[meta-selinux][PATCH 0/5] Remove python dependency from refpol.

All of lore.kernel.org
 help / color / mirror / Atom feed

* [meta-selinux][PATCH 0/5] Remove python dependency from refpol.
@ 2013-10-09 12:23 Philip Tricca
  2013-10-09 12:32 ` [meta-selinux][PATCH 1/5] Break policycoreutils out into separate packages for the various utilities Philip Tricca
                   ` (4 more replies)
  0 siblings, 5 replies; 9+ messages in thread
From: Philip Tricca @ 2013-10-09 12:23 UTC (permalink / raw)
  To: yocto@yoctoproject.org

The reference policy package currently pulls in a lot of python stuff
that isn't strictly necessary to boot an SELinux system and load a
policy. AFAIK this is caused by the mix of python and C utilities in
policycoreutils.

This patch set breaks the policycoreutils recipe up into multiple
packages, one for each utility. In this way we can have the refpol etc
pull in only the utilities necessary for normal operation. This happens
to be only the utilities written in C and thus we can remove python
completely in a minimal image.

I've attempted to localize these changes as much as possible so this
patch set should have minimal impact on recipes outside of the
policycoreutils. An example image reicpe is added to demonstrate a
minimal image with only the utilities required to load a policy and
manipulate the policy store (add / remove policy modules) at runtime.

Regards,
- Philip

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [meta-selinux][PATCH 1/5] Break policycoreutils out into separate packages for the various utilities.
  2013-10-09 12:23 [meta-selinux][PATCH 0/5] Remove python dependency from refpol Philip Tricca
@ 2013-10-09 12:32 ` Philip Tricca
  2013-10-09 12:37 ` [meta-selinux][PATCH 2/5] Remove unnecessary RDEPENDS_${BPN} Philip Tricca
                   ` (3 subsequent siblings)
  4 siblings, 0 replies; 9+ messages in thread
From: Philip Tricca @ 2013-10-09 12:32 UTC (permalink / raw)
  To: yocto@yoctoproject.org

The driver beind this is to allow images to be built with the minimal
tools necessary to load a policy.  Breaking all of the stuff that's
dependent on python out from the core utils allows us to make much
smaller images.

Signed-off-by: Philip Tricca <flihp@twobit.us>
---
 recipes-security/selinux/policycoreutils.inc |  181 +++++++++++++++++++++++++-
 1 file changed, 175 insertions(+), 6 deletions(-)

diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc
index dfd65e3..e6ff4ed 100644
--- a/recipes-security/selinux/policycoreutils.inc
+++ b/recipes-security/selinux/policycoreutils.inc
@@ -38,6 +38,92 @@ RDEPENDS_${BPN} += "\
 	python-ipy \
 	"
 
+RDEPENDS_${BPN}-audit2allow = " \
+	python-textutils \
+	libselinux-python \
+	sepolgen \
+	"
+RDEPENDS_${BPN}-chcat = " \
+	python-codecs \
+	python-shell \
+	python-stringold \
+	python-unixadmin \
+	${BPN}-python \
+	libselinux-python \
+	"
+RDEPENDS_${BPN}-fixfiles += "\
+	${BPN}-setfiles \
+	"
+RDEPENDS_${BPN}-genhomedircon += "\
+	${BPN}-genhomedircon \
+	${BPN}-semodule \
+	"
+RDEPENDS_${BPN}-loadpolicy += "\
+	libselinux \
+	libsepol \
+	"
+RDEPENDS_${BPN}-newrole += "\
+	libcap-ng \
+	libselinux \
+	"
+RDEPENDS_${BPN}-python += "\
+	python-codecs \
+	python-io \
+	python-ipy \
+	python-re \
+	python-stringold \
+	python-syslog \
+	python-unixadmin \
+	libselinux-python \
+	libsemanage-python \
+	"
+RDEPENDS_${BPN}-runinit += "libselinux"
+RDEPENDS_${BPN}-sandbox += "\
+	python-math \
+	python-shell \
+	python-subprocess \
+	python-textutils \
+	python-unixadmin \
+	libselinux-python \
+	${BPN}-python \
+	"
+RDEPENDS_${BPN}-secon += "libselinux"
+RDEPENDS_${BPN}-semanage = " \
+	python-core \
+	python-ipy \
+	${BPN}-python \
+	libselinux-python \
+	"
+RDEPENDS_${BPN}-semodule += "\
+	libsepol \
+	libselinux \
+	libsemanage \
+	"
+# static link to libsepol
+DEPENDS_${BPN}-semodule-deps += "libsepol"
+RDEPENDS_${BPN}-semodule-expand += "libsepol libselinux"
+RDEPENDS_${BPN}-semodule-link += "libsepol libselinux"
+RDEPENDS_${BPN}-semodule-package += "libsepol libselinux"
+RDEPENDS_${BPN}-sepolicy += "\
+	python-argparse \
+	python-codecs \
+	python-core \
+	python-syslog \
+	${BPN}-python \
+	"
+# static link to libsepol
+DEPENDS_${BPN}-sepolgen-ifgen += "libsepol"
+RDEPENDS_${BPN}-sepolgen-ifgen += "libselinux-python"
+RDEPENDS_${BPN}-sestatus += "libselinux"
+RDEPENDS_${BPN}-setfiles += "\
+	libselinux \
+	libsepol \
+	"
+RDEPENDS_${BPN}-setsebool += "\
+	libsepol \
+	libselinux \
+	libsemanage \
+	"
 RDEPENDS_${BPN} += "setools setools-libs ${BPN}-python"
 
