[yocto] [meta-selinux][PATCH 0/5] Resend: Remove python dependency from refpol.

Philip Tricca flihp at twobit.us
Tue Oct 22 09:50:49 PDT 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 10/22/2013 11:37 AM, Joe MacDonald wrote:
> [Re: [yocto] [meta-selinux][PATCH 0/5] Resend: Remove python 
> dependency from refpol.] On 13.10.21 (Mon 16:01) Joe MacDonald 
> wrote:
> 
>> [Re: [yocto] [meta-selinux][PATCH 0/5] Resend: Remove python 
>> dependency from refpol.] On 13.10.21 (Mon 10:57) Joe MacDonald 
>> wrote:
>> 
>>> Thought I'd best (finally) follow up to the list on this.
>>> I've been talking to Philip offline.  These are in the queue
>>> for integration but some surprising things have cropped up
>>> along the way and the integration is being delayed a bit.
>>> 
>>> I'll be grabbing the other meta-selinux update at the same 
>>> time.
>> 
>> Further to this, I've finished the merge of this batch and the 
>> two other submissions I've seen for meta-selinux today.  I 
>> haven't yet pushed them to meta-selinux on git.yoctoproject.org. 
>> I'm going to let it cool off until at least tomorrow since this 
>> one proved to be much more problematic than I think it should 
>> have been.  In the meantime, I've pushed the pending changes to 
>> my github project:
>> 
>> https://github.com/joeythesaint/meta-selinux.git
>> 
>> on the contrib/joeythesaint branch.
> 
> Six of the seven commits that were on that branch are now in the 
> official meta-selinux master branch.  The last is the 
> bzip-compressed policy update.
> 
> Thanks Philip.

Sure thing Joe. Thanks for spending the time to get these integrated.

- - Philip

> 
> -J.
> 
>> 
>> -J.
>> 
>>> 
>>> -J.
>>> 
>>> [[yocto] [meta-selinux][PATCH 0/5] Resend: Remove python 
>>> dependency from refpol.] On 13.10.17 (Thu 19:06) Philip Tricca 
>>> wrote:
>>> 
>>>> This is a resend of an earlier patch set that never made it 
>>>> to the list AFAIK.
>>>> 
>>>> The reference policy package currently pulls in a lot of 
>>>> python stuff that isn't strictly necessary to boot an
>>>> SELinux system and load a policy. AFAIK this is caused by the
>>>> mix of python and C utilities in policycoreutils.
>>>> 
>>>> This patch set breaks the policycoreutils recipe up into 
>>>> multiple packages, one for each utility. In this way we can 
>>>> have the refpol etc pull in only the utilities necessary for 
>>>> normal operation. This happens to be only the utilities 
>>>> written in C and thus we can remove python completely in a 
>>>> minimal image.
>>>> 
>>>> I've attempted to localize these changes as much as possible 
>>>> so this patch set should have minimal impact on recipes 
>>>> outside of the policycoreutils. An example image reicpe is 
>>>> added to demonstrate a minimal image with only the utilities 
>>>> required to load a policy and manipulate the policy store 
>>>> (add / remove policy modules) at runtime.
>>>> 
>>>> Regards, - Philip
>>>> 
>>>> Philip Tricca (5): Break policycoreutils out into separate 
>>>> Remove unnecessary RDEPENDS_${BPN}. Remove runtime
>>>> dependency on Add packagegroup and image recipe for Add
>>>> packagegroup for policycoreutils
>>>> 
>>>> .../images/core-image-selinux-minimal.bb           |   15 ++
>>>>  .../packagegroups/packagegroup-core-selinux.bb     |    4 +-
>>>>  .../packagegroups/packagegroup-selinux-minimal.bb  |   26 
>>>> +++ .../packagegroup-selinux-policycoreutils.bb        |
>>>> 36 ++++ recipes-security/refpolicy/refpolicy_common.inc    | 
>>>> 2 +- recipes-security/selinux/policycoreutils.inc       | 179
>>>> +++++++++++++++++-- 6 files changed, 245 insertions(+), 17
>>>> deletions(-)
>>>> 
>>>> _______________________________________________ yocto
>>>> mailing list yocto at yoctoproject.org 
>>>> https://lists.yoctoproject.org/listinfo/yocto
>>> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQIcBAEBCgAGBQJSZqzpAAoJEDL3fnXC4dO6Z6UP/0UoTumQK0wIlyk4YviqsTKr
E0F62JvgzCgf9BLadGmbBSEvgS9Zg50fGr+wM4p0wc7TW2egNnQrPQRa70Y2ycjL
jEQhBRuW6HFTSNZYTsrrt20IjE7nTQEDQnvSZW18lDMKbSyWHdrLGL9lgqWKjiRC
mf0g6cyO4CNnhxdYIZvWTNWoDdbDTQRpyzWhO2S4YkM7Vkh7lvg3IPadGwTAd6MM
nGS6iLKaaaUcqw/i5axOwd8xH2C0/MGDPPYkRwcxAjU7nuH4uOS5uaq5k0dGiuLF
IRp374YwCOypcPtmZT0w3C80CmJSC6e2fxHeH8xQNWBnsFSweG3sT/9DGhVYeZky
HuvkFFFKmsbSfZHFuTQsH5AiV3YaHQTOgWCefQ22xCDEB03t52E6IPY0rAzlxXIi
apL8fhtHjlQ0GaY5yoV7n6+KyfqlQm7WpHXAqowfWEYS3P/pVPJe4pTq+PrzadF2
o5DpGVR5Du2QzLBsFZetFIrLg3kKYkq9011RHwBFl9frsVxTYAdBm58GvceBJL1K
wecuveTH30KhYjiDzMZTNL3Tm/vMJLL/CzIWF5NdrMwCUt8+TwFGJvB7a2QEssS0
14SMdPKjtvbGutlAkOT/9T/1HrpIZhoZtkwEnyKgdXEk469+Vp6aBHjf52JPHyFn
5JJhKda01naDs+KA9G6p
=uocy
-----END PGP SIGNATURE-----

More information about the yocto mailing list