[meta-selinux][PATCH] Add recipe to build the MCS refpolicy.

[meta-selinux][PATCH] Add recipe to build the MCS refpolicy.

[Philip Tricca]

This is the default policy type used by most (all?) distros that
support SELinux.

Signed-off-by: Philip Tricca <flihp@twobit.us>
---
 .../refpolicy/refpolicy-mcs_2.20130424.bb          |   23 ++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 recipes-security/refpolicy/refpolicy-mcs_2.20130424.bb

diff --git a/recipes-security/refpolicy/refpolicy-mcs_2.20130424.bb b/recipes-security/refpolicy/refpolicy-mcs_2.20130424.bb
new file mode 100644
index 0000000..38b78f1
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy-mcs_2.20130424.bb
@@ -0,0 +1,23 @@
+SUMMARY = "MCS (Multi Category Security) variant of the SELinux policy"
+DESCRIPTION = "\
+This is the reference policy for SE Linux built with MCS support. \
+An MCS policy is the same as an MLS policy but with only one sensitivity \
+level. This is useful on systems where a hierarchical policy (MLS) isn't \
+needed (pretty much all systems) but the non-hierarchical categories are. \
+"
+
+PR = "r0"
+
+POLICY_NAME = "mcs"
+POLICY_TYPE = "mcs"
+POLICY_DISTRO = "redhat"
+POLICY_UBAC = "n"
+POLICY_UNK_PERMS = "allow"
+POLICY_DIRECT_INITRC = "n"
+POLICY_MONOLITHIC = "n"
+POLICY_CUSTOM_BUILDOPT = ""
+POLICY_QUIET = "y"
+
+POLICY_MCS_CATS = "1024"
+
+include refpolicy_${PV}.inc
-- 
1.7.10.4

Re: [meta-selinux][PATCH] Add recipe to build the MCS refpolicy.

[Joe MacDonald]

[-- Attachment #1: Type: text/plain, Size: 1813 bytes --]

I like both this and your follow-up changes, I'd been thinking it was
time to do such a cleanup myself the other day.  So thanks.  :-)

I just had two small things.  One here, one over on the common.inc file.

[[yocto] [meta-selinux][PATCH] Add recipe to build the MCS refpolicy.] On 13.10.29 (Tue 23:44) Philip Tricca wrote:

> This is the default policy type used by most (all?) distros that
> support SELinux.
> 
> Signed-off-by: Philip Tricca <flihp@twobit.us>
> ---
>  .../refpolicy/refpolicy-mcs_2.20130424.bb          |   23 ++++++++++++++++++++
>  1 file changed, 23 insertions(+)
>  create mode 100644 recipes-security/refpolicy/refpolicy-mcs_2.20130424.bb
> 
> diff --git a/recipes-security/refpolicy/refpolicy-mcs_2.20130424.bb b/recipes-security/refpolicy/refpolicy-mcs_2.20130424.bb
> new file mode 100644
> index 0000000..38b78f1
> --- /dev/null
> +++ b/recipes-security/refpolicy/refpolicy-mcs_2.20130424.bb
> @@ -0,0 +1,23 @@
> +SUMMARY = "MCS (Multi Category Security) variant of the SELinux policy"
> +DESCRIPTION = "\
> +This is the reference policy for SE Linux built with MCS support. \
> +An MCS policy is the same as an MLS policy but with only one sensitivity \
> +level. This is useful on systems where a hierarchical policy (MLS) isn't \
> +needed (pretty much all systems) but the non-hierarchical categories are. \
> +"
> +
> +PR = "r0"

I don't think we need this, even for the sake of clarity.

-J.

> +
> +POLICY_NAME = "mcs"
> +POLICY_TYPE = "mcs"
> +POLICY_DISTRO = "redhat"
> +POLICY_UBAC = "n"
> +POLICY_UNK_PERMS = "allow"
> +POLICY_DIRECT_INITRC = "n"
> +POLICY_MONOLITHIC = "n"
> +POLICY_CUSTOM_BUILDOPT = ""
> +POLICY_QUIET = "y"
> +
> +POLICY_MCS_CATS = "1024"
> +
> +include refpolicy_${PV}.inc
-- 
-Joe MacDonald.
:wq

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 205 bytes --]