Re: [Buildroot] [PATCH] package/refpolicy: enable refpolicy's xdg module when systemd is enabled

From: Romain Naour <romain.naour@gmail.com>
To: Adam Duskett <aduskett@gmail.com>
Cc: Antoine Tenart <atenart@kernel.org>,
	"buildroot@buildroot.org" <buildroot@buildroot.org>
Subject: Re: [Buildroot] [PATCH] package/refpolicy: enable refpolicy's xdg module when systemd is enabled
Date: Wed, 3 Nov 2021 22:06:43 +0100	[thread overview]
Message-ID: <b08f0641-06ec-c4ce-6960-2df5898cf6c2@gmail.com> (raw)
In-Reply-To: <CAFSsvmqUvKZVr+uCFCpinRM5sK-3UdBrMXUXzJ1kF=i1xnXNxQ@mail.gmail.com>

Hello Adam,

Le 02/11/2021 à 18:26, Adam Duskett a écrit :
> Hey Romain;
> 
> Sorry for the late reply!
> 
> 
> On Mon, Nov 1, 2021 at 2:23 AM Romain Naour <romain.naour@gmail.com> wrote:
>>
>> Hello Adam,
>>
>> Le 01/11/2021 à 07:10, ratbert90 a écrit :
>>> Hello;
>>>
>>> Shouldn’t this go in systemd.mk?
>>
>> I'm not sure to understand, what do you mean?
>>
>> It's about a refpolicy module not selinux module (SYSTEMD_SELINUX_MODULES).
> 
> Refpolicy modules are SELinux modules!
> 
> I just tested by adding xdg to SYSTEMD_SELINUX_MODULES which does
> indeed fix the issue.

ok but it's not clear to me if we need to add xdg to SYSTEMD_SELINUX_MODULES or
REFPOLICY_MODULES.

Best regards,
Romain

> 
> Adam
>>
>> Another way to fix the issue is to add xdp to BR2_REFPOLICY_EXTRA_MODULES in the
>> test config... but I don't think it's the right fix.
>>
>> Best regards,
>> Romain
>>
>>
>>>
>>> Adam
>>> --------------------------------------------------------------------------------
>>> *Da:* buildroot <buildroot-bounces@buildroot.org> per conto di Romain Naour
>>> <romain.naour@gmail.com>
>>> *Inviato:* Sunday, October 31, 2021 3:42:07 PM
>>> *A:* buildroot@buildroot.org <buildroot@buildroot.org>
>>> *Cc:* Romain Naour <romain.naour@gmail.com>; Antoine Tenart <atenart@kernel.org>
>>> *Oggetto:* [Buildroot] [PATCH] package/refpolicy: enable refpolicy's xdg module
>>> when systemd is enabled
>>>
>>> policy/modules/system/systemd.te requires xdg module enabled [1]
>>> otherwise refpolicy fail to build:
>>>
>>> policy/modules/system/systemd.te:288:ERROR 'attribute xdg_config_type is not
>>> declared' at token ';' on line 508447:
>>>
>>> Fixes:
>>> https://gitlab.com/buildroot.org/buildroot/-/jobs/1710552468
>>> <https://gitlab.com/buildroot.org/buildroot/-/jobs/1710552468>
>>> https://gitlab.com/buildroot.org/buildroot/-/jobs/1710552470
>>> <https://gitlab.com/buildroot.org/buildroot/-/jobs/1710552470>
>>>
>>> [1]
>>> https://github.com/SELinuxProject/refpolicy/blob/RELEASE_2_20210908/policy/modules/system/systemd.te#L288
>>> <https://github.com/SELinuxProject/refpolicy/blob/RELEASE_2_20210908/policy/modules/system/systemd.te#L288>
>>>
>>> Signed-off-by: Romain Naour <romain.naour@gmail.com>
>>> Cc: Antoine Tenart <atenart@kernel.org>
>>> ---
>>>  package/refpolicy/refpolicy.mk | 1 +
>>>  1 file changed, 1 insertion(+)
>>>
>>> diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
>>> index 975c3b584c..b1d101e311 100644
>>> --- a/package/refpolicy/refpolicy.mk
>>> +++ b/package/refpolicy/refpolicy.mk
>>> @@ -69,6 +69,7 @@ REFPOLICY_MODULES = \
>>>          sysnetwork \
>>>          unconfined \
>>>          userdomain \
>>> +       $(if $(BR2_PACKAGE_SYSTEMD),xdg) \
>>>          $(PACKAGES_SELINUX_MODULES) \
>>>          $(call qstrip,$(BR2_REFPOLICY_EXTRA_MODULES)) \
>>>          $(foreach d,$(REFPOLICY_EXTRA_MODULES_DIRS),\
>>> --
>>> 2.31.1
>>>
>>> _______________________________________________
>>> buildroot mailing list
>>> buildroot@buildroot.org
>>> https://lists.buildroot.org/mailman/listinfo/buildroot
>>> <https://lists.buildroot.org/mailman/listinfo/buildroot>
>>

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot