Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/pkg-generic: Auto-install selinux modules only for upstream refpolicy
@ 2023-10-09 16:18 Adam Duskett
  2023-11-04 17:35 ` Thomas Petazzoni via buildroot
  2023-11-09  9:47 ` Peter Korsgaard
  0 siblings, 2 replies; 3+ messages in thread
From: Adam Duskett @ 2023-10-09 16:18 UTC (permalink / raw)
  To: buildroot; +Cc: Adam Duskett, Thomas Petazzoni

The description of REFPOLICY_CUSTOM_GIT states:

The custom refpolicy must define the full policy explicitly,
and must be a fork of the original refpolicy, to have the
same build system.  When this is selected, only the custom
policy definition are taken into account and all the modules
of the policy are built into the binary policy.

Currently, if a user definess their own policy, a package containing a selinux
directory would add to their custom policy, which is not what they would want.
Disable applying selinux policies in selinux/ directories for custom git
refpolicies.

Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
---
 package/pkg-generic.mk | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/package/pkg-generic.mk b/package/pkg-generic.mk
index 6e944dd6b7..28595a105c 100644
--- a/package/pkg-generic.mk
+++ b/package/pkg-generic.mk
@@ -1237,8 +1237,11 @@ KEEP_PYTHON_PY_FILES += $$($(2)_KEEP_PY_FILES)
 ifneq ($$($(2)_SELINUX_MODULES),)
 PACKAGES_SELINUX_MODULES += $$($(2)_SELINUX_MODULES)
 endif
+
+ifeq ($(BR2_PACKAGE_REFPOLICY_UPSTREAM_VERSION),y)
 PACKAGES_SELINUX_EXTRA_MODULES_DIRS += \
 	$$(if $$(wildcard $$($(2)_PKGDIR)/selinux),$$($(2)_PKGDIR)/selinux)
+endif
 
 ifeq ($$($(2)_SITE_METHOD),svn)
 DL_TOOLS_DEPENDENCIES += svn
-- 
2.41.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/pkg-generic: Auto-install selinux modules only for upstream refpolicy
  2023-10-09 16:18 [Buildroot] [PATCH 1/1] package/pkg-generic: Auto-install selinux modules only for upstream refpolicy Adam Duskett
@ 2023-11-04 17:35 ` Thomas Petazzoni via buildroot
  2023-11-09  9:47 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-11-04 17:35 UTC (permalink / raw)
  To: Adam Duskett; +Cc: buildroot

On Mon,  9 Oct 2023 18:18:17 +0200
Adam Duskett <adam.duskett@amarulasolutions.com> wrote:

> The description of REFPOLICY_CUSTOM_GIT states:
> 
> The custom refpolicy must define the full policy explicitly,
> and must be a fork of the original refpolicy, to have the
> same build system.  When this is selected, only the custom
> policy definition are taken into account and all the modules
> of the policy are built into the binary policy.
> 
> Currently, if a user definess their own policy, a package containing a selinux
> directory would add to their custom policy, which is not what they would want.
> Disable applying selinux policies in selinux/ directories for custom git
> refpolicies.
> 
> Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
> ---
>  package/pkg-generic.mk | 3 +++
>  1 file changed, 3 insertions(+)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/pkg-generic: Auto-install selinux modules only for upstream refpolicy
  2023-10-09 16:18 [Buildroot] [PATCH 1/1] package/pkg-generic: Auto-install selinux modules only for upstream refpolicy Adam Duskett
  2023-11-04 17:35 ` Thomas Petazzoni via buildroot
@ 2023-11-09  9:47 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2023-11-09  9:47 UTC (permalink / raw)
  To: Adam Duskett; +Cc: Thomas Petazzoni, buildroot

>>>>> "Adam" == Adam Duskett <adam.duskett@amarulasolutions.com> writes:

 > The description of REFPOLICY_CUSTOM_GIT states:
 > The custom refpolicy must define the full policy explicitly,
 > and must be a fork of the original refpolicy, to have the
 > same build system.  When this is selected, only the custom
 > policy definition are taken into account and all the modules
 > of the policy are built into the binary policy.

 > Currently, if a user definess their own policy, a package containing a selinux
 > directory would add to their custom policy, which is not what they would want.
 > Disable applying selinux policies in selinux/ directories for custom git
 > refpolicies.

 > Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>

Committed to 2023.02.x and 2023.08.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-11-09  9:47 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-10-09 16:18 [Buildroot] [PATCH 1/1] package/pkg-generic: Auto-install selinux modules only for upstream refpolicy Adam Duskett
2023-11-04 17:35 ` Thomas Petazzoni via buildroot
2023-11-09  9:47 ` Peter Korsgaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox