[PATCH 0/2] V2: Add /sbin/sushell when SELinux is enabled

[PATCH 0/2] V2: Add /sbin/sushell when SELinux is enabled

[Kai Kang]

debug-shell.service from systemd starts different shell according to whether selinux is enabled.
If selinux is enabled, it starts /sbin/sushell. Add /sbin/sushell from fedora.

Tested with and without layer meta-selinux for x86-64.

The following changes since commit 8ad9a434c9fd0300cf5c38c368b181b78421e95a:

  bitbake: tests/data: Add new data tests (2015-07-01 15:40:21 +0100)

are available in the git repository at:

  git://git.yoctoproject.org/poky-contrib kangkai/initscripts
  http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=kangkai/initscripts

Kai Kang (2):
  initscripts: add /sbin/sushell for systemd service debug-shell
  systemd: add PACKAGECONFIG selinux

 meta/recipes-core/initscripts/initscripts-1.0/sushell |  5 +++++
 meta/recipes-core/initscripts/initscripts_1.0.bb      | 10 +++++++++-
 meta/recipes-core/systemd/systemd_219.bb              |  5 ++++-
 3 files changed, 18 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-core/initscripts/initscripts-1.0/sushell

-- 
1.9.1

[PATCH 1/2] initscripts: add /sbin/sushell for systemd service debug-shell

[Kai Kang]

Add file /sbin/sushell for systemd service debug-shell which starts with
/bin/sushell when SELinux is enabled. Copy and add sushell file from
Fedora 22.

Add runtime dependency bash as well when systemd is enabled to eliminate
QA warning:

WARNING: QA Issue: /sbin/sushell_initscripts contained in package initscripts
requires /bin/bash, but no providers found in its RDEPENDS [file-rdeps]

Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
 meta/recipes-core/initscripts/initscripts-1.0/sushell |  5 +++++
 meta/recipes-core/initscripts/initscripts_1.0.bb      | 10 +++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-core/initscripts/initscripts-1.0/sushell

diff --git a/meta/recipes-core/initscripts/initscripts-1.0/sushell b/meta/recipes-core/initscripts/initscripts-1.0/sushell
new file mode 100644
index 0000000..7d96941
--- /dev/null
+++ b/meta/recipes-core/initscripts/initscripts-1.0/sushell
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+[ -z "$SUSHELL" ] && SUSHELL=/bin/bash
+
+exec $SUSHELL
diff --git a/meta/recipes-core/initscripts/initscripts_1.0.bb b/meta/recipes-core/initscripts/initscripts_1.0.bb
index a086591..b1d917d 100644
--- a/meta/recipes-core/initscripts/initscripts_1.0.bb
+++ b/meta/recipes-core/initscripts/initscripts_1.0.bb
@@ -33,6 +33,7 @@ SRC_URI = "file://functions \
            file://GPLv2.patch \
            file://dmesg.sh \
            file://logrotate-dmesg.conf \
+           ${@bb.utils.contains('DISTRO_FEATURES','selinux','file://sushell','',d)} \
 "
 
 S = "${WORKDIR}"
@@ -46,7 +47,9 @@ DEPENDS_append = " update-rc.d-native"
 DEPENDS_append = " ${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd-systemctl-native','',d)}"
 
 PACKAGES =+ "${PN}-functions"
-RDEPENDS_${PN} = "${PN}-functions"
+RDEPENDS_${PN} = "${PN}-functions \
+                  ${@bb.utils.contains('DISTRO_FEATURES','selinux','bash','',d)} \
+		 "
 FILES_${PN}-functions = "${sysconfdir}/init.d/functions*"
 
 ALTERNATIVE_PRIORITY_${PN}-functions = "90"
@@ -104,6 +107,11 @@ do_install () {
 	if [ "${TARGET_ARCH}" = "arm" ]; then
 		install -m 0755 ${WORKDIR}/alignment.sh	${D}${sysconfdir}/init.d
 	fi
+
+	if ${@bb.utils.contains('DISTRO_FEATURES','selinux','true','false',d)}; then
+		install -d ${D}/${base_sbindir}
+		install -m 0755 ${WORKDIR}/sushell ${D}/${base_sbindir}
+	fi
 #
 # Install device dependent scripts
 #
-- 
1.9.1

[PATCH 2/2] systemd: add PACKAGECONFIG selinux

[Kai Kang]

Add PACKAGECONFIG 'selinux' for systemd. debug-shell.service starts
different shell according whether selinux is enabled.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
 meta/recipes-core/systemd/systemd_219.bb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-core/systemd/systemd_219.bb b/meta/recipes-core/systemd/systemd_219.bb
index 6ed4fe0..8abd4e5 100644
--- a/meta/recipes-core/systemd/systemd_219.bb
+++ b/meta/recipes-core/systemd/systemd_219.bb
@@ -61,7 +61,9 @@ GTKDOC_DOCDIR = "${S}/docs/"
 
 PACKAGECONFIG ??= "xz ldconfig \
                    ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)} \
-                   ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'xkbcommon', '', d)}"
+                   ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'xkbcommon', '', d)} \
+                   ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)} \
+                  "
 
 PACKAGECONFIG[journal-upload] = "--enable-libcurl,--disable-libcurl,curl"
 # Sign the journal for anti-tampering
@@ -85,6 +87,7 @@ PACKAGECONFIG[xkbcommon] = "--enable-xkbcommon,--disable-xkbcommon,libxkbcommon"
 # Update NAT firewall rules
 PACKAGECONFIG[iptc] = "--enable-libiptc,--disable-libiptc,iptables"
 PACKAGECONFIG[ldconfig] = "--enable-ldconfig,--disable-ldconfig,,"
+PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux"
 
 CACHED_CONFIGUREVARS += "ac_cv_path_KILL=${base_bindir}/kill"
 CACHED_CONFIGUREVARS += "ac_cv_path_KMOD=${base_bindir}/kmod"
-- 
1.9.1