[yocto] [meta-selinux][PATCH 0/3] refpolicy virtual package

Mon Apr 4 10:53:24 PDT 2016

[[yocto] [meta-selinux][PATCH 0/3] refpolicy virtual package] On 16.04.04 (Mon 00:21) Philip Tricca wrote:

> We currently require each image to depend on the policy (or multiple
> policies) that they want installed and the selinux-config package
> enables the DEFAULT_POLICY. Since only one policy can be in effect at a
> time, and we're targeting "embedded" systems it makes sense (to me at
> least) that we would treat the policy much like we do the kernel and use
> a virtual provider.
> 
> Feedback would be much appreciated,
> Philip
> 
> Philip Tricca (3):
>   refpolicy: Setup virtual/refpolicy provider.
>   Integrate selinux-config into refpolicy_common.
>   refpolicy_common: Sanity test DEFAULT_ENFORCING value and set default.
> 
>  conf/distro/oe-selinux.conf                        |  1 +
>  .../packagegroups/packagegroup-core-selinux.bb     |  4 +-
>  .../packagegroups/packagegroup-selinux-minimal.bb  |  3 +-
>  recipes-security/refpolicy/refpolicy_common.inc    | 43 +++++++++++++++++++++-
>  recipes-security/selinux/selinux-config_0.1.bb     | 41 ---------------------
>  5 files changed, 44 insertions(+), 48 deletions(-)
>  delete mode 100644 recipes-security/selinux/selinux-config_0.1.bb

I've tried this out today and it all looks good to me, I've tried
breaking the sanity check on DEFAULT_ENFORCING as we discussed and it
still seems to do the right thing.  Since this is what we were
discussing last week and it seemed to make sense at the time, I went
ahead and merged your patches for you.

-- 
-Joe MacDonald.
:wq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20160404/4ff6c869/attachment.pgp>