[yocto] [meta-selinux][PATCH] policycoreutils: update AUDITH, PAMH

wenzong fan wenzong.fan at windriver.com
Tue Oct 10 18:32:24 PDT 2017 


On 10/10/2017 09:45 PM, Mark Hatle wrote:
> This is incorrect.  You are not allowed to dynamically determine capabilities
> like this.  Because if another component changes, the system has no way to
> determine if this package should also be recompiled.
> 
> policycoreutils should be using 'PACKAGECONFIG', with an audit and pam option.
> Then set a default with them enabled, allowing a user to override the settings.

Ok, I'll update the patch with 'PACKAGECONFIG' options.

Thanks
Wenzong

> 
> --Mark
> 
> On 10/10/17 2:46 AM, wenzong.fan at windriver.com wrote:
>> From: Wenzong Fan <wenzong.fan at windriver.com>
>>
>> Update definition of AUDITH, PAMH according to the upstream changes
>> for Makefiles:
>>
>>    commit 89ce96cac6ce5eeed78cb39c58514cd68494d7aa
>>    ...
>>    -ifeq ($(PAMH), /usr/include/security/pam_appl.h)
>>    +ifeq ($(PAMH), y)
>>    ...
>>    -ifeq ($(AUDITH), /usr/include/libaudit.h)
>>    +ifeq ($(AUDITH), y)
>>
>> Signed-off-by: Wenzong Fan <wenzong.fan at windriver.com>
>> ---
>>   recipes-security/selinux/policycoreutils.inc | 4 ++--
>>   1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc
>> index 442b086..63ca402 100644
>> --- a/recipes-security/selinux/policycoreutils.inc
>> +++ b/recipes-security/selinux/policycoreutils.inc
>> @@ -118,8 +118,8 @@ export STAGING_LIBDIR
>>   export BUILD_SYS
>>   export HOST_SYS
>>   
>> -AUDITH="`ls ${STAGING_INCDIR}/libaudit.h >/dev/null 2>&1 && echo /usr/include/libaudit.h `"
>> -PAMH="`ls ${STAGING_INCDIR}/security/pam_appl.h >/dev/null 2>&1 && echo /usr/include/security/pam_appl.h `"
>> +AUDITH="`ls ${STAGING_INCDIR}/libaudit.h >/dev/null 2>&1 && echo y`"
>> +PAMH="`ls ${STAGING_INCDIR}/security/pam_appl.h >/dev/null 2>&1 && echo y`"
>>   EXTRA_OEMAKE += "${@target_selinux(d, 'PAMH=${PAMH} AUDITH=${AUDITH}', 'PAMH= AUDITH= ')} INOTIFYH=n"
>>   EXTRA_OEMAKE += "PREFIX=${D}"
>>   EXTRA_OEMAKE += "INITDIR=${D}/etc/init.d"
>>
> 
>

More information about the yocto mailing list