> -----Original Message----- > From: Joe MacDonald [mailto:[email protected]] > Sent: Tuesday, May 16, 2017 19:55 > To: Huang, Jie (Jackie) > Cc: [email protected] > Subject: Re: [yocto] [meta-selinux][PATCH] systemd: no need to inherit enable- > selinux > > [RE: [yocto] [meta-selinux][PATCH] systemd: no need to inherit enable-selinux] > On 17.05.08 (Mon 01:40) Huang, Jie (Jackie) wrote: > > > > > > > > -----Original Message----- > > > From: Joe MacDonald [mailto:[email protected]] > > > Sent: Tuesday, May 02, 2017 21:14 > > > To: Huang, Jie (Jackie) > > > Cc: [email protected] > > > Subject: Re: [yocto] [meta-selinux][PATCH] systemd: no need to inherit > enable- > > > selinux > > > > > > [[yocto] [meta-selinux][PATCH] systemd: no need to inherit enable-selinux] > On > > > 17.02.22 (Wed 14:44) [email protected] wrote: > > > > > > > From: Jackie Huang <[email protected]> > > > > > > > > The selinux PACKAGECONFIG is properly handled in > > > > the recipe in oe-core, no need to inherit the > > > > enable-selinux bbclass. > > > > > > That might be true, but other than belt-and-suspenders, what's the > > > harm in this being in the recipe? I don't necessarily think it's an > > > invalid change but my quick count shows ~44 instances of 'inherit > > > enable-selinux' and 'inherit with-selinux' in meta-selinux, why's this > > > one significant? > > > > That's because I have a patch to change the PACKAGECONFIG for selinux > > in oe-core to fix a dependency issue: > > > > -PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux" > > +PACKAGECONFIG[selinux] = "--enable-selinux,--disable- > selinux,libselinux,initscripts-sushell" > > > > But it would be overrode by the one in enable-selinux.bbclass: > > $ grep PACKAGECONFIG enable-selinux.bbclass > > PACKAGECONFIG_append = " ${@target_selinux(d)}" > > PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux," > > > > So I need to remove the inherit here in meta-selinux. > > Sorry, this fell between the cracks. > > So, let me make sure I understand what you're saying. This oe-core > commit: > > commit 1881c5e0c426a193630e5eed5b629b69ff3741d5 > Author: Kai Kang <[email protected]> > Date: Wed Jul 8 14:26:01 2015 +0800 > > systemd: add PACKAGECONFIG selinux > > Add PACKAGECONFIG 'selinux' for systemd. debug-shell.service starts > different shell according whether selinux is enabled. > > (From OE-Core rev: 3d1aa27191fe4c21428eaf4ae036acb1496b7df7) > > Signed-off-by: Kai Kang <[email protected]> > Signed-off-by: Richard Purdie <[email protected]> > > conflicts with the --enable/--disable settings in meta-selinux and you > want to remove the setting in meta-selinux? Again, I don't specifically > object to this, but I'd like to understand the why of it. Is there a > valid scenario to include meta-selinux in your project but have selinux > disabled? If so, I would think the settings in meta-selinux should
The conflicts is not the --enable/--disable settings, it's the dependency: oe-core: PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux,initscripts-sushell" meta-selinux: PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux," There is an extra runtime dependency on initscripts-sushell (which is reauired by debug-shell.service), so if inheriting the enable-selinux in meta-selinux, the selinux will still be enabled, but the dependency on initscripts-sushell will be lost. > still take precedence. Otherwise, I'm confused why the other 40-ish Others don't have the extra dependency, the setting in oe-core and meta-selinux are the same(at least for now), so others aren't covered. Thanks, Jackie > cases aren't also covered. I haven't investigated, but are all the > others in non-oe-core layers, maybe? > > Thanks, > -J. > > > > > Thanks, > > Jackie > > > > > > > > -J. > > > > > > > > > > > Signed-off-by: Jackie Huang <[email protected]> > > > > --- > > > > recipes-core/systemd/systemd_%.bbappend | 1 - > > > > 1 file changed, 1 deletion(-) > > > > > > > > diff --git a/recipes-core/systemd/systemd_%.bbappend b/recipes- > > > core/systemd/systemd_%.bbappend > > > > index 8d9029b..f1bdaf8 100644 > > > > --- a/recipes-core/systemd/systemd_%.bbappend > > > > +++ b/recipes-core/systemd/systemd_%.bbappend > > > > @@ -1,2 +1 @@ > > > > inherit enable-audit > > > > -inherit enable-selinux > > > > -- > > > > 2.8.3 > > > > > > > -- > > > -Joe MacDonald. > > > :wq > > -- > -Joe MacDonald. > :wq -- _______________________________________________ yocto mailing list [email protected] https://lists.yoctoproject.org/listinfo/yocto