 WARN_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${WARN_QA}', d)}"
@@ -45,14 +131,97 @@ ERROR_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${ERROR_QA}', d)}
 
 inherit pythonnative
 
-PACKAGES =+ "${PN}-python ${PN}-sandbox system-config-selinux"
-FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/seobject.py* \
+PACKAGES =+ "\
+	${PN}-audit2allow \
+	${PN}-chcat \
+	${PN}-fixfiles \
+	${PN}-genhomedircon \
+	${PN}-loadpolicy \
+	${PN}-newrole \
+	${PN}-python \
+	${PN}-runinit \
+	${PN}-sandbox \
+	${PN}-secon \
+	${PN}-semanage \
+	${PN}-semodule \
+	${PN}-semodule-deps \
+	${PN}-semodule-expand \
+	${PN}-semodule-link \
+	${PN}-semodule-package \
+	${PN}-sepolgen-ifgen \
+	${PN}-sepolicy \
+	${PN}-sestatus \
+	${PN}-setfiles \
+	${PN}-setsebool \
+	system-config-selinux \
+	"
+FILES_${PN}-audit2allow = " \
+	${bindir}/audit2allow \
+	${bindir}/audit2why \
+	"
+FILES_${PN}-chcat = " \
+	${bindir}/chcat \
+	"
+FILES_${PN}-fixfiles += "${base_sbindir}/fixfiles"
+FILES_${PN}-genhomedircon += "${sbindir}/genhomedircon"
+FILES_${PN}-loadpolicy += "\
+	${base_sbindir}/load_policy \
+	${sbindir}/load_policy \
+	"
+FILES_${PN}-newrole += "\
+	${bindir}/newrole \
+	${@base_contains('DISTRO_FEATURES', 'pam', '${sysconfdir}/pam.d/newrole', '', d)} \
+	"
+FILES_${PN}-python = " \
+	${libdir}/python${PYTHON_BASEVERSION}/site-packages/seobject.py* \
 	${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolicy*.egg-info \
-	${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolicy/*"
+	${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolicy/* \
+        "
+FILES_${PN}-runinit += "\
+	${sbindir}/run_init \
+	${sbindir}/open_init_pty \
+	${@base_contains('DISTRO_FEATURES', 'pam', '${sysconfdir}/pam.d/run_init', '', d)} \
+	"
 FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolicy/.debug/*"
-FILES_${PN}-sandbox = "${datadir}/sandbox/*"
-FILES_${PN}-sandbox += "${bindir}/sandbox"
-FILES_${PN}-sandbox += "${sbindir}/seunshare"
+FILES_${PN}-sandbox += "\
+	${datadir}/sandbox/* \
+	${bindir}/sandbox \
+	${sbindir}/seunshare \
+	${sysconfdir}/sysconfig/sandbox \
+	"
+FILES_${PN}-secon += "${bindir}/secon"
+FILES_${PN}-semanage = " \
+	${sbindir}/semanage \
+	${sysconfdir}/bash_completion.d/semanage-bash-completion.sh \
+	"
+FILES_${PN}-semodule += "${sbindir}/semodule"
+FILES_${PN}-semodule-deps += "${bindir}/semodule_deps"
+FILES_${PN}-semodule-expand += "${bindir}/semodule_expand"
+FILES_${PN}-semodule-link += "${bindir}/semodule_link"
+FILES_${PN}-semodule-package += "\
+	${bindir}/semodule_package \
+	${bindir}/semodule_unpackage \
+	"
+FILES_${PN}-sepolicy += "\
+	${bindir}/sepolicy \
+	${sysconfdir}/bash_completion.d/sepolicy-bash-completion.sh \
+	"
+FILES_${PN}-sepolgen-ifgen += "\
+	${bindir}/sepolgen-ifgen \
+	${bindir}/sepolgen-ifgen-attr-helper \
+	"
+FILES_${PN}-sestatus += "\
+	${sbindir}/sestatus \
+	${sysconfdir}/sestatus.conf \
+	"
+FILES_${PN}-setfiles += " \
+	${base_sbindir}/restorecon \
+	${base_sbindir}/setfiles \
+	"
+FILES_${PN}-setsebool += " \
+	${sbindir}/setsebool \
+	${sysconfdir}/bash_completion.d/setsebool-bash-completion.sh \
+	"
 FILES_system-config-selinux = " \
     ${bindir}/sepolgen \
     ${datadir}/system-config-selinux/* \
-- 
1.7.10.4



