[yocto] [meta-selinux][PULL] refpolicy: update to 2.20190201 and git HEAD policies (2019-04-10 10:57:14 -0400)

[Joe MacDonald]

Hi Yi,

[Re: [yocto] [meta-selinux][PULL] refpolicy: update to 2.20190201 and git HEAD policies (2019-04-10 10:57:14 -0400)] On 19.04.11 (Thu 16:19) Yi Zhao wrote:

> Hi Joe,
> 
> Thank you for working on the refpolicy upgrade.
> I have a quick test with your patch. Here are the results:
> 
> Machine: qemux86-64
> Image: core-image-selinux
> Init manager: systemd
> Boot command: runqemu qemux86-64 kvm nographic bootparams="selinux=1 enforcing=
> X" qemuparams="-m 1024"
> 
> 1. All refpolicy type of git version can be built without problems.
> 
> 2. With parameter selinux=1 & enforcing=0
> The qemu can boot up and login for all refpolicy types.

Perfect, that's what I had when testing on my reference hardware, so I'm
happy you were able to validate those results.

> 3. With parameter selinux=1 & enforcing=1
> Some of services failed to startup when booting. But this issue also exist on
> old refpolicy version (2.20170204)

Yeah, and given the scope of this change my goal was mainly parity with
the old policy but based on a version that's 2-ish years newer.  So once
that's done I think we can reasonably work at enabling the additional
services in some structured way.

> 4. refpolicy stable version (2.20190201)
> I got an do_fetch error with refpolicy stable version.
> Seems the SRC_URI is not correct. It should be "https://github.com/
> SELinuxProject/refpolicy/releases/download/RELEASE_2_20190201/refpolicy-$
> {PV}.tar.bz2"

Thanks, good catch, I don't know how that slipped through.  Corrected on
my end, I'll update it in a bit.

-J.

> 
> 
> Regards,
> Yi

-- 
-Joe MacDonald.
:wq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20190412/7d32fff6/attachment.pgp>