From: Joe MacDonald <joe@deserted.net>
To: Philip Tricca <flihp@twobit.us>
Cc: yocto@yoctoproject.org
Subject: Re: [meta-selinux][PATCH 0/3] refpolicy virtual package
Date: Mon, 4 Apr 2016 13:53:24 -0400 [thread overview]
Message-ID: <20160404175324.GA29386@deserted.net> (raw)
In-Reply-To: <1459729295-79553-1-git-send-email-flihp@twobit.us>
[-- Attachment #1: Type: text/plain, Size: 1581 bytes --]
[[yocto] [meta-selinux][PATCH 0/3] refpolicy virtual package] On 16.04.04 (Mon 00:21) Philip Tricca wrote:
> We currently require each image to depend on the policy (or multiple
> policies) that they want installed and the selinux-config package
> enables the DEFAULT_POLICY. Since only one policy can be in effect at a
> time, and we're targeting "embedded" systems it makes sense (to me at
> least) that we would treat the policy much like we do the kernel and use
> a virtual provider.
>
> Feedback would be much appreciated,
> Philip
>
> Philip Tricca (3):
> refpolicy: Setup virtual/refpolicy provider.
> Integrate selinux-config into refpolicy_common.
> refpolicy_common: Sanity test DEFAULT_ENFORCING value and set default.
>
> conf/distro/oe-selinux.conf | 1 +
> .../packagegroups/packagegroup-core-selinux.bb | 4 +-
> .../packagegroups/packagegroup-selinux-minimal.bb | 3 +-
> recipes-security/refpolicy/refpolicy_common.inc | 43 +++++++++++++++++++++-
> recipes-security/selinux/selinux-config_0.1.bb | 41 ---------------------
> 5 files changed, 44 insertions(+), 48 deletions(-)
> delete mode 100644 recipes-security/selinux/selinux-config_0.1.bb
I've tried this out today and it all looks good to me, I've tried
breaking the sanity check on DEFAULT_ENFORCING as we discussed and it
still seems to do the right thing. Since this is what we were
discussing last week and it seemed to make sense at the time, I went
ahead and merged your patches for you.
--
-Joe MacDonald.
:wq
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 188 bytes --]
prev parent reply other threads:[~2016-04-04 17:53 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-04 0:21 [meta-selinux][PATCH 0/3] refpolicy virtual package Philip Tricca
2016-04-04 0:21 ` [meta-selinux][PATCH 1/3] refpolicy: Setup virtual/refpolicy provider Philip Tricca
2016-04-04 0:21 ` [meta-selinux][PATCH 2/3] Integrate selinux-config into refpolicy_common Philip Tricca
2016-04-08 8:27 ` wenzong fan
2016-04-11 12:54 ` Joe MacDonald
2016-04-12 3:55 ` Philip Tricca
2016-04-12 5:54 ` wenzong fan
2016-04-12 14:05 ` Joe MacDonald
2016-04-13 7:23 ` wenzong fan
2016-04-17 5:10 ` Philip Tricca
2016-04-04 0:21 ` [meta-selinux][PATCH 3/3] refpolicy_common: Sanity test DEFAULT_ENFORCING value and set default Philip Tricca
2016-04-04 17:53 ` Joe MacDonald [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160404175324.GA29386@deserted.net \
--to=joe@deserted.net \
--cc=flihp@twobit.us \
--cc=yocto@yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.