[meta-selinux][PATCH 0/5] Remove python dependency from refpol.

[meta-selinux][PATCH 0/5] Remove python dependency from refpol.

[flihp]

The reference policy package currently pulls in a lot of python stuff
that isn't strictly necessary to boot an SELinux system and load a
policy. This is caused by the mix of python and C utilities in
policycoreutils.

This patch set breaks the policycoreutils recipe up into multiple
packages, one for each utility. In this way we can have the refpol etc
pull in only the utilities necessary for normal operation. This happens
to be only the utilities written in C and thus we can remove python
completely in a minimal image.

I've attempted to localize these changes as much as possible so changes
in this patchset outside of the policycoreutils recipe are few. An
example image reicpe is added to demonstrate a minimal image with only
the utilities required to load a policy and manipulate the policy store
(add / remove policy modules) at runtime.

Re: [meta-selinux][PATCH 0/5] Remove python dependency from refpol.

[Joe MacDonald]

[-- Attachment #1: Type: text/plain, Size: 1174 bytes --]

[[meta-selinux][PATCH 0/5] Remove python dependency from refpol.] On 13.10.09 (Wed 03:02) flihp@longhaul.twobit.us wrote:

> The reference policy package currently pulls in a lot of python stuff
> that isn't strictly necessary to boot an SELinux system and load a
> policy. This is caused by the mix of python and C utilities in
> policycoreutils.
> 
> This patch set breaks the policycoreutils recipe up into multiple
> packages, one for each utility. In this way we can have the refpol etc
> pull in only the utilities necessary for normal operation. This happens
> to be only the utilities written in C and thus we can remove python
> completely in a minimal image.
> 
> I've attempted to localize these changes as much as possible so changes
> in this patchset outside of the policycoreutils recipe are few. An
> example image reicpe is added to demonstrate a minimal image with only
> the utilities required to load a policy and manipulate the policy store
> (add / remove policy modules) at runtime.

Hey Philip,

The patches never arrived in my mailbox and I don't see them in
patchworks.  Can you re-send, please?

-- 
-Joe MacDonald.
:wq

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 205 bytes --]

[meta-selinux][PATCH 0/5] Remove python dependency from refpol.

[Philip Tricca]

The reference policy package currently pulls in a lot of python stuff
that isn't strictly necessary to boot an SELinux system and load a
policy. AFAIK this is caused by the mix of python and C utilities in
policycoreutils.

This patch set breaks the policycoreutils recipe up into multiple
packages, one for each utility. In this way we can have the refpol etc
pull in only the utilities necessary for normal operation. This happens
to be only the utilities written in C and thus we can remove python
completely in a minimal image.

I've attempted to localize these changes as much as possible so this
patch set should have minimal impact on recipes outside of the
policycoreutils. An example image reicpe is added to demonstrate a
minimal image with only the utilities required to load a policy and
manipulate the policy store (add / remove policy modules) at runtime.

Regards,
- Philip

Re: [meta-selinux][PATCH 0/5] Remove python dependency from refpol.

[Philip Tricca]

Morning Joe

On 10/09/2013 08:23 AM, Joe MacDonald wrote:
> [[meta-selinux][PATCH 0/5] Remove python dependency from refpol.]
> On 13.10.09 (Wed 03:02) flihp@longhaul.twobit.us wrote:
> 
>> The reference policy package currently pulls in a lot of python
>> stuff that isn't strictly necessary to boot an SELinux system and
>> load a policy. This is caused by the mix of python and C
>> utilities in policycoreutils.
>> 
>> This patch set breaks the policycoreutils recipe up into
>> multiple packages, one for each utility. In this way we can have
>> the refpol etc pull in only the utilities necessary for normal
>> operation. This happens to be only the utilities written in C and
>> thus we can remove python completely in a minimal image.
>> 
>> I've attempted to localize these changes as much as possible so
>> changes in this patchset outside of the policycoreutils recipe
>> are few. An example image reicpe is added to demonstrate a
>> minimal image with only the utilities required to load a policy
>> and manipulate the policy store (add / remove policy modules) at
>> runtime.
> 
> Hey Philip,
> 
> The patches never arrived in my mailbox and I don't see them in 
> patchworks.  Can you re-send, please?

I don't think this message made it to the list. Must have made it to
you and Mark though. I've resent and will send patches momentarily.

Cheers,
- Philip