From mboxrd@z Thu Jan  1 00:00:00 1970
From: Arnout Vandecappelle <arnout@mind.be>
Date: Wed, 11 Sep 2013 18:44:08 +0200
Subject: [Buildroot] [PATCH 05/17] checkpolicy: new package
In-Reply-To: <OFC0C68881.BE62946A-ON86257BE1.005F39EC-86257BE1.00606A14@rockwellcollins.com>
References: <1378336196-27403-1-git-send-email-clshotwe@rockwellcollins.com>	<1378336196-27403-6-git-send-email-clshotwe@rockwellcollins.com>
 <20130906195609.237ba6d0@skate>
 <OFC0C68881.BE62946A-ON86257BE1.005F39EC-86257BE1.00606A14@rockwellcollins.com>
Message-ID: <52309DD8.3080506@mind.be>
List-Id: <buildroot.busybox.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: buildroot@busybox.net

On 09/09/13 19:33, Clayton Shotwell wrote:
> Thomas,
>
> Thomas Petazzoni <thomas.petazzoni@free-electrons.com> wrote on
> 09/06/2013 12:56:09 PM:
>  > Is a target variant of this package really needed? In the context of
>  > Buildroot and cross-compilation, I would expect the policy to be
>  > written on the development machine, the compilation to happen on the
>  > development machine, and only the resulting binary copied
>  > to the target.
>  >
>  > We generally don't support "development" on the target,
>  > and we expect
>  > the system generated by Buildroot to be ready to use. I am
>  > not familiar
>  > with SELinux at all, but my understanding is that this
>  > Buildroot policy
>  > should translate into just the SELinux binary policy to be
>  > installed on
>  > the target, the compiler being kept on the host.
>
> Very good point and I agree completely.  This package is used to compile
> the SELinux policy from source and that should only be done on the host.
> I will go ahead and remove the target build commands and Config.in file
> to keep this a host only utility.

  Note: you'll probably want to add a Config.in.host for this package, so 
people can select it in their config and use it in a post-build script.

  In the long term, it is probably also a good idea to have a 
system-level SELinux menu where you can specify some policy files to be 
put on the target, and buildroot will compile and install them for you.

  Regards,
  Arnout

-- 
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7CB5 E4CC 6C2E EFD4 6E3D A754 F963 ECAB 2450 2F1F