^ permalink raw reply related	[flat|nested] 9+ messages in thread

* Re: [meta-selinux][PATCH 2/5] Remove unnecessary RDEPENDS_${BPN}.
  2013-10-09 12:23 [meta-selinux][PATCH 0/5] Remove python dependency from refpol Philip Tricca
  2013-10-09 12:32 ` [meta-selinux][PATCH 1/5] Break policycoreutils out into separate packages for the various utilities Philip Tricca
@ 2013-10-09 12:37 ` Philip Tricca
  2013-10-09 12:40 ` [meta-selinux][PATCH 3/5] Remove runtime dependency on policycoreutils from the reference policy Philip Tricca
                   ` (2 subsequent siblings)
  4 siblings, 0 replies; 9+ messages in thread
From: Philip Tricca @ 2013-10-09 12:37 UTC (permalink / raw)
  To: yocto@yoctoproject.org

Now that the policycoreutuils package is empty no need for RDEPENDS.
Doing this in the commit that broke up the policycoreutuils package
made the diff hard to read. Figured it best to break it out for
readability.

Signed-off-by: Philip Tricca <flihp@twobit.us>
---
 recipes-security/selinux/policycoreutils.inc |   16 ----------------
 1 file changed, 16 deletions(-)

diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc
index e6ff4ed..05de7ac 100644
--- a/recipes-security/selinux/policycoreutils.inc
+++ b/recipes-security/selinux/policycoreutils.inc
@@ -22,22 +22,6 @@ DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}"
 inherit selinux
 DEPENDS += "${@target_selinux(d, 'libpam audit')}"
 
-RDEPENDS_${BPN} += "\
-	libselinux-python \
-	libsemanage-python \
-	sepolgen \
-	"
-RDEPENDS_${BPN} += "\
-	python \
-	python-unixadmin \
-	python-shell \
-	python-crypt \
-	python-subprocess \
-	python-syslog \
-	python-textutils \
-	python-ipy \
-	"
-
 RDEPENDS_${BPN}-audit2allow = " \
 	python-textutils \
 	libselinux-python \
-- 
1.7.10.4



^ permalink raw reply related	[flat|nested] 9+ messages in thread

* Re: [meta-selinux][PATCH 3/5] Remove runtime dependency on policycoreutils from the reference policy.
  2013-10-09 12:23 [meta-selinux][PATCH 0/5] Remove python dependency from refpol Philip Tricca
  2013-10-09 12:32 ` [meta-selinux][PATCH 1/5] Break policycoreutils out into separate packages for the various utilities Philip Tricca
  2013-10-09 12:37 ` [meta-selinux][PATCH 2/5] Remove unnecessary RDEPENDS_${BPN} Philip Tricca
@ 2013-10-09 12:40 ` Philip Tricca
  2013-10-09 12:41 ` [meta-selinux][PATCH 4/5] Add packagegroup and image recipe for minimal SELinux image Philip Tricca
  2013-10-09 12:41 ` [meta-selinux][PATCH 5/5] Add packagegroup for policycoreutils packages Philip Tricca
  4 siblings, 0 replies; 9+ messages in thread
From: Philip Tricca @ 2013-10-09 12:40 UTC (permalink / raw)
  To: yocto@yoctoproject.org

The only thing refpol needs to depend on at runtime are the things
necessary to load the policy.  If sysvinit is patched to load the
policy (which it is) then we only need the config.

Signed-off-by: Philip Tricca <flihp@twobit.us>
---
 recipes-security/refpolicy/refpolicy_common.inc |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index 3eaf16d..873d887 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -16,7 +16,7 @@ FILES_${PN} = "${sysconfdir}/selinux/${POLICY_NAME}/ \
 FILES_${PN}-dev =+ "${datadir}/selinux/${POLICY_NAME}/include/"
 
 DEPENDS += "checkpolicy-native policycoreutils-native m4-native"
-RDEPENDS_${PN} += "policycoreutils selinux-config"
+RDEPENDS_${PN} += "selinux-config"
 
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 
-- 
1.7.10.4



^ permalink raw reply related	[flat|nested] 9+ messages in thread

* Re: [meta-selinux][PATCH 4/5] Add packagegroup and image recipe for minimal SELinux image.
  2013-10-09 12:23 [meta-selinux][PATCH 0/5] Remove python dependency from refpol Philip Tricca
                   ` (2 preceding siblings ...)
  2013-10-09 12:40 ` [meta-selinux][PATCH 3/5] Remove runtime dependency on policycoreutils from the reference policy Philip Tricca
@ 2013-10-09 12:41 ` Philip Tricca
  2013-10-09 12:41 ` [meta-selinux][PATCH 5/5] Add packagegroup for policycoreutils packages Philip Tricca
  4 siblings, 0 replies; 9+ messages in thread
From: Philip Tricca @ 2013-10-09 12:41 UTC (permalink / raw)
  To: yocto@yoctoproject.org

This is intended to demonstrate the minimal set packages necessary
to boot and load a system with SELinux enabled. Specifically we
don't need any of the packages that depend on python.

Signed-off-by: Philip Tricca <flihp@twobit.us>
---
 .../images/core-image-selinux-minimal.bb           |   15 +++++++++++
 .../packagegroups/packagegroup-selinux-minimal.bb  |   26 ++++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 recipes-security/images/core-image-selinux-minimal.bb
 create mode 100644 recipes-security/packagegroups/packagegroup-selinux-minimal.bb

diff --git a/recipes-security/images/core-image-selinux-minimal.bb b/recipes-security/images/core-image-selinux-minimal.bb
new file mode 100644
index 0000000..45cd847
--- /dev/null
+++ b/recipes-security/images/core-image-selinux-minimal.bb
@@ -0,0 +1,15 @@
+DESCRIPTION = "Minimal image with SELinux support (no python)"
+
+IMAGE_FEATURES += "splash ssh-server-openssh"
+
+LICENSE = "MIT"
+
+IMAGE_INSTALL = "\
+	${CORE_IMAGE_BASE_INSTALL} \
+	bash \
+	util-linux-agetty \
+	packagegroup-core-boot \
+	packagegroup-selinux-minimal \
+"
+
+inherit core-image
diff --git a/recipes-security/packagegroups/packagegroup-selinux-minimal.bb b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
new file mode 100644
index 0000000..16f6bae
--- /dev/null
+++ b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
@@ -0,0 +1,26 @@
+DESCRIPTION = "SELinux packagegroup with only packages required for basic operations"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=3f40d7994397109285ec7b81fdeb3b58 \
+                    file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+PR = "r0"
+
+PACKAGES = "\
+	${PN} \
+	"
+
+ALLOW_EMPTY_${PN} = "1"
+
+RDEPENDS_${PN} = " \
+	coreutils \
+	libsepol \
+	libselinux \
+	libselinux-bin \
+	libsemanage \
+	policycoreutils-fixfiles \
+	policycoreutils-secon \
+	policycoreutils-semodule \
+	policycoreutils-sestatus \
+	policycoreutils-setfiles \
+	selinux-config \
+	refpolicy-mls \
+	"
-- 
1.7.10.4



