[yocto] [meta-selinux][PATCH 0/5] Resend: Remove python dependency from refpol.

Joe MacDonald joe at deserted.net
Tue Oct 22 08:37:55 PDT 2013


[Re: [yocto] [meta-selinux][PATCH 0/5] Resend: Remove python dependency from refpol.] On 13.10.21 (Mon 16:01) Joe MacDonald wrote:

> [Re: [yocto] [meta-selinux][PATCH 0/5] Resend: Remove python dependency from refpol.] On 13.10.21 (Mon 10:57) Joe MacDonald wrote:
> 
> > Thought I'd best (finally) follow up to the list on this.  I've been
> > talking to Philip offline.  These are in the queue for integration but
> > some surprising things have cropped up along the way and the integration
> > is being delayed a bit.
> > 
> > I'll be grabbing the other meta-selinux update at the same time.
> 
> Further to this, I've finished the merge of this batch and the two other
> submissions I've seen for meta-selinux today.  I haven't yet pushed them
> to meta-selinux on git.yoctoproject.org.  I'm going to let it cool off
> until at least tomorrow since this one proved to be much more
> problematic than I think it should have been.  In the meantime, I've
> pushed the pending changes to my github project:
> 
>    https://github.com/joeythesaint/meta-selinux.git
> 
> on the contrib/joeythesaint branch.

Six of the seven commits that were on that branch are now in the
official meta-selinux master branch.  The last is the bzip-compressed
policy update.

Thanks Philip.

-J.

> 
> -J.
> 
> > 
> > -J.
> > 
> > [[yocto] [meta-selinux][PATCH 0/5] Resend: Remove python dependency from refpol.] On 13.10.17 (Thu 19:06) Philip Tricca wrote:
> > 
> > > This is a resend of an earlier patch set that never made it to the list
> > > AFAIK.
> > > 
> > > The reference policy package currently pulls in a lot of python stuff
> > > that isn't strictly necessary to boot an SELinux system and load a
> > > policy. AFAIK this is caused by the mix of python and C utilities in
> > > policycoreutils.
> > > 
> > > This patch set breaks the policycoreutils recipe up into multiple
> > > packages, one for each utility. In this way we can have the refpol etc
> > > pull in only the utilities necessary for normal operation. This happens
> > > to be only the utilities written in C and thus we can remove python
> > > completely in a minimal image.
> > > 
> > > I've attempted to localize these changes as much as possible so this
> > > patch set should have minimal impact on recipes outside of the
> > > policycoreutils. An example image reicpe is added to demonstrate a
> > > minimal image with only the utilities required to load a policy and
> > > manipulate the policy store (add / remove policy modules) at runtime.
> > > 
> > > Regards,
> > > - Philip
> > > 
> > > Philip Tricca (5):
> > >  Break policycoreutils out into separate
> > >  Remove unnecessary RDEPENDS_${BPN}.
> > >  Remove runtime dependency on
> > >  Add packagegroup and image recipe for
> > >  Add packagegroup for policycoreutils
> > > 
> > >  .../images/core-image-selinux-minimal.bb           |   15 ++
> > >  .../packagegroups/packagegroup-core-selinux.bb     |    4 +-
> > >  .../packagegroups/packagegroup-selinux-minimal.bb  |   26 +++
> > >  .../packagegroup-selinux-policycoreutils.bb        |   36 ++++
> > >  recipes-security/refpolicy/refpolicy_common.inc    |    2 +-
> > >  recipes-security/selinux/policycoreutils.inc       |  179 +++++++++++++++++--
> > >  6 files changed, 245 insertions(+), 17 deletions(-)
> > > 
> > > _______________________________________________
> > > yocto mailing list
> > > yocto at yoctoproject.org
> > > https://lists.yoctoproject.org/listinfo/yocto
> > 
-- 
-Joe MacDonald.
:wq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20131022/ff4caa9d/attachment.pgp>


More information about the yocto mailing list