* [meta-selinux][PATCH 0/2] refpolicy: split do_install to three steps & update refpolicy-minimum
@ 2014-07-29 7:30 wenzong.fan
2014-07-29 7:30 ` [meta-selinux][PATCH 1/2] refpolicy: split do_install to three steps wenzong.fan
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: wenzong.fan @ 2014-07-29 7:30 UTC (permalink / raw)
To: yocto, xin.ouyang, mark.hatle
From: Wenzong Fan <wenzong.fan@windriver.com>
* split do_install to three steps:
+ prepare_policy_store()
+ rebuild_policy()
+ install_misc_files()
This gets refpolicy-minimum work by re-writing the prepare_policy_store().
* update refpolicy-minimum to support compressed policy.
The following changes since commit a34718ae6ea2539545be1e49c497030f6246345c:
swig-native: repair patching error (2014-07-19 23:24:44 -0400)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib wenzong/refpolicy
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/refpolicy
Wenzong Fan (2):
refpolicy: split do_install to three steps
refpolicy / minimum: support compressed policy
.../refpolicy/refpolicy-minimum_2.20130424.bb | 26 +++++++++----
recipes-security/refpolicy/refpolicy_common.inc | 39 +++++++++++++-------
2 files changed, 43 insertions(+), 22 deletions(-)
--
1.7.9.5
^ permalink raw reply [flat|nested] 4+ messages in thread
* [meta-selinux][PATCH 1/2] refpolicy: split do_install to three steps
2014-07-29 7:30 [meta-selinux][PATCH 0/2] refpolicy: split do_install to three steps & update refpolicy-minimum wenzong.fan
@ 2014-07-29 7:30 ` wenzong.fan
2014-07-29 7:30 ` [meta-selinux][PATCH 2/2] refpolicy / minimum: support compressed policy wenzong.fan
2014-08-28 10:26 ` [meta-selinux][PATCH 0/2] refpolicy: split do_install to three steps & update refpolicy-minimum Pascal Ouyang
2 siblings, 0 replies; 4+ messages in thread
From: wenzong.fan @ 2014-07-29 7:30 UTC (permalink / raw)
To: yocto, xin.ouyang, mark.hatle
From: Wenzong Fan <wenzong.fan@windriver.com>
Split do_install() to:
+ prepare_policy_store()
+ rebuild_policy()
+ install_misc_files()
This allows to make partial change to do_install() instead of re-write
it totally from specific refpolicy bb file.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
recipes-security/refpolicy/refpolicy_common.inc | 39 +++++++++++++++--------
1 file changed, 25 insertions(+), 14 deletions(-)
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index 54a0168..fd205cf 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -60,24 +60,11 @@ do_compile() {
oe_runmake policy
}
-do_install() {
+prepare_policy_store () {
oe_runmake 'DESTDIR=${D}' 'prefix=${D}${prefix}' install
# Prepare to create policy store
mkdir -p ${D}${sysconfdir}/selinux/
- cat <<-EOF > ${D}${sysconfdir}/selinux/semanage.conf
-module-store = direct
-[setfiles]
-path = ${STAGING_DIR_NATIVE}${base_sbindir_native}/setfiles
-args = -q -c \$@ \$<
-[end]
-[sefcontext_compile]
-path = ${STAGING_DIR_NATIVE}${sbindir_native}/sefcontext_compile
-args = \$@
-[end]
-
-policy-version = 28
-EOF
mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/policy
mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules
mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files
@@ -100,11 +87,29 @@ EOF
fi
done
fi
+}
+
+rebuild_policy () {
+ cat <<-EOF > ${D}${sysconfdir}/selinux/semanage.conf
+module-store = direct
+[setfiles]
+path = ${STAGING_DIR_NATIVE}${base_sbindir_native}/setfiles
+args = -q -c \$@ \$<
+[end]
+[sefcontext_compile]
+path = ${STAGING_DIR_NATIVE}${sbindir_native}/sefcontext_compile
+args = \$@
+[end]
+
+policy-version = 28
+EOF
# Create policy store and build the policy
semodule -p ${D} -s ${POLICY_NAME} -n -B
rm -f ${D}${sysconfdir}/selinux/semanage.conf
+}
+install_misc_files () {
cat ${WORKDIR}/customizable_types >> \
${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/customizable_types
@@ -121,3 +126,9 @@ EOF
link_path=`readlink -f ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/policy.kern`
ln -sf ../../policy/`basename $link_path` ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/policy.kern
}
+
+do_install () {
+ prepare_policy_store
+ rebuild_policy
+ install_misc_files
+}
--
1.7.9.5
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [meta-selinux][PATCH 2/2] refpolicy / minimum: support compressed policy
2014-07-29 7:30 [meta-selinux][PATCH 0/2] refpolicy: split do_install to three steps & update refpolicy-minimum wenzong.fan
2014-07-29 7:30 ` [meta-selinux][PATCH 1/2] refpolicy: split do_install to three steps wenzong.fan
@ 2014-07-29 7:30 ` wenzong.fan