^ permalink raw reply related	[flat|nested] 9+ messages in thread

* Re: [meta-selinux][PATCH 5/5] Add packagegroup for policycoreutils packages.
  2013-10-09 12:23 [meta-selinux][PATCH 0/5] Remove python dependency from refpol Philip Tricca
                   ` (3 preceding siblings ...)
  2013-10-09 12:41 ` [meta-selinux][PATCH 4/5] Add packagegroup and image recipe for minimal SELinux image Philip Tricca
@ 2013-10-09 12:41 ` Philip Tricca
  4 siblings, 0 replies; 9+ messages in thread
From: Philip Tricca @ 2013-10-09 12:41 UTC (permalink / raw)
  To: yocto@yoctoproject.org

The policycoreutils package previously included most everything in
the base package. This packagegroup is intended to fill the role
of the old policycoreutils package and pull in all packages from the
policycoreutils recipe.

Signed-off-by: Philip Tricca <flihp@twobit.us>
---
 .../packagegroups/packagegroup-core-selinux.bb     |    4 +--
 .../packagegroup-selinux-policycoreutils.bb        |   36 ++++++++++++++++++++
 2 files changed, 37 insertions(+), 3 deletions(-)
 create mode 100644 recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb

diff --git a/recipes-security/packagegroups/packagegroup-core-selinux.bb b/recipes-security/packagegroups/packagegroup-core-selinux.bb
index 7cd7409..76863b0 100644
--- a/recipes-security/packagegroups/packagegroup-core-selinux.bb
+++ b/recipes-security/packagegroups/packagegroup-core-selinux.bb
@@ -19,9 +19,7 @@ RDEPENDS_${PN} = " \
 	libsemanage \
 	checkpolicy \
 	sepolgen \
-	policycoreutils \
-	policycoreutils-sandbox \
-	policycoreutils-python \
+	packagegroup-selinux-policycoreutils \
 	setools \
 	setools-console \
 	selinux-config \
diff --git a/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb b/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb
new file mode 100644
index 0000000..296a7e3
--- /dev/null
+++ b/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb
@@ -0,0 +1,36 @@
+DESCRIPTION = "SELinux policycoreutils packagegroup"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=3f40d7994397109285ec7b81fdeb3b58 \
+                    file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+PR = "r0"
+
+PACKAGES = "\
+    ${PN} \
+    "
+
+ALLOW_EMPTY_${PN} = "1"
+
+RDEPENDS_${PN} = " \
+	policycoreutils-audit2allow \
+	policycoreutils-chcat \
+	policycoreutils-fixfiles \
+	policycoreutils-genhomedircon \
+	policycoreutils-loadpolicy \
+	policycoreutils-newrole \
+	policycoreutils-python \
+	policycoreutils-runinit \
+	policycoreutils-sandbox \
+	policycoreutils-secon \
+	policycoreutils-semanage \
+	policycoreutils-semodule \
+	policycoreutils-semodule-deps \
+	policycoreutils-semodule-expand \
+	policycoreutils-semodule-link \
+	policycoreutils-semodule-package \
+	policycoreutils-sepolgen-ifgen \
+	policycoreutils-sepolicy \
+	policycoreutils-sestatus \
+	policycoreutils-setfiles \
+	policycoreutils-setsebool \
+	system-config-selinux \
+	"
-- 
1.7.10.4



^ permalink raw reply related	[flat|nested] 9+ messages in thread

* [meta-selinux][PATCH 0/5] Remove python dependency from refpol.
@ 2013-10-09  3:02 flihp
  2013-10-09 12:23 ` Joe MacDonald
  0 siblings, 1 reply; 9+ messages in thread
From: flihp @ 2013-10-09  3:02 UTC (permalink / raw)
  To: yocto

The reference policy package currently pulls in a lot of python stuff
that isn't strictly necessary to boot an SELinux system and load a
policy. This is caused by the mix of python and C utilities in
policycoreutils.

This patch set breaks the policycoreutils recipe up into multiple
packages, one for each utility. In this way we can have the refpol etc
pull in only the utilities necessary for normal operation. This happens
to be only the utilities written in C and thus we can remove python
completely in a minimal image.

I've attempted to localize these changes as much as possible so changes
in this patchset outside of the policycoreutils recipe are few. An
example image reicpe is added to demonstrate a minimal image with only
the utilities required to load a policy and manipulate the policy store
(add / remove policy modules) at runtime.

