[Buildroot] [PATCH] package/lxc: add libapparmor optional dependency

[Buildroot] [PATCH] package/lxc: add libapparmor optional dependency

[Ian Merin via buildroot]

[-- Attachment #1.1: Type: text/plain, Size: 1399 bytes --]

From e56f77419a6516fef7f63746120755400948e5d3 Mon Sep 17 00:00:00 2001
From: Ian Merin <Ian.Merin@ncipher.com>
Date: Wed, 29 Jan 2025 11:15:20 -0500
Subject: [PATCH] package/lxc: add libapparmor optional dependency

Signed-off-by: Ian Merin <Ian.Merin+Entrust@ncipher.com>
---
package/lxc/lxc.mk | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/package/lxc/lxc.mk b/package/lxc/lxc.mk
index b2afb978e6..d2227c3760 100644
--- a/package/lxc/lxc.mk
+++ b/package/lxc/lxc.mk
@@ -13,7 +13,6 @@ LXC_DEPENDENCIES = host-pkgconf
LXC_INSTALL_STAGING = YES

LXC_CONF_OPTS = \
-       -Dapparmor=false \
       -Dexamples=false \
       -Dman=false

@@ -21,6 +20,13 @@ ifeq ($(BR2_PACKAGE_BASH_COMPLETION),y)
LXC_DEPENDENCIES += bash-completion
endif

+ifeq ($(BR2_PACKAGE_APPARMOR),y)
+LXC_CONF_OPTS += -Dapparmor=true
+LXC_DEPENDENCIES += libapparmor
+else
+LXC_CONF_OPTS += -Dapparmor=false
+endif
+
ifeq ($(BR2_PACKAGE_LIBCAP),y)
LXC_CONF_OPTS += -Dcapabilities=true
LXC_DEPENDENCIES += libcap
--
2.25.1
Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.


[-- Attachment #1.2: Type: text/html, Size: 4311 bytes --]

[-- Attachment #2: Type: text/plain, Size: 150 bytes --]

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH] package/lxc: add libapparmor optional dependency

[Thomas Petazzoni via buildroot]

Hello Ian,

Thanks for your patch!

On Wed, 29 Jan 2025 19:46:22 +0000
Ian Merin via buildroot <buildroot@buildroot.org> wrote:

> From e56f77419a6516fef7f63746120755400948e5d3 Mon Sep 17 00:00:00 2001
> From: Ian Merin <Ian.Merin@ncipher.com>
> Date: Wed, 29 Jan 2025 11:15:20 -0500
> Subject: [PATCH] package/lxc: add libapparmor optional dependency

You didn't use git send-email to send your patch, which made it
difficult to apply. Indeed, it looks like you pasted the output of "git
format-patch" into the body of an e-mail, making the resulting e-mail
unapplicable by "git am".

> diff --git a/package/lxc/lxc.mk b/package/lxc/lxc.mk
> index b2afb978e6..d2227c3760 100644
> --- a/package/lxc/lxc.mk
> +++ b/package/lxc/lxc.mk
> @@ -13,7 +13,6 @@ LXC_DEPENDENCIES = host-pkgconf
> LXC_INSTALL_STAGING = YES
> 
> LXC_CONF_OPTS = \
> -       -Dapparmor=false \
>        -Dexamples=false \
>        -Dman=false
> 
> @@ -21,6 +20,13 @@ ifeq ($(BR2_PACKAGE_BASH_COMPLETION),y)
> LXC_DEPENDENCIES += bash-completion
> endif
> 
> +ifeq ($(BR2_PACKAGE_APPARMOR),y)

           ^^^^^^^^ This option doesn't exist, so this never triggers.
           The option is named BR2_PACKAGE_LIBAPPARMOR.

I fixed both issues and applied. Thanks!

