[yocto] [meta-selinux][PATCH 1/2] refpolicy: Replace 2.2014120 with release 2.20151208.
Stephen Smalley
sds at tycho.nsa.gov
Tue Mar 22 12:43:52 PDT 2016
On 03/21/2016 12:26 AM, Philip Tricca wrote:
> This was mostly straight forward. Had to refresh a single patch:
> poky-policy-fix-new-SELINUXMNT-in-sys.patch
Can we drop that one? Doesn't upstream already include rules for the
change from /selinux to /sys/fs/selinux, since that has been the default
for Linux 3.0 and later?
Also, refpolicy-update-for_systemd.patch seems suspect, given that
upstream refpolicy already includes systemd support (but you need to
build with SYSTEMD=y, which can be done now via POLICY_SYSTEMD=y in your
local.conf or elsewhere). The only bit I see in that patch that isn't
already in refpolicy is
allow devpts device_t:filesystem associate;
which ought to be rewritten as
dev_associate(devpts_t)
and upstreamed to refpolicy terminal.te if needed.
I assume that is from creating the /dvv/pts mount point and
automatically trying to label it according to file_contexts, but the
type in file_contexts is really for the devpts mount, not the mount point.
More information about the yocto
mailing list