[yocto] [meta-selinux][PATCH] Add recipe to build the MCS refpolicy.
Joe MacDonald
joe at deserted.net
Wed Oct 30 07:20:09 PDT 2013
I like both this and your follow-up changes, I'd been thinking it was
time to do such a cleanup myself the other day. So thanks. :-)
I just had two small things. One here, one over on the common.inc file.
[[yocto] [meta-selinux][PATCH] Add recipe to build the MCS refpolicy.] On 13.10.29 (Tue 23:44) Philip Tricca wrote:
> This is the default policy type used by most (all?) distros that
> support SELinux.
>
> Signed-off-by: Philip Tricca <flihp at twobit.us>
> ---
> .../refpolicy/refpolicy-mcs_2.20130424.bb | 23 ++++++++++++++++++++
> 1 file changed, 23 insertions(+)
> create mode 100644 recipes-security/refpolicy/refpolicy-mcs_2.20130424.bb
>
> diff --git a/recipes-security/refpolicy/refpolicy-mcs_2.20130424.bb b/recipes-security/refpolicy/refpolicy-mcs_2.20130424.bb
> new file mode 100644
> index 0000000..38b78f1
> --- /dev/null
> +++ b/recipes-security/refpolicy/refpolicy-mcs_2.20130424.bb
> @@ -0,0 +1,23 @@
> +SUMMARY = "MCS (Multi Category Security) variant of the SELinux policy"
> +DESCRIPTION = "\
> +This is the reference policy for SE Linux built with MCS support. \
> +An MCS policy is the same as an MLS policy but with only one sensitivity \
> +level. This is useful on systems where a hierarchical policy (MLS) isn't \
> +needed (pretty much all systems) but the non-hierarchical categories are. \
> +"
> +
> +PR = "r0"
I don't think we need this, even for the sake of clarity.
-J.
> +
> +POLICY_NAME = "mcs"
> +POLICY_TYPE = "mcs"
> +POLICY_DISTRO = "redhat"
> +POLICY_UBAC = "n"
> +POLICY_UNK_PERMS = "allow"
> +POLICY_DIRECT_INITRC = "n"
> +POLICY_MONOLITHIC = "n"
> +POLICY_CUSTOM_BUILDOPT = ""
> +POLICY_QUIET = "y"
> +
> +POLICY_MCS_CATS = "1024"
> +
> +include refpolicy_${PV}.inc
--
-Joe MacDonald.
:wq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20131030/990a53b8/attachment.pgp>
More information about the yocto
mailing list