From: Joe MacDonald <joe@deserted.net>
To: Philip Tricca <flihp@twobit.us>
Cc: yocto@yoctoproject.org
Subject: Re: [meta-selinux][PATCH] Add recipe to build the MCS refpolicy.
Date: Wed, 30 Oct 2013 10:20:09 -0400 [thread overview]
Message-ID: <20131030142008.GD3716@deserted.net> (raw)
In-Reply-To: <1383090262-7512-1-git-send-email-flihp@twobit.us>
[-- Attachment #1: Type: text/plain, Size: 1813 bytes --]
I like both this and your follow-up changes, I'd been thinking it was
time to do such a cleanup myself the other day. So thanks. :-)
I just had two small things. One here, one over on the common.inc file.
[[yocto] [meta-selinux][PATCH] Add recipe to build the MCS refpolicy.] On 13.10.29 (Tue 23:44) Philip Tricca wrote:
> This is the default policy type used by most (all?) distros that
> support SELinux.
>
> Signed-off-by: Philip Tricca <flihp@twobit.us>
> ---
> .../refpolicy/refpolicy-mcs_2.20130424.bb | 23 ++++++++++++++++++++
> 1 file changed, 23 insertions(+)
> create mode 100644 recipes-security/refpolicy/refpolicy-mcs_2.20130424.bb
>
> diff --git a/recipes-security/refpolicy/refpolicy-mcs_2.20130424.bb b/recipes-security/refpolicy/refpolicy-mcs_2.20130424.bb
> new file mode 100644
> index 0000000..38b78f1
> --- /dev/null
> +++ b/recipes-security/refpolicy/refpolicy-mcs_2.20130424.bb
> @@ -0,0 +1,23 @@
> +SUMMARY = "MCS (Multi Category Security) variant of the SELinux policy"
> +DESCRIPTION = "\
> +This is the reference policy for SE Linux built with MCS support. \
> +An MCS policy is the same as an MLS policy but with only one sensitivity \
> +level. This is useful on systems where a hierarchical policy (MLS) isn't \
> +needed (pretty much all systems) but the non-hierarchical categories are. \
> +"
> +
> +PR = "r0"
I don't think we need this, even for the sake of clarity.
-J.
> +
> +POLICY_NAME = "mcs"
> +POLICY_TYPE = "mcs"
> +POLICY_DISTRO = "redhat"
> +POLICY_UBAC = "n"
> +POLICY_UNK_PERMS = "allow"
> +POLICY_DIRECT_INITRC = "n"
> +POLICY_MONOLITHIC = "n"
> +POLICY_CUSTOM_BUILDOPT = ""
> +POLICY_QUIET = "y"
> +
> +POLICY_MCS_CATS = "1024"
> +
> +include refpolicy_${PV}.inc
--
-Joe MacDonald.
:wq
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 205 bytes --]
prev parent reply other threads:[~2013-10-30 14:20 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-29 23:44 [meta-selinux][PATCH] Add recipe to build the MCS refpolicy Philip Tricca
2013-10-30 14:20 ` Joe MacDonald [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131030142008.GD3716@deserted.net \
--to=joe@deserted.net \
--cc=flihp@twobit.us \
--cc=yocto@yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.