycoreutils \ setools \ setools-console \ - selinux-config \ selinux-autorelabel \ selinux-init \ selinux-labeldev \ diff --git a/recipes-security/packagegroups/packagegroup-selinux-minimal.bb b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb index 87ae686..451ae8b 100644 --- a/recipes-security/packagegroups/packagegroup-selinux-minimal.bb +++ b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb @@ -21,7 +21,6 @@ RDEPENDS_${PN} = "\ policycoreutils-semodule \ policycoreutils-sestatus \ policycoreutils-setfiles \ - selinux-config \ selinux-labeldev \ virtual/refpolicy \ " diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc index ba887e4..305675f 100644 --- a/recipes-security/refpolicy/refpolicy_common.inc +++ b/recipes-security/refpolicy/refpolicy_common.inc @@ -1,3 +1,5 @@ +DEFAULT_ENFORCING ??= "enforcing" + SECTION = "base" LICENSE = "GPLv2" @@ -14,7 +16,8 @@ SRC_URI += "file://customizable_types \ S = "${WORKDIR}/refpolicy" -FILES_${PN} = " \ +CONFFILES_${PN} += "${sysconfdir}/selinux/config" +FILES_${PN} += " \ ${sysconfdir}/selinux/${POLICY_NAME}/ \ ${datadir}/selinux/${POLICY_NAME}/*.pp \ ${localstatedir}/lib/selinux/${POLICY_NAME}/ \ @@ -25,7 +28,6 @@ FILES_${PN}-dev =+ " \ " DEPENDS += "checkpolicy-native policycoreutils-native m4-native" -RDEPENDS_${PN} += "selinux-config" PACKAGE_ARCH = "${MACHINE_ARCH}" @@ -137,13 +139,37 @@ install_misc_files () { oe_runmake 'DESTDIR=${D}' 'prefix=${D}${prefix}' install-headers } +install_config () { + echo "\ +# This file controls the state of SELinux on the system. +# SELINUX= can take one of these three values: +# enforcing - SELinux security policy is enforced. +# permissive - SELinux prints warnings instead of enforcing. +# disabled - No SELinux policy is loaded. +SELINUX=${DEFAULT_ENFORCING} +# SELINUXTYPE= can take one of these values: +# standard - Standard Security protection. +# mls - Multi Level Security protection. +# targeted - Targeted processes are protected. +# mcs - Multi Category Security protection. +SELINUXTYPE=${POLICY_TYPE} +" > ${WORKDIR}/config + install -d ${D}/${sysconfdir}/selinux + install -m 0644 ${WORKDIR}/config ${D}/${sysconfdir}/selinux/ +} + do_install () { prepare_policy_store rebuild_policy install_misc_files + install_config } do_install_append(){ # While building policies on target, Makefile will be searched from SELINUX_DEVEL_PATH echo "SELINUX_DEVEL_PATH=${datadir}/selinux/${POLICY_NAME}/include" > ${D}${sysconfdir}/selinux/sepolgen.conf } + +sysroot_stage_all_append () { + sysroot_stage_dir ${D}${sysconfdir} ${SYSROOT_DESTDIR}${sysconfdir} +} diff --git a/recipes-security/selinux/selinux-config_0.1.bb b/recipes-security/selinux/selinux-config_0.1.bb deleted file mode 100644 index e902e98..0000000 --- a/recipes-security/selinux/selinux-config_0.1.bb +++ /dev/null @@ -1,40 +0,0 @@ -DEFAULT_ENFORCING ??= "enforcing" - -SUMMARY = "SELinux configuration" -DESCRIPTION = "\ -SELinux configuration files for Yocto. \ -" - -SECTION = "base" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" -PR = "r4" - -S = "${WORKDIR}" - -CONFFILES_${PN} += "${sysconfdir}/selinux/config" - -PACKAGE_ARCH = "${MACHINE_ARCH}" - -do_install () { - echo "\ -# This file controls the state of SELinux on the system. -# SELINUX= can take one of these three values: -# enforcing - SELinux security policy is enforced. -# permissive - SELinux prints warnings instead of enforcing. -# disabled - No SELinux policy is loaded. -SELINUX=${DEFAULT_ENFORCING} -# SELINUXTYPE= can take one of these values: -# standard - Standard Security protection. -# mls - Multi Level Security protection. -# targeted - Targeted processes are protected. -# mcs - Multi Category Security protection. -SELINUXTYPE=${@d.getVar("PREFERRED_PROVIDER_virtual/refpolicy", False)[len("refpolicy-"):]} -" > ${WORKDIR}/config - install -d ${D}/${sysconfdir}/selinux - install -m 0644 ${WORKDIR}/config ${D}/${sysconfdir}/selinux/ -} - -sysroot_stage_all_append () { - sysroot_stage_dir ${D}${sysconfdir} ${SYSROOT_DESTDIR}${sysconfdir} -} -- 2.1.4 -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto