[Buildroot] [PATCH 05/17] checkpolicy: new package

[Arnout Vandecappelle <arnout@mind.be>]

On 09/09/13 19:33, Clayton Shotwell wrote:
> Thomas,
>
> Thomas Petazzoni <thomas.petazzoni@free-electrons.com> wrote on
> 09/06/2013 12:56:09 PM:
>  > Is a target variant of this package really needed? In the context of
>  > Buildroot and cross-compilation, I would expect the policy to be
>  > written on the development machine, the compilation to happen on the
>  > development machine, and only the resulting binary copied
>  > to the target.
>  >
>  > We generally don't support "development" on the target,
>  > and we expect
>  > the system generated by Buildroot to be ready to use. I am
>  > not familiar
>  > with SELinux at all, but my understanding is that this
>  > Buildroot policy
>  > should translate into just the SELinux binary policy to be
>  > installed on
>  > the target, the compiler being kept on the host.
>
> Very good point and I agree completely.  This package is used to compile
> the SELinux policy from source and that should only be done on the host.
> I will go ahead and remove the target build commands and Config.in file
> to keep this a host only utility.

  Note: you'll probably want to add a Config.in.host for this package, so 
people can select it in their config and use it in a post-build script.

  In the long term, it is probably also a good idea to have a 
system-level SELinux menu where you can specify some policy files to be 
put on the target, and buildroot will compile and install them for you.

  Regards,
  Arnout

-- 
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7CB5 E4CC 6C2E EFD4 6E3D A754 F963 ECAB 2450 2F1F