From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/2] package/libsemanage: add option to manually define policy version
Date: Mon, 16 Dec 2019 10:02:09 +0100 [thread overview]
Message-ID: <20191216100209.38e41ead@windsurf.home> (raw)
In-Reply-To: <CAFSsvmpeWRW+3KShMpB_hq=cn0ETgdabR__Gh7vSGeTZuKt45g@mail.gmail.com>
On Sun, 15 Dec 2019 09:36:49 -0800
Adam Duskett <aduskett@gmail.com> wrote:
> > I think on top of PATCH 1/2, another patch could be added to make
> > things a little bit smarter in terms of defaults:
> >
> > default 31 if BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_13
> > default 30 if BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_3
> > default 29 if BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_14
> > default 28 if BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_5
> > default 26 if BR2_TOOLCHAIN_HEADERS_AT_LEAST_2_6
> > default 25
> >
> I'm not sure I like this, as toolchain header versions can be
> misleading, but it's up to you.
I don't see how they can be misleading. These options really state
which kernel headers version is used, and it's a rather good hint of
the minimal kernel version that runs on the target HW.
> > Here, what you're basically doing is assuming that if
> > BR2_PACKAGE_LIBSEMANAGE_POLICY_MANUAL_VERSION is not enabled, we
> > default to "31". But "31" may be wrong. That's why I suggest to drop BR2_PACKAGE_LIBSEMANAGE_POLICY_MANUAL_VERSION and always have a BR2_PACKAGE_LIBSEMANAGE_POLICY_MAX_VERSION option.
> >
> I made it like this as a fallback. If you want to use the max, then
> you don't have to select anything. Although that could be misleading.
I'm not sure using the latest and greatest as the fallback is really
the safe option.
> > > +ifeq ($(BR2_PACKAGE_LIBSEMANAGE_POLICY_MANUAL_VERSION),y)
> > > +LIBSEMANAGE_MAX_POLICY_VERSION = $(BR2_PACKAGE_LIBSEMANAGE_POLICY_MAX_VERSION)
> > > +endif
> > > +
> > > +define LIBSEMANAGE_SET_SEMANAGE_MAX_POLICY
> > > + $(SED) "/policy-version = /c\policy-version = $(LIBSEMANAGE_MAX_POLICY_VERSION)" \
> > > + $(TARGET_DIR)/etc/selinux/semanage.conf
> > > +endef
> > > +LIBSEMANAGE_POST_INSTALL_TARGET_HOOKS += LIBSEMANAGE_SET_SEMANAGE_MAX_POLICY
> > > +HOST_LIBSEMANAGE_POST_INSTALL_HOOKS += LIBSEMANAGE_SET_SEMANAGE_MAX_POLICY
> >
> > The host hook is not appropriate: it tweaks a file in $(TARGET_DIR),
> > which is not good.
I saw your new iteration, which adds a separate hook for the host
variant. So we need to set this for both the host and target variants
of libsemanage ?
Thanks,
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
next prev parent reply other threads:[~2019-12-16 9:02 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-15 1:15 [Buildroot] [PATCH 0/2] package/libsemanage: set policy versions explicitly aduskett at gmail.com
2019-12-15 1:15 ` [Buildroot] [PATCH 1/2] package/libsemanage: add option to manually define policy version aduskett at gmail.com
2019-12-15 11:50 ` Thomas Petazzoni
2019-12-15 17:36 ` Adam Duskett
2019-12-16 9:02 ` Thomas Petazzoni [this message]
2019-12-15 1:15 ` [Buildroot] [PATCH 2/2] package/libsemanage: allow the user to specify a kernel version aduskett at gmail.com
2019-12-15 12:10 ` Thomas Petazzoni
2019-12-15 17:40 ` Adam Duskett
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191216100209.38e41ead@windsurf.home \
--to=thomas.petazzoni@bootlin.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.