[yocto] [meta-selinux][PULL] refpolicy: update to 2.20190201 and git HEAD policies (2019-04-10 10:57:14 -0400)
Joe MacDonald
Joe_MacDonald at mentor.com
Fri Apr 12 12:24:38 PDT 2019
Hi Yi,
[Re: [yocto] [meta-selinux][PULL] refpolicy: update to 2.20190201 and git HEAD policies (2019-04-10 10:57:14 -0400)] On 19.04.11 (Thu 16:19) Yi Zhao wrote:
> Hi Joe,
>
> Thank you for working on the refpolicy upgrade.
> I have a quick test with your patch. Here are the results:
>
> Machine: qemux86-64
> Image: core-image-selinux
> Init manager: systemd
> Boot command: runqemu qemux86-64 kvm nographic bootparams="selinux=1 enforcing=
> X" qemuparams="-m 1024"
>
> 1. All refpolicy type of git version can be built without problems.
>
> 2. With parameter selinux=1 & enforcing=0
> The qemu can boot up and login for all refpolicy types.
Perfect, that's what I had when testing on my reference hardware, so I'm
happy you were able to validate those results.
> 3. With parameter selinux=1 & enforcing=1
> Some of services failed to startup when booting. But this issue also exist on
> old refpolicy version (2.20170204)
Yeah, and given the scope of this change my goal was mainly parity with
the old policy but based on a version that's 2-ish years newer. So once
that's done I think we can reasonably work at enabling the additional
services in some structured way.
> 4. refpolicy stable version (2.20190201)
> I got an do_fetch error with refpolicy stable version.
> Seems the SRC_URI is not correct. It should be "https://github.com/
> SELinuxProject/refpolicy/releases/download/RELEASE_2_20190201/refpolicy-$
> {PV}.tar.bz2"
Thanks, good catch, I don't know how that slipped through. Corrected on
my end, I'll update it in a bit.
-J.
>
>
> Regards,
> Yi
--
-Joe MacDonald.
:wq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20190412/7d32fff6/attachment.pgp>
More information about the yocto
mailing list