[yocto] [meta-selinux] Updated meta-selinux -- master (was: master-next)

Joe MacDonald joe at deserted.net
Wed Oct 2 17:57:49 PDT 2013


Philip / Mark / all,

Earlier today I updated master with a rebased version of what was in
master-next.  I apologize for not sending this out earlier.  Today's
been a bit turbo.

This update should have been a fast-forward update to master, so if
that's not the case, or if the updates cause any unexpected behaviour,
please let me know.

The only outstanding issue I'm aware of right now is basically what I
related in my earlier mail, but less severe.  The initial boot and
auto-relabelling hums along fine.  The second boot produces a few
issues about /dev/vcs* and /dev/fb* having their label applications
denied due to an invalid context.  Logging in to the system and
manually doing a restorecon on those devices as root/secadm_r/secadm_t
applies the correct label until the next boot.  Then you're back to
the default labels and have to restore them again.

The current state of affairs works around the more serious problem I
mentioned previously by not using the udev device cache.  I'd like to
fix that, but since it was the approach used in master previously, I
didn't think it was worth holding off on the update just for that.

-J.

On Sat, Sep 28, 2013 at 3:46 PM, Philip Tricca <flihp at twobit.us> wrote:
> On 09/27/2013 03:58 PM, Joe MacDonald wrote:
>> [[yocto] [meta-selinux] Updated meta-selinux -- master-next] On 13.09.19 (Thu 13:41) Mark Hatle wrote:
>>
>>> I have updated meta-selinux, and placed the update into the 'master-next' branch.
>>>
>>> This was locally tested with Poky as of commit
>>> 853bc53cd58a621918f0e5ce662dba263d1befb4.
>>>
>>> Note, when building the core-image-selinux, the internal refpolicies
>>> cause a lot of failures.  I'm not an expert on how this should be
>>> configured, so I'm looking for help/patches from others.
>>>
>>> If you know of any other additional patches that should be applied,
>>> or are able to help with the refpolicies, please let me know!
>>>
>>> Thanks!
>>> --Mark
>>
>> I just pushed a new (non-ff!) update to master-next.  It includes the
>> following:
>>
>>    - Mark Hatle: policycoreutils: avoid shell for checking target-special actions
>>    - Mark Hatle: setools: Uprev setools
>>    - Mark Hatle: README: Update status
>>    - Mark Hatle: libcap-ng: Uprev libcap-ng
>>    - Mark Hatle: audit: Uprev to audit 2.3.2
>>    - Mark Hatle: swig: Update to latest swig from meta-openembedded
>>    - Mark Hatle: python-ipy: Uprev to latest 0.81 version
>>    - Mark Hatle: distro/*: Update the distro files
>>    - Christopher Larson: layer.conf: avoid unnecessary early expansion with :=
>>    - Qiang Chen: selinux: remove reference to locale env files from login
>>    - Mark Hatle: linux-yocto: Add support for the 3.10 kernel
>>    - Xin Ouyang: kernel: add BBAPPEND for linux 3.10
>
> Can I put in a request to cherry-pick the 3.10 kernel update down to master? This is independent from all of the tools / policy updates and it would be very convenient for those of us building against master oe-core. As of now a build of meta-selinux master against oe-core master results in an image that will panic on boot as linux-yocto builds the 3.10 kernel and the selinux distros don't prefer a kernel with an available selinux config (3.8 is the most recent).
>
> Thanks,
> - Philip
>



-- 
Joe MacDonald
:wq



More information about the yocto mailing list