[yocto] [meta-selinux][PATCH 7/8] refpolicy-minimum: update base refpolicy to git repo
Shrikant Bobade
bobadeshrikant at gmail.com
Mon Aug 3 06:37:07 PDT 2015
From: Shrikant Bobade <shrikant_bobade at mentor.com>
A simple forward-port of refpolicy-minimum to use the
refpolicy from git repository.
Signed-off-by: Shrikant Bobade <shrikant_bobade at mentor.com>
---
.../refpolicy/refpolicy-minimum_git.bb | 48 ++++++++++++++++++++
1 file changed, 48 insertions(+)
create mode 100644 recipes-security/refpolicy/refpolicy-minimum_git.bb
diff --git a/recipes-security/refpolicy/refpolicy-minimum_git.bb b/recipes-security/refpolicy/refpolicy-minimum_git.bb
new file mode 100644
index 0000000..b275821
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy-minimum_git.bb
@@ -0,0 +1,48 @@
+include refpolicy-targeted_${PV}.bb
+
+SUMMARY = "SELinux minimum policy"
+DESCRIPTION = "\
+This is a minimum reference policy with just core policy modules, and \
+could be used as a base for customizing targeted policy. \
+Pretty much everything runs as initrc_t or unconfined_t so all of the \
+domains are unconfined. \
+"
+
+POLICY_NAME = "minimum"
+
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:${THISDIR}/refpolicy-${PV}:${THISDIR}/refpolicy-targeted:"
+
+CORE_POLICY_MODULES = "unconfined \
+ selinuxutil storage sysnetwork \
+ application libraries miscfiles logging userdomain \
+ init mount modutils getty authlogin locallogin \
+ "
+
+# nscd caches libc-issued requests to the name service.
+# Without nscd.pp, commands want to use these caches will be blocked.
+EXTRA_POLICY_MODULES += "nscd"
+
+# pam_mail module enables checking and display of mailbox status upon
+# "login", so "login" process will access to /var/spool/mail.
+EXTRA_POLICY_MODULES += "mta"
+
+POLICY_MODULES_MIN = "${CORE_POLICY_MODULES} ${EXTRA_POLICY_MODULES}"
+
+# re-write the same func from refpolicy_common.inc
+prepare_policy_store () {
+ oe_runmake 'DESTDIR=${D}' 'prefix=${D}${prefix}' install
+
+ # Prepare to create policy store
+ mkdir -p ${D}${sysconfdir}/selinux/
+ mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/policy
+ mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules
+ mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files
+ touch ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/file_contexts.local
+ for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do
+ bzip2 -f $i && mv -f $i.bz2 $i
+ done
+ cp base.pp ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp
+ for i in ${POLICY_MODULES_MIN}; do
+ cp ${i}.pp ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i.pp`
+ done
+}
--
1.7.9.5
More information about the yocto
mailing list