2014-08-28 10:26 ` [meta-selinux][PATCH 0/2] refpolicy: split do_install to three steps & update refpolicy-minimum Pascal Ouyang
2 siblings, 0 replies; 4+ messages in thread
From: wenzong.fan @ 2014-07-29 7:30 UTC (permalink / raw)
To: yocto, xin.ouyang, mark.hatle
From: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
.../refpolicy/refpolicy-minimum_2.20130424.bb | 26 ++++++++++++++------
1 file changed, 18 insertions(+), 8 deletions(-)
diff --git a/recipes-security/refpolicy/refpolicy-minimum_2.20130424.bb b/recipes-security/refpolicy/refpolicy-minimum_2.20130424.bb
index ae9cb43..d9539f3 100644
--- a/recipes-security/refpolicy/refpolicy-minimum_2.20130424.bb
+++ b/recipes-security/refpolicy/refpolicy-minimum_2.20130424.bb
@@ -30,19 +30,29 @@ EXTRA_POLICY_MODULES += "mta"
POLICY_MODULES_MIN = "${CORE_POLICY_MODULES} ${EXTRA_POLICY_MODULES}"
+# re-write the same func from refpolicy_common.inc
prepare_policy_store () {
- oe_runmake install \
- DESTDIR=${D}
+ oe_runmake 'DESTDIR=${D}' 'prefix=${D}${prefix}' install
# Prepare to create policy store
mkdir -p ${D}${sysconfdir}/selinux/
mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/policy
mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules
mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files
- bzip2 -c ${D}${datadir}/selinux/${POLICY_NAME}/base.pp > \
- ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp
- for i in ${POLICY_MODULES_MIN}; do
- bzip2 -c ${D}${datadir}/selinux/${POLICY_NAME}/$i.pp > \
- ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/$i.pp
- done
+ touch ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/file_contexts.local
+ if ${@base_contains('DISTRO_FEATURES','compressed_policy','true','false',d)}; then
+ bzip2 base.pp
+ cp base.pp.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp
+ for i in ${POLICY_MODULES_MIN}; do
+ bzip2 $i
+ cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`
+ done
+ else
+ bzip2 -c ${D}${datadir}/selinux/${POLICY_NAME}/base.pp > \
+ ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp
+ for i in ${POLICY_MODULES_MIN}; do
+ bzip2 -c ${D}${datadir}/selinux/${POLICY_NAME}/$i.pp > \
+ ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/$i.pp
+ done
+ fi
}
--
1.7.9.5
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [meta-selinux][PATCH 0/2] refpolicy: split do_install to three steps & update refpolicy-minimum
2014-07-29 7:30 [meta-selinux][PATCH 0/2] refpolicy: split do_install to three steps & update refpolicy-minimum wenzong.fan
2014-07-29 7:30 ` [meta-selinux][PATCH 1/2] refpolicy: split do_install to three steps wenzong.fan
2014-07-29 7:30 ` [meta-selinux][PATCH 2/2] refpolicy / minimum: support compressed policy wenzong.fan
@ 2014-08-28 10:26 ` Pascal Ouyang
2 siblings, 0 replies; 4+ messages in thread
From: Pascal Ouyang @ 2014-08-28 10:26 UTC (permalink / raw)
To: wenzong.fan, yocto, mark.hatle
于 14-7-29 下午3:30, wenzong.fan@windriver.com 写道:
> From: Wenzong Fan <wenzong.fan@windriver.com>
>
> * split do_install to three steps:
> + prepare_policy_store()
> + rebuild_policy()
> + install_misc_files()
>
> This gets refpolicy-minimum work by re-writing the prepare_policy_store().
>
> * update refpolicy-minimum to support compressed policy.
>
> The following changes since commit a34718ae6ea2539545be1e49c497030f6246345c:
>
> swig-native: repair patching error (2014-07-19 23:24:44 -0400)
>
> are available in the git repository at:
>
> git://git.pokylinux.org/poky-contrib wenzong/refpolicy
> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/refpolicy
>
> Wenzong Fan (2):
> refpolicy: split do_install to three steps
> refpolicy / minimum: support compressed policy
>
> .../refpolicy/refpolicy-minimum_2.20130424.bb | 26 +++++++++----
> recipes-security/refpolicy/refpolicy_common.inc | 39 +++++++++++++-------
> 2 files changed, 43 insertions(+), 22 deletions(-)
>
Merged. Thanks:)
--
- Pascal
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-08-28 10:26 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-07-29 7:30 [meta-selinux][PATCH 0/2] refpolicy: split do_install to three steps & update refpolicy-minimum wenzong.fan
2014-07-29 7:30 ` [meta-selinux][PATCH 1/2] refpolicy: split do_install to three steps wenzong.fan
2014-07-29 7:30 ` [meta-selinux][PATCH 2/2] refpolicy / minimum: support compressed policy wenzong.fan
2014-08-28 10:26 ` [meta-selinux][PATCH 0/2] refpolicy: split do_install to three steps & update refpolicy-minimum Pascal Ouyang
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.