* [meta-selinux][PATCH] systemd: no need to inherit enable-selinux @ 2017-02-22 6:44 jackie.huang 2017-04-18 8:20 ` Huang, Jie (Jackie) 2017-05-02 13:13 ` Joe MacDonald 0 siblings, 2 replies; 6+ messages in thread From: jackie.huang @ 2017-02-22 6:44 UTC (permalink / raw) To: yocto From: Jackie Huang <jackie.huang@windriver.com> The selinux PACKAGECONFIG is properly handled in the recipe in oe-core, no need to inherit the enable-selinux bbclass. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> --- recipes-core/systemd/systemd_%.bbappend | 1 - 1 file changed, 1 deletion(-) diff --git a/recipes-core/systemd/systemd_%.bbappend b/recipes-core/systemd/systemd_%.bbappend index 8d9029b..f1bdaf8 100644 --- a/recipes-core/systemd/systemd_%.bbappend +++ b/recipes-core/systemd/systemd_%.bbappend @@ -1,2 +1 @@ inherit enable-audit -inherit enable-selinux -- 2.8.3 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [meta-selinux][PATCH] systemd: no need to inherit enable-selinux 2017-02-22 6:44 [meta-selinux][PATCH] systemd: no need to inherit enable-selinux jackie.huang @ 2017-04-18 8:20 ` Huang, Jie (Jackie) 2017-05-02 13:13 ` Joe MacDonald 1 sibling, 0 replies; 6+ messages in thread From: Huang, Jie (Jackie) @ 2017-04-18 8:20 UTC (permalink / raw) To: yocto@yoctoproject.org Ping. > -----Original Message----- > From: yocto-bounces@yoctoproject.org [mailto:yocto- > bounces@yoctoproject.org] On Behalf Of jackie.huang@windriver.com > Sent: Wednesday, February 22, 2017 14:45 > To: yocto@yoctoproject.org > Subject: [yocto] [meta-selinux][PATCH] systemd: no need to inherit enable- > selinux > > From: Jackie Huang <jackie.huang@windriver.com> > > The selinux PACKAGECONFIG is properly handled in > the recipe in oe-core, no need to inherit the > enable-selinux bbclass. > > Signed-off-by: Jackie Huang <jackie.huang@windriver.com> > --- > recipes-core/systemd/systemd_%.bbappend | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/recipes-core/systemd/systemd_%.bbappend b/recipes- > core/systemd/systemd_%.bbappend > index 8d9029b..f1bdaf8 100644 > --- a/recipes-core/systemd/systemd_%.bbappend > +++ b/recipes-core/systemd/systemd_%.bbappend > @@ -1,2 +1 @@ > inherit enable-audit > -inherit enable-selinux > -- > 2.8.3 > > -- > _______________________________________________ > yocto mailing list > yocto@yoctoproject.org > https://lists.yoctoproject.org/listinfo/yocto ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [meta-selinux][PATCH] systemd: no need to inherit enable-selinux 2017-02-22 6:44 [meta-selinux][PATCH] systemd: no need to inherit enable-selinux jackie.huang 2017-04-18 8:20 ` Huang, Jie (Jackie) @ 2017-05-02 13:13 ` Joe MacDonald 2017-05-08 1:40 ` Huang, Jie (Jackie) 1 sibling, 1 reply; 6+ messages in thread From: Joe MacDonald @ 2017-05-02 13:13 UTC (permalink / raw) To: jackie.huang; +Cc: yocto [-- Attachment #1: Type: text/plain, Size: 1129 bytes --] [[yocto] [meta-selinux][PATCH] systemd: no need to inherit enable-selinux] On 17.02.22 (Wed 14:44) jackie.huang@windriver.com wrote: > From: Jackie Huang <jackie.huang@windriver.com> > > The selinux PACKAGECONFIG is properly handled in > the recipe in oe-core, no need to inherit the > enable-selinux bbclass. That might be true, but other than belt-and-suspenders, what's the harm in this being in the recipe? I don't necessarily think it's an invalid change but my quick count shows ~44 instances of 'inherit enable-selinux' and 'inherit with-selinux' in meta-selinux, why's this one significant? -J. > > Signed-off-by: Jackie Huang <jackie.huang@windriver.com> > --- > recipes-core/systemd/systemd_%.bbappend | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/recipes-core/systemd/systemd_%.bbappend b/recipes-core/systemd/systemd_%.bbappend > index 8d9029b..f1bdaf8 100644 > --- a/recipes-core/systemd/systemd_%.bbappend > +++ b/recipes-core/systemd/systemd_%.bbappend > @@ -1,2 +1 @@ > inherit enable-audit > -inherit enable-selinux > -- > 2.8.3 > -- -Joe MacDonald. :wq [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 484 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [meta-selinux][PATCH] systemd: no need to inherit enable-selinux 2017-05-02 13:13 ` Joe MacDonald @ 2017-05-08 1:40 ` Huang, Jie (Jackie) 2017-05-16 11:54 ` Joe MacDonald 0 siblings, 1 reply; 6+ messages in thread From: Huang, Jie (Jackie) @ 2017-05-08 1:40 UTC (permalink / raw) To: Joe MacDonald; +Cc: yocto@yoctoproject.org > -----Original Message----- > From: Joe MacDonald [mailto:Joe_MacDonald@mentor.com] > Sent: Tuesday, May 02, 2017 21:14 > To: Huang, Jie (Jackie) > Cc: yocto@yoctoproject.org > Subject: Re: [yocto] [meta-selinux][PATCH] systemd: no need to inherit enable- > selinux > > [[yocto] [meta-selinux][PATCH] systemd: no need to inherit enable-selinux] On > 17.02.22 (Wed 14:44) jackie.huang@windriver.com wrote: > > > From: Jackie Huang <jackie.huang@windriver.com> > > > > The selinux PACKAGECONFIG is properly handled in > > the recipe in oe-core, no need to inherit the > > enable-selinux bbclass. > > That might be true, but other than belt-and-suspenders, what's the > harm in this being in the recipe? I don't necessarily think it's an > invalid change but my quick count shows ~44 instances of 'inherit > enable-selinux' and 'inherit with-selinux' in meta-selinux, why's this > one significant? That's because I have a patch to change the PACKAGECONFIG for selinux in oe-core to fix a dependency issue: -PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux" +PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux,initscripts-sushell" But it would be overrode by the one in enable-selinux.bbclass: $ grep PACKAGECONFIG enable-selinux.bbclass PACKAGECONFIG_append = " ${@target_selinux(d)}" PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux," So I need to remove the inherit here in meta-selinux. Thanks, Jackie > > -J. > > > > > Signed-off-by: Jackie Huang <jackie.huang@windriver.com> > > --- > > recipes-core/systemd/systemd_%.bbappend | 1 - > > 1 file changed, 1 deletion(-) > > > > diff --git a/recipes-core/systemd/systemd_%.bbappend b/recipes- > core/systemd/systemd_%.bbappend > > index 8d9029b..f1bdaf8 100644 > > --- a/recipes-core/systemd/systemd_%.bbappend > > +++ b/recipes-core/systemd/systemd_%.bbappend > > @@ -1,2 +1 @@ > > inherit enable-audit > > -inherit enable-selinux > > -- > > 2.8.3 > > > -- > -Joe MacDonald. > :wq ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [meta-selinux][PATCH] systemd: no need to inherit enable-selinux 2017-05-08 1:40 ` Huang, Jie (Jackie) @ 2017-05-16 11:54 ` Joe MacDonald 2017-05-17 1:40 ` Huang, Jie (Jackie) 0 siblings, 1 reply; 6+ messages in thread From: Joe MacDonald @ 2017-05-16 11:54 UTC (permalink / raw) To: Huang, Jie (Jackie); +Cc: yocto@yoctoproject.org [-- Attachment #1: Type: text/plain, Size: 3563 bytes --] [RE: [yocto] [meta-selinux][PATCH] systemd: no need to inherit enable-selinux] On 17.05.08 (Mon 01:40) Huang, Jie (Jackie) wrote: > > > > -----Original Message----- > > From: Joe MacDonald [mailto:Joe_MacDonald@mentor.com] > > Sent: Tuesday, May 02, 2017 21:14 > > To: Huang, Jie (Jackie) > > Cc: yocto@yoctoproject.org > > Subject: Re: [yocto] [meta-selinux][PATCH] systemd: no need to inherit enable- > > selinux > > > > [[yocto] [meta-selinux][PATCH] systemd: no need to inherit enable-selinux] On > > 17.02.22 (Wed 14:44) jackie.huang@windriver.com wrote: > > > > > From: Jackie Huang <jackie.huang@windriver.com> > > > > > > The selinux PACKAGECONFIG is properly handled in > > > the recipe in oe-core, no need to inherit the > > > enable-selinux bbclass. > > > > That might be true, but other than belt-and-suspenders, what's the > > harm in this being in the recipe? I don't necessarily think it's an > > invalid change but my quick count shows ~44 instances of 'inherit > > enable-selinux' and 'inherit with-selinux' in meta-selinux, why's this > > one significant? > > That's because I have a patch to change the PACKAGECONFIG for selinux > in oe-core to fix a dependency issue: > > -PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux" > +PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux,initscripts-sushell" > > But it would be overrode by the one in enable-selinux.bbclass: > $ grep PACKAGECONFIG enable-selinux.bbclass > PACKAGECONFIG_append = " ${@target_selinux(d)}" > PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux," > > So I need to remove the inherit here in meta-selinux. Sorry, this fell between the cracks. So, let me make sure I understand what you're saying. This oe-core commit: commit 1881c5e0c426a193630e5eed5b629b69ff3741d5 Author: Kai Kang <kai.kang@windriver.com> Date: Wed Jul 8 14:26:01 2015 +0800 systemd: add PACKAGECONFIG selinux Add PACKAGECONFIG 'selinux' for systemd. debug-shell.service starts different shell according whether selinux is enabled. (From OE-Core rev: 3d1aa27191fe4c21428eaf4ae036acb1496b7df7) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> conflicts with the --enable/--disable settings in meta-selinux and you want to remove the setting in meta-selinux? Again, I don't specifically object to this, but I'd like to understand the why of it. Is there a valid scenario to include meta-selinux in your project but have selinux disabled? If so, I would think the settings in meta-selinux should still take precedence. Otherwise, I'm confused why the other 40-ish cases aren't also covered. I haven't investigated, but are all the others in non-oe-core layers, maybe? Thanks, -J. > > Thanks, > Jackie > > > > > -J. > > > > > > > > Signed-off-by: Jackie Huang <jackie.huang@windriver.com> > > > --- > > > recipes-core/systemd/systemd_%.bbappend | 1 - > > > 1 file changed, 1 deletion(-) > > > > > > diff --git a/recipes-core/systemd/systemd_%.bbappend b/recipes- > > core/systemd/systemd_%.bbappend > > > index 8d9029b..f1bdaf8 100644 > > > --- a/recipes-core/systemd/systemd_%.bbappend > > > +++ b/recipes-core/systemd/systemd_%.bbappend > > > @@ -1,2 +1 @@ > > > inherit enable-audit > > > -inherit enable-selinux > > > -- > > > 2.8.3 > > > > > -- > > -Joe MacDonald. > > :wq -- -Joe MacDonald. :wq [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 484 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [meta-selinux][PATCH] systemd: no need to inherit enable-selinux 2017-05-16 11:54 ` Joe MacDonald @ 2017-05-17 1:40 ` Huang, Jie (Jackie) 0 siblings, 0 replies; 6+ messages in thread From: Huang, Jie (Jackie) @ 2017-05-17 1:40 UTC (permalink / raw) To: Joe MacDonald; +Cc: yocto@yoctoproject.org > -----Original Message----- > From: Joe MacDonald [mailto:Joe_MacDonald@mentor.com] > Sent: Tuesday, May 16, 2017 19:55 > To: Huang, Jie (Jackie) > Cc: yocto@yoctoproject.org > Subject: Re: [yocto] [meta-selinux][PATCH] systemd: no need to inherit enable- > selinux > > [RE: [yocto] [meta-selinux][PATCH] systemd: no need to inherit enable-selinux] > On 17.05.08 (Mon 01:40) Huang, Jie (Jackie) wrote: > > > > > > > > -----Original Message----- > > > From: Joe MacDonald [mailto:Joe_MacDonald@mentor.com] > > > Sent: Tuesday, May 02, 2017 21:14 > > > To: Huang, Jie (Jackie) > > > Cc: yocto@yoctoproject.org > > > Subject: Re: [yocto] [meta-selinux][PATCH] systemd: no need to inherit > enable- > > > selinux > > > > > > [[yocto] [meta-selinux][PATCH] systemd: no need to inherit enable-selinux] > On > > > 17.02.22 (Wed 14:44) jackie.huang@windriver.com wrote: > > > > > > > From: Jackie Huang <jackie.huang@windriver.com> > > > > > > > > The selinux PACKAGECONFIG is properly handled in > > > > the recipe in oe-core, no need to inherit the > > > > enable-selinux bbclass. > > > > > > That might be true, but other than belt-and-suspenders, what's the > > > harm in this being in the recipe? I don't necessarily think it's an > > > invalid change but my quick count shows ~44 instances of 'inherit > > > enable-selinux' and 'inherit with-selinux' in meta-selinux, why's this > > > one significant? > > > > That's because I have a patch to change the PACKAGECONFIG for selinux > > in oe-core to fix a dependency issue: > > > > -PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux" > > +PACKAGECONFIG[selinux] = "--enable-selinux,--disable- > selinux,libselinux,initscripts-sushell" > > > > But it would be overrode by the one in enable-selinux.bbclass: > > $ grep PACKAGECONFIG enable-selinux.bbclass > > PACKAGECONFIG_append = " ${@target_selinux(d)}" > > PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux," > > > > So I need to remove the inherit here in meta-selinux. > > Sorry, this fell between the cracks. > > So, let me make sure I understand what you're saying. This oe-core > commit: > > commit 1881c5e0c426a193630e5eed5b629b69ff3741d5 > Author: Kai Kang <kai.kang@windriver.com> > Date: Wed Jul 8 14:26:01 2015 +0800 > > systemd: add PACKAGECONFIG selinux > > Add PACKAGECONFIG 'selinux' for systemd. debug-shell.service starts > different shell according whether selinux is enabled. > > (From OE-Core rev: 3d1aa27191fe4c21428eaf4ae036acb1496b7df7) > > Signed-off-by: Kai Kang <kai.kang@windriver.com> > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> > > conflicts with the --enable/--disable settings in meta-selinux and you > want to remove the setting in meta-selinux? Again, I don't specifically > object to this, but I'd like to understand the why of it. Is there a > valid scenario to include meta-selinux in your project but have selinux > disabled? If so, I would think the settings in meta-selinux should The conflicts is not the --enable/--disable settings, it's the dependency: oe-core: PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux,initscripts-sushell" meta-selinux: PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux," There is an extra runtime dependency on initscripts-sushell (which is reauired by debug-shell.service), so if inheriting the enable-selinux in meta-selinux, the selinux will still be enabled, but the dependency on initscripts-sushell will be lost. > still take precedence. Otherwise, I'm confused why the other 40-ish Others don't have the extra dependency, the setting in oe-core and meta-selinux are the same(at least for now), so others aren't covered. Thanks, Jackie > cases aren't also covered. I haven't investigated, but are all the > others in non-oe-core layers, maybe? > > Thanks, > -J. > > > > > Thanks, > > Jackie > > > > > > > > -J. > > > > > > > > > > > Signed-off-by: Jackie Huang <jackie.huang@windriver.com> > > > > --- > > > > recipes-core/systemd/systemd_%.bbappend | 1 - > > > > 1 file changed, 1 deletion(-) > > > > > > > > diff --git a/recipes-core/systemd/systemd_%.bbappend b/recipes- > > > core/systemd/systemd_%.bbappend > > > > index 8d9029b..f1bdaf8 100644 > > > > --- a/recipes-core/systemd/systemd_%.bbappend > > > > +++ b/recipes-core/systemd/systemd_%.bbappend > > > > @@ -1,2 +1 @@ > > > > inherit enable-audit > > > > -inherit enable-selinux > > > > -- > > > > 2.8.3 > > > > > > > -- > > > -Joe MacDonald. > > > :wq > > -- > -Joe MacDonald. > :wq ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2017-05-17 1:40 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-02-22 6:44 [meta-selinux][PATCH] systemd: no need to inherit enable-selinux jackie.huang 2017-04-18 8:20 ` Huang, Jie (Jackie) 2017-05-02 13:13 ` Joe MacDonald 2017-05-08 1:40 ` Huang, Jie (Jackie) 2017-05-16 11:54 ` Joe MacDonald 2017-05-17 1:40 ` Huang, Jie (Jackie)
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.