[yocto] [meta-selinux] How about remove libcap-ng from meta-selinux?

wenzong fan wenzong.fan at windriver.com
Tue Aug 18 02:37:15 PDT 2015 

On 08/18/2015 10:28 AM, Randy MacLeod wrote:
> On 2015-08-14 02:41 AM, wenzong fan wrote:
>> On 08/12/2015 09:05 PM, Joe MacDonald wrote:
>>> [[yocto] [meta-selinux] How about remove libcap-ng from meta-selinux?]
>>> On 15.08.12 (Wed 17:08) wenzong fan wrote:
>>>
>>>> Hi All,
>>>>
>>>> There's a libcap-ng in meta-oe layer, it has been updated to 0.7.7
>>>> and the
>>>> one in meta-selinux is 0.7.3.
>>>>
>>>> How about removing the one in meta-selinux and get this layer
>>>> depends on
>>>> meta-oe? Any suggestions?
>>>
>>> The last time we had this discussion my sense was that most users of
>>> meta-selinux wanted to continue with it only depending on oe-core.
>>> That's my preference as well.
>>>
>>> I'm happy to merge an updated version of libcap-ng (or maybe I'll get to
>>> it myself, since I've known about it since Armin removed it from
>>> meta-security, that was the time of the last discussion, I think).
>>>
>>> All I'm saying right now is that this isn't a case of accidental
>>> duplication of recipes in multiple layers, it's the result of a
>>> conscious decision.  It's totally worthwhile re-visiting that decision,
>>> though to make sure the reasons are still valid.
>>>
>>
>> Thanks for clarifying this, just send out an update patch for libcap-ng.
>
> I still think it belongs in oe-core.
>
> Wenzong,
>
> Can you try to build up a case for that?
> If I look at the dependencies on Ubuntu-15.04:
>
> Reverse Depends:
>    qemu-system-common,libcap-ng0
>    libvirt0,libcap-ng0
>    libvirt-bin,libcap-ng0
>    libcap-ng0:i386,libcap-ng0 0.7.4-2
>    libcap-ng0:i386,libcap-ng0 0.7.4-2
>    suricata,libcap-ng0
>    libcap-ng-utils,libcap-ng0 0.7.4-2
>    ladvd,libcap-ng0
>    heimdal-kdc,libcap-ng0
>    audispd-plugins,libcap-ng0
>    smartmontools,libcap-ng0
>    qemu-system-common,libcap-ng0
>    libvirt0,libcap-ng0
>    libvirt-bin,libcap-ng0
>    libcap-ng-dev,libcap-ng0 0.7.4-2
>    irqbalance,libcap-ng0
>    gnome-keyring,libcap-ng0
>    dbus-1-dbg,libcap-ng0
>    dbus,libcap-ng0
>
> note that pkgs in:
>    meta-virtualization: irqbalance, libvirt, more?
>    meta-selinux: audit
>    meta-security-framework: audit
> could drop the local versions of libcap-ng and use the
> oe-core libcap-ng.
>
>
> Please check on the actual source/configure options so that
> we(I!!) get a better understanding of where libcap vs libcap-ng
> is used.
>
> In fact, since meta-security-framework isn't using selinux, I'd
> say that both audit and libcap-ng should both move to oe-core.
>

And the swig that libcap-ng depends on (swig-native) if we to do so.

Thanks
Wenzong

>
> Thanks,
> ../Randy
>
>
>>
>> Wenzong
>
>

More information about the yocto mailing list