Best regards,

Thomas
-- 
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [EXTERNAL] Re: [PATCH] package/lxc: add libapparmor optional dependency

[Ian Merin via buildroot]

[-- Attachment #1.1: Type: text/plain, Size: 3071 bytes --]

Hi Thomas,

BR2_PACKAGE_APPARMOR certainly does exist, and the patch works for me as written:

https://github.com/buildroot/buildroot/blob/master/package/apparmor/Config.in#L1

BR2_PACKAGE_LIBAPPARMOR is selected as a dependency of BR2_PACKAGE_APPARMOR

Thanks,

Ian


From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sent: Wednesday, February 5, 2025 9:34 AM
To: Ian Merin via buildroot <buildroot@buildroot.org>
Cc: Ian Merin <Ian.Merin@entrust.com>; jezz@sysmic.org
Subject: [EXTERNAL] Re: [Buildroot] [PATCH] package/lxc: add libapparmor optional dependency

Hello Ian, Thanks for your patch! On Wed, 29 Jan 2025 19: 46: 22 +0000 Ian Merin via buildroot <buildroot@ buildroot. org> wrote: > From e56f77419a6516fef7f63746120755400948e5d3 Mon Sep 17 00: 00: 00 2001 > From: Ian Merin <Ian. Merin@ ncipher. com>


Hello Ian,



Thanks for your patch!



On Wed, 29 Jan 2025 19:46:22 +0000

Ian Merin via buildroot <buildroot@buildroot.org<mailto:buildroot@buildroot.org>> wrote:



> From e56f77419a6516fef7f63746120755400948e5d3 Mon Sep 17 00:00:00 2001

> From: Ian Merin <Ian.Merin@ncipher.com<mailto:Ian.Merin@ncipher.com>>

> Date: Wed, 29 Jan 2025 11:15:20 -0500

> Subject: [PATCH] package/lxc: add libapparmor optional dependency



You didn't use git send-email to send your patch, which made it

difficult to apply. Indeed, it looks like you pasted the output of "git

format-patch" into the body of an e-mail, making the resulting e-mail

unapplicable by "git am".



> diff --git a/package/lxc/lxc.mk b/package/lxc/lxc.mk

> index b2afb978e6..d2227c3760 100644

> --- a/package/lxc/lxc.mk

> +++ b/package/lxc/lxc.mk

> @@ -13,7 +13,6 @@ LXC_DEPENDENCIES = host-pkgconf

> LXC_INSTALL_STAGING = YES

>

> LXC_CONF_OPTS = \

> -       -Dapparmor=false \

>        -Dexamples=false \

>        -Dman=false

>

> @@ -21,6 +20,13 @@ ifeq ($(BR2_PACKAGE_BASH_COMPLETION),y)

> LXC_DEPENDENCIES += bash-completion

> endif

>

> +ifeq ($(BR2_PACKAGE_APPARMOR),y)



           ^^^^^^^^ This option doesn't exist, so this never triggers.

           The option is named BR2_PACKAGE_LIBAPPARMOR.



I fixed both issues and applied. Thanks!



Best regards,



Thomas

--

Thomas Petazzoni, co-owner and CEO, Bootlin

Embedded Linux and Kernel engineering and training

https://urldefense.com/v3/__https://bootlin.com__;!!FJ-Y8qCqXTj2!a27zzMC5bnmcgIfJnM5qzXaB0youvYy9EZZn8UL41HtlZeUMJmh9OvHu05Aw4LluHWo8CDPFIKbHdsHe7kpzb_LIVNBz$<https://urldefense.com/v3/__https:/bootlin.com__;!!FJ-Y8qCqXTj2!a27zzMC5bnmcgIfJnM5qzXaB0youvYy9EZZn8UL41HtlZeUMJmh9OvHu05Aw4LluHWo8CDPFIKbHdsHe7kpzb_LIVNBz$>

Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.


[-- Attachment #1.2: Type: text/html, Size: 13136 bytes --]

[-- Attachment #2: Type: text/plain, Size: 150 bytes --]

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [EXTERNAL] Re: [PATCH] package/lxc: add libapparmor optional dependency

[Thomas Petazzoni]

Hello Ian,

On Wed, 5 Feb 2025 14:49:37 +0000
Ian Merin <Ian.Merin@entrust.com> wrote:

> BR2_PACKAGE_APPARMOR certainly does exist, and the patch works for me as written:
> 
> https://github.com/buildroot/buildroot/blob/master/package/apparmor/Config.in#L1
> 
> BR2_PACKAGE_LIBAPPARMOR is selected as a dependency of BR2_PACKAGE_APPARMOR

Sorry, I missed that. I had only enabled BR2_PACKAGE_LIBAPPARMOR in my
configuration. However, it doesn't really make sense to have a
condition on option XYZ and then depend on another package. Here the
dependency that's needed by lxc is indeed libapparmor, which is the
dependency you added in LXC_DEPENDENCIES:

+LXC_DEPENDENCIES += libapparmor

Best regards,

Thomas
-- 
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [EXTERNAL] Re: [PATCH] package/lxc: add libapparmor optional dependency

[Ian Merin via buildroot]

[-- Attachment #1.1: Type: text/plain, Size: 3184 bytes --]

I will defer to your judgment as a maintainer of this project, but I would suggest that you leave it as it was originally because I have tested and verified the functionality of AppArmor enabled LXC containers as the patch is currently written. I have not validated that the AppArmor integration works appropriately with BR2_PACKAGE_LIBAPPARMOR=y and BR2_PACKAGE_APPARMOR not set.

