[yocto] [meta-selinux][PATCH 0/5] Resend: Remove python dependency from refpol.
Joe MacDonald
joe at deserted.net
Tue Oct 22 08:37:55 PDT 2013
[Re: [yocto] [meta-selinux][PATCH 0/5] Resend: Remove python dependency from refpol.] On 13.10.21 (Mon 16:01) Joe MacDonald wrote:
> [Re: [yocto] [meta-selinux][PATCH 0/5] Resend: Remove python dependency from refpol.] On 13.10.21 (Mon 10:57) Joe MacDonald wrote:
>
> > Thought I'd best (finally) follow up to the list on this. I've been
> > talking to Philip offline. These are in the queue for integration but
> > some surprising things have cropped up along the way and the integration
> > is being delayed a bit.
> >
> > I'll be grabbing the other meta-selinux update at the same time.
>
> Further to this, I've finished the merge of this batch and the two other
> submissions I've seen for meta-selinux today. I haven't yet pushed them
> to meta-selinux on git.yoctoproject.org. I'm going to let it cool off
> until at least tomorrow since this one proved to be much more
> problematic than I think it should have been. In the meantime, I've
> pushed the pending changes to my github project:
>
> https://github.com/joeythesaint/meta-selinux.git
>
> on the contrib/joeythesaint branch.
Six of the seven commits that were on that branch are now in the
official meta-selinux master branch. The last is the bzip-compressed
policy update.
Thanks Philip.
-J.
>
> -J.
>
> >
> > -J.
> >
> > [[yocto] [meta-selinux][PATCH 0/5] Resend: Remove python dependency from refpol.] On 13.10.17 (Thu 19:06) Philip Tricca wrote:
> >
> > > This is a resend of an earlier patch set that never made it to the list
> > > AFAIK.
> > >
> > > The reference policy package currently pulls in a lot of python stuff
> > > that isn't strictly necessary to boot an SELinux system and load a
> > > policy. AFAIK this is caused by the mix of python and C utilities in
> > > policycoreutils.
> > >
> > > This patch set breaks the policycoreutils recipe up into multiple
> > > packages, one for each utility. In this way we can have the refpol etc
> > > pull in only the utilities necessary for normal operation. This happens
> > > to be only the utilities written in C and thus we can remove python
> > > completely in a minimal image.
> > >
> > > I've attempted to localize these changes as much as possible so this
> > > patch set should have minimal impact on recipes outside of the
> > > policycoreutils. An example image reicpe is added to demonstrate a
> > > minimal image with only the utilities required to load a policy and
> > > manipulate the policy store (add / remove policy modules) at runtime.
> > >
> > > Regards,
> > > - Philip
> > >
> > > Philip Tricca (5):
> > > Break policycoreutils out into separate
> > > Remove unnecessary RDEPENDS_${BPN}.
> > > Remove runtime dependency on
> > > Add packagegroup and image recipe for
> > > Add packagegroup for policycoreutils
> > >
> > > .../images/core-image-selinux-minimal.bb | 15 ++
> > > .../packagegroups/packagegroup-core-selinux.bb | 4 +-
> > > .../packagegroups/packagegroup-selinux-minimal.bb | 26 +++
> > > .../packagegroup-selinux-policycoreutils.bb | 36 ++++
> > > recipes-security/refpolicy/refpolicy_common.inc | 2 +-
> > > recipes-security/selinux/policycoreutils.inc | 179 +++++++++++++++++--
> > > 6 files changed, 245 insertions(+), 17 deletions(-)
> > >
> > > _______________________________________________
> > > yocto mailing list
> > > yocto at yoctoproject.org
> > > https://lists.yoctoproject.org/listinfo/yocto
> >
--
-Joe MacDonald.
:wq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20131022/ff4caa9d/attachment.pgp>
More information about the yocto
mailing list