[yocto] [meta-selinux][PATCH 4/5] Add packagegroup and image recipe for minimal SELinux image.

Philip Tricca flihp at twobit.us
Wed Oct 9 05:41:00 PDT 2013


This is intended to demonstrate the minimal set packages necessary
to boot and load a system with SELinux enabled. Specifically we
don't need any of the packages that depend on python.

Signed-off-by: Philip Tricca <flihp at twobit.us>
---
 .../images/core-image-selinux-minimal.bb           |   15 +++++++++++
 .../packagegroups/packagegroup-selinux-minimal.bb  |   26 ++++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 recipes-security/images/core-image-selinux-minimal.bb
 create mode 100644 recipes-security/packagegroups/packagegroup-selinux-minimal.bb

diff --git a/recipes-security/images/core-image-selinux-minimal.bb b/recipes-security/images/core-image-selinux-minimal.bb
new file mode 100644
index 0000000..45cd847
--- /dev/null
+++ b/recipes-security/images/core-image-selinux-minimal.bb
@@ -0,0 +1,15 @@
+DESCRIPTION = "Minimal image with SELinux support (no python)"
+
+IMAGE_FEATURES += "splash ssh-server-openssh"
+
+LICENSE = "MIT"
+
+IMAGE_INSTALL = "\
+	${CORE_IMAGE_BASE_INSTALL} \
+	bash \
+	util-linux-agetty \
+	packagegroup-core-boot \
+	packagegroup-selinux-minimal \
+"
+
+inherit core-image
diff --git a/recipes-security/packagegroups/packagegroup-selinux-minimal.bb b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
new file mode 100644
index 0000000..16f6bae
--- /dev/null
+++ b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
@@ -0,0 +1,26 @@
+DESCRIPTION = "SELinux packagegroup with only packages required for basic operations"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=3f40d7994397109285ec7b81fdeb3b58 \
+                    file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+PR = "r0"
+
+PACKAGES = "\
+	${PN} \
+	"
+
+ALLOW_EMPTY_${PN} = "1"
+
+RDEPENDS_${PN} = " \
+	coreutils \
+	libsepol \
+	libselinux \
+	libselinux-bin \
+	libsemanage \
+	policycoreutils-fixfiles \
+	policycoreutils-secon \
+	policycoreutils-semodule \
+	policycoreutils-sestatus \
+	policycoreutils-setfiles \
+	selinux-config \
+	refpolicy-mls \
+	"
-- 
1.7.10.4




More information about the yocto mailing list