[yocto] [meta-selinux][PATCH 0/5] Resend: Remove python dependency from refpol.
Joe MacDonald
joe at deserted.net
Mon Oct 21 13:01:55 PDT 2013
[Re: [yocto] [meta-selinux][PATCH 0/5] Resend: Remove python dependency from refpol.] On 13.10.21 (Mon 10:57) Joe MacDonald wrote:
> Thought I'd best (finally) follow up to the list on this. I've been
> talking to Philip offline. These are in the queue for integration but
> some surprising things have cropped up along the way and the integration
> is being delayed a bit.
>
> I'll be grabbing the other meta-selinux update at the same time.
Further to this, I've finished the merge of this batch and the two other
submissions I've seen for meta-selinux today. I haven't yet pushed them
to meta-selinux on git.yoctoproject.org. I'm going to let it cool off
until at least tomorrow since this one proved to be much more
problematic than I think it should have been. In the meantime, I've
pushed the pending changes to my github project:
https://github.com/joeythesaint/meta-selinux.git
on the contrib/joeythesaint branch.
-J.
>
> -J.
>
> [[yocto] [meta-selinux][PATCH 0/5] Resend: Remove python dependency from refpol.] On 13.10.17 (Thu 19:06) Philip Tricca wrote:
>
> > This is a resend of an earlier patch set that never made it to the list
> > AFAIK.
> >
> > The reference policy package currently pulls in a lot of python stuff
> > that isn't strictly necessary to boot an SELinux system and load a
> > policy. AFAIK this is caused by the mix of python and C utilities in
> > policycoreutils.
> >
> > This patch set breaks the policycoreutils recipe up into multiple
> > packages, one for each utility. In this way we can have the refpol etc
> > pull in only the utilities necessary for normal operation. This happens
> > to be only the utilities written in C and thus we can remove python
> > completely in a minimal image.
> >
> > I've attempted to localize these changes as much as possible so this
> > patch set should have minimal impact on recipes outside of the
> > policycoreutils. An example image reicpe is added to demonstrate a
> > minimal image with only the utilities required to load a policy and
> > manipulate the policy store (add / remove policy modules) at runtime.
> >
> > Regards,
> > - Philip
> >
> > Philip Tricca (5):
> > Break policycoreutils out into separate
> > Remove unnecessary RDEPENDS_${BPN}.
> > Remove runtime dependency on
> > Add packagegroup and image recipe for
> > Add packagegroup for policycoreutils
> >
> > .../images/core-image-selinux-minimal.bb | 15 ++
> > .../packagegroups/packagegroup-core-selinux.bb | 4 +-
> > .../packagegroups/packagegroup-selinux-minimal.bb | 26 +++
> > .../packagegroup-selinux-policycoreutils.bb | 36 ++++
> > recipes-security/refpolicy/refpolicy_common.inc | 2 +-
> > recipes-security/selinux/policycoreutils.inc | 179 +++++++++++++++++--
> > 6 files changed, 245 insertions(+), 17 deletions(-)
> >
> > _______________________________________________
> > yocto mailing list
> > yocto at yoctoproject.org
> > https://lists.yoctoproject.org/listinfo/yocto
>
--
-Joe MacDonald.
:wq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20131021/8d3a9115/attachment.pgp>
More information about the yocto
mailing list