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [meta-selinux][PATCH 0/5] Remove python dependency from refpol.
  2013-10-09  3:02 [meta-selinux][PATCH 0/5] Remove python dependency from refpol flihp
@ 2013-10-09 12:23 ` Joe MacDonald
  2013-10-09 12:29   ` Philip Tricca
  0 siblings, 1 reply; 9+ messages in thread
From: Joe MacDonald @ 2013-10-09 12:23 UTC (permalink / raw)
  To: flihp; +Cc: yocto

[-- Attachment #1: Type: text/plain, Size: 1174 bytes --]

[[meta-selinux][PATCH 0/5] Remove python dependency from refpol.] On 13.10.09 (Wed 03:02) flihp@longhaul.twobit.us wrote:

> The reference policy package currently pulls in a lot of python stuff
> that isn't strictly necessary to boot an SELinux system and load a
> policy. This is caused by the mix of python and C utilities in
> policycoreutils.
> 
> This patch set breaks the policycoreutils recipe up into multiple
> packages, one for each utility. In this way we can have the refpol etc
> pull in only the utilities necessary for normal operation. This happens
> to be only the utilities written in C and thus we can remove python
> completely in a minimal image.
> 
> I've attempted to localize these changes as much as possible so changes
> in this patchset outside of the policycoreutils recipe are few. An
> example image reicpe is added to demonstrate a minimal image with only
> the utilities required to load a policy and manipulate the policy store
> (add / remove policy modules) at runtime.

Hey Philip,

The patches never arrived in my mailbox and I don't see them in
patchworks.  Can you re-send, please?

-- 
-Joe MacDonald.
:wq

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 205 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [meta-selinux][PATCH 0/5] Remove python dependency from refpol.
  2013-10-09 12:23 ` Joe MacDonald
@ 2013-10-09 12:29   ` Philip Tricca
  0 siblings, 0 replies; 9+ messages in thread
From: Philip Tricca @ 2013-10-09 12:29 UTC (permalink / raw)
  To: joe; +Cc: yocto

Morning Joe

On 10/09/2013 08:23 AM, Joe MacDonald wrote:
> [[meta-selinux][PATCH 0/5] Remove python dependency from refpol.]
> On 13.10.09 (Wed 03:02) flihp@longhaul.twobit.us wrote:
> 
>> The reference policy package currently pulls in a lot of python
>> stuff that isn't strictly necessary to boot an SELinux system and
>> load a policy. This is caused by the mix of python and C
>> utilities in policycoreutils.
>> 
>> This patch set breaks the policycoreutils recipe up into
>> multiple packages, one for each utility. In this way we can have
>> the refpol etc pull in only the utilities necessary for normal
>> operation. This happens to be only the utilities written in C and
>> thus we can remove python completely in a minimal image.
>> 
>> I've attempted to localize these changes as much as possible so
>> changes in this patchset outside of the policycoreutils recipe
>> are few. An example image reicpe is added to demonstrate a
>> minimal image with only the utilities required to load a policy
>> and manipulate the policy store (add / remove policy modules) at
>> runtime.
> 
> Hey Philip,
> 
> The patches never arrived in my mailbox and I don't see them in 
> patchworks.  Can you re-send, please?

I don't think this message made it to the list. Must have made it to
you and Mark though. I've resent and will send patches momentarily.

Cheers,
- Philip



^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2013-10-09 12:41 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-10-09 12:23 [meta-selinux][PATCH 0/5] Remove python dependency from refpol Philip Tricca
2013-10-09 12:32 ` [meta-selinux][PATCH 1/5] Break policycoreutils out into separate packages for the various utilities Philip Tricca
2013-10-09 12:37 ` [meta-selinux][PATCH 2/5] Remove unnecessary RDEPENDS_${BPN} Philip Tricca
2013-10-09 12:40 ` [meta-selinux][PATCH 3/5] Remove runtime dependency on policycoreutils from the reference policy Philip Tricca
2013-10-09 12:41 ` [meta-selinux][PATCH 4/5] Add packagegroup and image recipe for minimal SELinux image Philip Tricca
2013-10-09 12:41 ` [meta-selinux][PATCH 5/5] Add packagegroup for policycoreutils packages Philip Tricca
  -- strict thread matches above, loose matches on Subject: below --
2013-10-09  3:02 [meta-selinux][PATCH 0/5] Remove python dependency from refpol flihp
2013-10-09 12:23 ` Joe MacDonald
2013-10-09 12:29   ` Philip Tricca

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.