[yocto] [meta-selinux][PATCH] policycoreutils: update AUDITH, PAMH
Mark Hatle
mark.hatle at windriver.com
Tue Oct 10 06:45:40 PDT 2017
This is incorrect. You are not allowed to dynamically determine capabilities
like this. Because if another component changes, the system has no way to
determine if this package should also be recompiled.
policycoreutils should be using 'PACKAGECONFIG', with an audit and pam option.
Then set a default with them enabled, allowing a user to override the settings.
--Mark
On 10/10/17 2:46 AM, wenzong.fan at windriver.com wrote:
> From: Wenzong Fan <wenzong.fan at windriver.com>
>
> Update definition of AUDITH, PAMH according to the upstream changes
> for Makefiles:
>
> commit 89ce96cac6ce5eeed78cb39c58514cd68494d7aa
> ...
> -ifeq ($(PAMH), /usr/include/security/pam_appl.h)
> +ifeq ($(PAMH), y)
> ...
> -ifeq ($(AUDITH), /usr/include/libaudit.h)
> +ifeq ($(AUDITH), y)
>
> Signed-off-by: Wenzong Fan <wenzong.fan at windriver.com>
> ---
> recipes-security/selinux/policycoreutils.inc | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc
> index 442b086..63ca402 100644
> --- a/recipes-security/selinux/policycoreutils.inc
> +++ b/recipes-security/selinux/policycoreutils.inc
> @@ -118,8 +118,8 @@ export STAGING_LIBDIR
> export BUILD_SYS
> export HOST_SYS
>
> -AUDITH="`ls ${STAGING_INCDIR}/libaudit.h >/dev/null 2>&1 && echo /usr/include/libaudit.h `"
> -PAMH="`ls ${STAGING_INCDIR}/security/pam_appl.h >/dev/null 2>&1 && echo /usr/include/security/pam_appl.h `"
> +AUDITH="`ls ${STAGING_INCDIR}/libaudit.h >/dev/null 2>&1 && echo y`"
> +PAMH="`ls ${STAGING_INCDIR}/security/pam_appl.h >/dev/null 2>&1 && echo y`"
> EXTRA_OEMAKE += "${@target_selinux(d, 'PAMH=${PAMH} AUDITH=${AUDITH}', 'PAMH= AUDITH= ')} INOTIFYH=n"
> EXTRA_OEMAKE += "PREFIX=${D}"
> EXTRA_OEMAKE += "INITDIR=${D}/etc/init.d"
>
More information about the yocto
mailing list