[yocto] [meta-selinux] Updated meta-selinux -- master (was: master-next)

Philip Tricca flihp at twobit.us
Thu Oct 3 18:49:46 PDT 2013


Looks good to me.

Thanks,
- Philip

On 10/02/2013 08:57 PM, Joe MacDonald wrote:
> Philip / Mark / all,
> 
> Earlier today I updated master with a rebased version of what was in
> master-next.  I apologize for not sending this out earlier.  Today's
> been a bit turbo.
> 
> This update should have been a fast-forward update to master, so if
> that's not the case, or if the updates cause any unexpected behaviour,
> please let me know.
> 
> The only outstanding issue I'm aware of right now is basically what I
> related in my earlier mail, but less severe.  The initial boot and
> auto-relabelling hums along fine.  The second boot produces a few
> issues about /dev/vcs* and /dev/fb* having their label applications
> denied due to an invalid context.  Logging in to the system and
> manually doing a restorecon on those devices as root/secadm_r/secadm_t
> applies the correct label until the next boot.  Then you're back to
> the default labels and have to restore them again.
> 
> The current state of affairs works around the more serious problem I
> mentioned previously by not using the udev device cache.  I'd like to
> fix that, but since it was the approach used in master previously, I
> didn't think it was worth holding off on the update just for that.
> 
> -J.
> 
> On Sat, Sep 28, 2013 at 3:46 PM, Philip Tricca <flihp at twobit.us> wrote:
>> On 09/27/2013 03:58 PM, Joe MacDonald wrote:
>>> [[yocto] [meta-selinux] Updated meta-selinux -- master-next] On 13.09.19 (Thu 13:41) Mark Hatle wrote:
>>>
>>>> I have updated meta-selinux, and placed the update into the 'master-next' branch.
>>>>
>>>> This was locally tested with Poky as of commit
>>>> 853bc53cd58a621918f0e5ce662dba263d1befb4.
>>>>
>>>> Note, when building the core-image-selinux, the internal refpolicies
>>>> cause a lot of failures.  I'm not an expert on how this should be
>>>> configured, so I'm looking for help/patches from others.
>>>>
>>>> If you know of any other additional patches that should be applied,
>>>> or are able to help with the refpolicies, please let me know!
>>>>
>>>> Thanks!
>>>> --Mark
>>>
>>> I just pushed a new (non-ff!) update to master-next.  It includes the
>>> following:
>>>
>>>    - Mark Hatle: policycoreutils: avoid shell for checking target-special actions
>>>    - Mark Hatle: setools: Uprev setools
>>>    - Mark Hatle: README: Update status
>>>    - Mark Hatle: libcap-ng: Uprev libcap-ng
>>>    - Mark Hatle: audit: Uprev to audit 2.3.2
>>>    - Mark Hatle: swig: Update to latest swig from meta-openembedded
>>>    - Mark Hatle: python-ipy: Uprev to latest 0.81 version
>>>    - Mark Hatle: distro/*: Update the distro files
>>>    - Christopher Larson: layer.conf: avoid unnecessary early expansion with :=
>>>    - Qiang Chen: selinux: remove reference to locale env files from login
>>>    - Mark Hatle: linux-yocto: Add support for the 3.10 kernel
>>>    - Xin Ouyang: kernel: add BBAPPEND for linux 3.10
>>
>> Can I put in a request to cherry-pick the 3.10 kernel update down to master? This is independent from all of the tools / policy updates and it would be very convenient for those of us building against master oe-core. As of now a build of meta-selinux master against oe-core master results in an image that will panic on boot as linux-yocto builds the 3.10 kernel and the selinux distros don't prefer a kernel with an available selinux config (3.8 is the most recent).
>>
>> Thanks,
>> - Philip
>>
> 
> 
> 




More information about the yocto mailing list