Given that BR2_PACKAGE_LIBAPPARMOR is a dependency of BR2_PACKAGE_APPARMOR, it is guaranteed to work.

Thanks,

Ian


From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sent: Wednesday, February 5, 2025 10:01 AM
To: Ian Merin <Ian.Merin@entrust.com>
Cc: Ian Merin via buildroot <buildroot@buildroot.org>; jezz@sysmic.org
Subject: Re: [EXTERNAL] Re: [Buildroot] [PATCH] package/lxc: add libapparmor optional dependency

Hello Ian, On Wed, 5 Feb 2025 14: 49: 37 +0000 Ian Merin <Ian. Merin@ entrust. com> wrote: > BR2_PACKAGE_APPARMOR certainly does exist, and the patch works for me as written: > > https: //urldefense. com/v3/__https: //github. com/buildroot/buildroot/blob/master/package/apparmor/Config. in*L1__;Iw!!FJ-Y8qCqXTj2!c9eCbVFhm-fDJrbCWm9n8w6syQX0VGWVTJe2CpzAhq5UXqo0BdN9OU3hN80e2Fs8G8nXUh935m5ctcz-spEpgvoFE0E-$


Hello Ian,



On Wed, 5 Feb 2025 14:49:37 +0000

Ian Merin <Ian.Merin@entrust.com<mailto:Ian.Merin@entrust.com>> wrote:



> BR2_PACKAGE_APPARMOR certainly does exist, and the patch works for me as written:

>

> https://urldefense.com/v3/__https://github.com/buildroot/buildroot/blob/master/package/apparmor/Config.in*L1__;Iw!!FJ-Y8qCqXTj2!c9eCbVFhm-fDJrbCWm9n8w6syQX0VGWVTJe2CpzAhq5UXqo0BdN9OU3hN80e2Fs8G8nXUh935m5ctcz-spEpgvoFE0E-$<https://urldefense.com/v3/__https:/github.com/buildroot/buildroot/blob/master/package/apparmor/Config.in*L1__;Iw!!FJ-Y8qCqXTj2!c9eCbVFhm-fDJrbCWm9n8w6syQX0VGWVTJe2CpzAhq5UXqo0BdN9OU3hN80e2Fs8G8nXUh935m5ctcz-spEpgvoFE0E-$>

>

> BR2_PACKAGE_LIBAPPARMOR is selected as a dependency of BR2_PACKAGE_APPARMOR



Sorry, I missed that. I had only enabled BR2_PACKAGE_LIBAPPARMOR in my

configuration. However, it doesn't really make sense to have a

condition on option XYZ and then depend on another package. Here the

dependency that's needed by lxc is indeed libapparmor, which is the

dependency you added in LXC_DEPENDENCIES:



+LXC_DEPENDENCIES += libapparmor



Best regards,



Thomas

--

Thomas Petazzoni, co-owner and CEO, Bootlin

Embedded Linux and Kernel engineering and training

https://urldefense.com/v3/__https://bootlin.com__;!!FJ-Y8qCqXTj2!c9eCbVFhm-fDJrbCWm9n8w6syQX0VGWVTJe2CpzAhq5UXqo0BdN9OU3hN80e2Fs8G8nXUh935m5ctcz-spEpgtbW5g-6$<https://urldefense.com/v3/__https:/bootlin.com__;!!FJ-Y8qCqXTj2!c9eCbVFhm-fDJrbCWm9n8w6syQX0VGWVTJe2CpzAhq5UXqo0BdN9OU3hN80e2Fs8G8nXUh935m5ctcz-spEpgtbW5g-6$>

Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.


[-- Attachment #1.2: Type: text/html, Size: 10610 bytes --]

[-- Attachment #2: Type: text/plain, Size: 150 bytes --]

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot