[[yocto] [meta-selinux][PATCH 0/3] refpolicy virtual package] On 16.04.04 (Mon 00:21) Philip Tricca wrote:
> We currently require each image to depend on the policy (or multiple > policies) that they want installed and the selinux-config package > enables the DEFAULT_POLICY. Since only one policy can be in effect at a > time, and we're targeting "embedded" systems it makes sense (to me at > least) that we would treat the policy much like we do the kernel and use > a virtual provider. > > Feedback would be much appreciated, > Philip > > Philip Tricca (3): > refpolicy: Setup virtual/refpolicy provider. > Integrate selinux-config into refpolicy_common. > refpolicy_common: Sanity test DEFAULT_ENFORCING value and set default. > > conf/distro/oe-selinux.conf | 1 + > .../packagegroups/packagegroup-core-selinux.bb | 4 +- > .../packagegroups/packagegroup-selinux-minimal.bb | 3 +- > recipes-security/refpolicy/refpolicy_common.inc | 43 > +++++++++++++++++++++- > recipes-security/selinux/selinux-config_0.1.bb | 41 --------------------- > 5 files changed, 44 insertions(+), 48 deletions(-) > delete mode 100644 recipes-security/selinux/selinux-config_0.1.bb I've tried this out today and it all looks good to me, I've tried breaking the sanity check on DEFAULT_ENFORCING as we discussed and it still seems to do the right thing. Since this is what we were discussing last week and it seemed to make sense at the time, I went ahead and merged your patches for you. -- -Joe MacDonald. :wq
signature.asc
Description: Digital signature
-- _______________________________________________ yocto mailing list [email protected] https://lists.yoctoproject.org/listinfo/yocto
