From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: Adam Duskett <aduskett@gmail.com>
Cc: Marcus Folkesson <marcus.folkesson@gmail.com>,
Antoine Tenart <atenart@kernel.org>,
Asaf Kahlon <asafka7@gmail.com>,
Thomas Petazzoni <thomas.petazzoni@bootlin.com>,
buildroot@buildroot.org,
Fabrice Fontaine <fontaine.fabrice@gmail.com>
Subject: Re: [Buildroot] [PATCH v2 13/13] package/refpolicy: bump to version 2.20221101
Date: Tue, 9 May 2023 23:06:26 +0200 [thread overview]
Message-ID: <20230509210626.GH252090@scaer> (raw)
In-Reply-To: <20230425171454.48802-14-aduskett@gmail.com>
Adam, All,
On 2023-04-25 10:14 -0700, Adam Duskett spake thusly:
> Add an upstream patch in package/refpolicy/2.20221101 that makes dbus optional
> for the mount interface. The patch must go in the 2.20221101 directory or else
> the build system will automatically attempt to apply the patch to a custom git
> version of refpolicy if chosen.
>
> Signed-off-by: Adam Duskett <aduskett@gmail.com>
> ---
> Changes v1 -> v2:
> - Added 2.20221101/0001-mount-dbus-interface-must-be-optional.patch
>
> ...ount-dbus-interface-must-be-optional.patch | 33 +++++++++++++++++++
> package/refpolicy/refpolicy.hash | 2 +-
> package/refpolicy/refpolicy.mk | 2 +-
> 3 files changed, 35 insertions(+), 2 deletions(-)
> create mode 100644 package/refpolicy/2.20221101/0001-mount-dbus-interface-must-be-optional.patch
>
> diff --git a/package/refpolicy/2.20221101/0001-mount-dbus-interface-must-be-optional.patch b/package/refpolicy/2.20221101/0001-mount-dbus-interface-must-be-optional.patch
> new file mode 100644
> index 0000000000..dec0af828f
> --- /dev/null
> +++ b/package/refpolicy/2.20221101/0001-mount-dbus-interface-must-be-optional.patch
> @@ -0,0 +1,33 @@
> +From 6c6be65ccf0891391681d4662cc11f508c0f4aeb Mon Sep 17 00:00:00 2001
> +From: Adam Duskett <aduskett@gmail.com>
> +Date: Mon, 24 Apr 2023 14:24:49 -0700
> +Subject: [PATCH] mount: dbus interface must be optional
> +
> +If DBus isn't built, the build process fails due to mount.te always using a
> +dbus interface even if the dbus module. Fix this by setting the dbus interface
> +as optional.
> +
> +Signed-off-by: Adam Duskett <aduskett@gmail.com>
> +Upstream-status: accepted. 207b09a656c2c3ac5c286d3f7eef085325e35408
The proper format for an Upstream: tag is just "Upstream:" (but that is
a very recent change. so I just fixed it). We also prefer to have an URL
to the upstream commit, so I changed that too.
Applied to master, thanks.
Regards,
Yann E. MORIN.
> +---
> + policy/modules/system/mount.te | 4 +++-
> + 1 file changed, 3 insertions(+), 1 deletion(-)
> +
> +diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
> +index d028723..af84af0 100644
> +--- a/policy/modules/system/mount.te
> ++++ b/policy/modules/system/mount.te
> +@@ -145,7 +145,9 @@ selinux_getattr_fs(mount_t)
> +
> + userdom_use_all_users_fds(mount_t)
> +
> +-dbus_dontaudit_write_system_bus_runtime_named_sockets(mount_t)
> ++optional_policy(`
> ++ dbus_dontaudit_write_system_bus_runtime_named_sockets(mount_t)
> ++')
> +
> + ifdef(`distro_redhat',`
> + optional_policy(`
> +--
> +2.40.0
> +
> diff --git a/package/refpolicy/refpolicy.hash b/package/refpolicy/refpolicy.hash
> index b08c22ed4e..a09e59c270 100644
> --- a/package/refpolicy/refpolicy.hash
> +++ b/package/refpolicy/refpolicy.hash
> @@ -1,5 +1,5 @@
> # From https://github.com/SELinuxProject/refpolicy/releases
> -sha256 965f98f0b68a24fd0b8e8d973d319332aea88973e1d6c455ef9c2a31aefaeaa6 refpolicy-2.20220106.tar.bz2
> +sha256 44f88e62c8efcef54d019b9ca077520d5993de580926bd7575788cfa78515396 refpolicy-2.20221101.tar.bz2
>
> # Locally computed
> sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 COPYING
> diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
> index f11b72755a..8fea7cc254 100644
> --- a/package/refpolicy/refpolicy.mk
> +++ b/package/refpolicy/refpolicy.mk
> @@ -23,7 +23,7 @@ REFPOLICY_SITE = $(call qstrip,$(BR2_PACKAGE_REFPOLICY_CUSTOM_REPO_URL))
> REFPOLICY_SITE_METHOD = git
> BR_NO_CHECK_HASH_FOR += $(REFPOLICY_SOURCE)
> else
> -REFPOLICY_VERSION = 2.20220106
> +REFPOLICY_VERSION = 2.20221101
> REFPOLICY_SOURCE = refpolicy-$(REFPOLICY_VERSION).tar.bz2
> REFPOLICY_SITE = https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_$(subst .,_,$(REFPOLICY_VERSION))
> endif
> --
> 2.40.0
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2023-05-09 21:06 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-25 17:14 [Buildroot] [PATCH v2 00/13] Selinux: bump to 3.5 Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 01/13] package/libglib2/0003-disable-building-docs.patch: new patch Adam Duskett
2023-04-25 21:03 ` Peter Seiderer
2023-04-28 1:44 ` James Knight
2023-05-09 19:43 ` Yann E. MORIN
2023-04-25 17:14 ` [Buildroot] [PATCH v2 02/13] package/python-pip: add host variant Adam Duskett
2023-05-09 21:00 ` Yann E. MORIN
2023-06-12 15:52 ` Peter Korsgaard
2023-06-12 17:54 ` Yann E. MORIN
2023-06-12 19:28 ` Peter Korsgaard
2023-04-25 17:14 ` [Buildroot] [PATCH v2 03/13] package/libsepol: bump to version 3.5 Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 04/13] package/libsemanage: " Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 05/13] package/libselinux: " Adam Duskett
2023-05-09 21:02 ` Yann E. MORIN
2023-04-25 17:14 ` [Buildroot] [PATCH v2 06/13] package/policycoreutils: " Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 07/13] package/checkpolicy: " Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 08/13] package/restorecond: " Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 09/13] package/semodule-utils: " Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 10/13] package/audit: bump to version 3.1 Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 11/13] package/selinux-python: bump to version 3.5 Adam Duskett
2023-05-09 21:05 ` Yann E. MORIN
2023-04-25 17:14 ` [Buildroot] [PATCH v2 12/13] package/setools: bump to version 4.4.2 Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 13/13] package/refpolicy: bump to version 2.20221101 Adam Duskett
2023-05-09 21:06 ` Yann E. MORIN [this message]
2023-05-09 21:00 ` [Buildroot] [PATCH v2 00/13] Selinux: bump to 3.5 Yann E. MORIN
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230509210626.GH252090@scaer \
--to=yann.morin.1998@free.fr \
--cc=aduskett@gmail.com \
--cc=asafka7@gmail.com \
--cc=atenart@kernel.org \
--cc=buildroot@buildroot.org \
--cc=fontaine.fabrice@gmail.com \
--cc=marcus.folkesson@gmail.com \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox