From: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH v8 02/16] refpolicy: new package
Date: Tue, 14 Jul 2015 09:59:09 -0500 [thread overview]
Message-ID: <CANn-YGReofOC8QGLKAKK6tJL3ev5j1_0tbTw22RPer9n2qMqfA@mail.gmail.com> (raw)
In-Reply-To: <CAHXCMM+2PC771ruOvGcmPcv4GXGNRrRy4XZE3V--WR=g9oJGEQ@mail.gmail.com>
Samuel,
On Tue, Jul 14, 2015 at 9:50 AM, Samuel Martin <s.martin49@gmail.com> wrote:
> Clayton, all,
>
> On Sat, Jul 11, 2015 at 1:27 AM, Clayton Shotwell
> <clayton.shotwell@rockwellcollins.com> wrote:
>> From: Clayton Shotwell <clshotwe@rockwellcollins.com>
>>
>> Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
>> Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
>
> Reviewed-by: Samuel Martin <s.martin49@gmail.com>
> But still some nits ;-)
>
> [...]
>> diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
>> new file mode 100644
>> index 0000000..b6af100
>> --- /dev/null
>> +++ b/package/refpolicy/Config.in
>> @@ -0,0 +1,99 @@
>> +config BR2_PACKAGE_REFPOLICY
>> + bool "refpolicy"
>> + select BR2_PACKAGE_POLICYCOREUTILS
>> + select BR2_PACKAGE_BUSYBOX_SELINUX if BR2_PACKAGE_BUSYBOX
>> + depends on BR2_TOOLCHAIN_HAS_THREADS # policycoreutils
>> + depends on BR2_TOOLCHAIN_USES_GLIBC || BR2_TOOLCHAIN_USES_MUSL # policycoreutils
>> + help
>> + The SELinux Reference Policy project (refpolicy) is a
>> + complete SELinux policy that can be used as the system
>> + policy for a variety of systems and used as the basis
>> + for creating other policies. Reference Policy was originally
>> + based on the NSA example policy, but aims to accomplish
>> + many additional goals.
>> +
>> + The current refpolicy does not fully support Buildroot
>> + and needs modifications to work with the default system
>> + file layout. These changes should be added as patches to
> nit: s/layout. These/layout. These/
Fixed.
>> + the refpolicy that modify a single SELinux policy.
>> +
>> +comment "refpolicy needs a toolchain w/ threads, glibc or musl"
>> + depends on !BR2_TOOLCHAIN_HAS_THREADS \
>> + || !(BR2_TOOLCHAIN_USES_GLIBC || BR2_TOOLCHAIN_USES_MUSL)
>> +
>
> [...]
>
>> diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
>> new file mode 100644
>> index 0000000..dbc662d
>> --- /dev/null
>> +++ b/package/refpolicy/refpolicy.mk
>> @@ -0,0 +1,120 @@
>> +################################################################################
>> +#
>> +# refpolicy
>> +#
>> +################################################################################
>> +
>> +ifeq ($(BR2_PACKAGE_REFPOLICY_CUSTOM_GIT),y)
>> +REFPOLICY_SITE = $(call qstrip,$(BR2_PACKAGE_REFPOLICY_CUSTOM_REPO_URL))
>> +REFPOLICY_VERSION = $(call qstrip,$(BR2_PACKAGE_REFPOLICY_CUSTOM_REPO_VERSION))
>> +REFPOLICY_SITE_METHOD = git
>> +REFPOLICY_DEPENDENCIES += refpolicy-contrib
>> +else
>> +REFPOLICY_VERSION = 2.20130424
>> +REFPOLICY_SOURCE = refpolicy-$(REFPOLICY_VERSION).tar.bz2
>> +REFPOLICY_SITE = http://oss.tresys.com/files/refpolicy/
>> +endif
>> +REFPOLICY_LICENSE = GPLv2
>> +REFPOLICY_LICENSE_FILES = COPYING
>> +
>> +# Cannot use multiple threads to build the reference policy
>> +REFPOLICY_MAKE = $(TARGET_MAKE_ENV) $(MAKE1)
>> +
>> +REFPOLICY_DEPENDENCIES += host-m4 host-checkpolicy host-policycoreutils \
>> + host-setools host-gawk host-python policycoreutils
>> +
>> +REFPOLICY_INSTALL_STAGING = YES
>> +
>> +REFPOLICY_POLICY_NAME = br_policy
>> +
>> +# To apply board specific customizations, create a refpolicy folder in
>> +# BR2_GLOBAL_PATCH_DIR. These patches will be applied after the patches
>> +# in package/refpolicy
>> +
>> +# Passing the HOST_CONFIGURE_OPTS to the target build because all of the
>> +# build utilities are expected to be on system. This fools the make files
>> +# into using the host built utilities to compile the SELinux policy for
>> +# the target.
>> +#
>> +# Note, the TEST_TOOLCHAIN option will also set the
>> +# LD_LIBRARY_PATH at run time.
>> +REFPOLICY_MAKE_OPTS = $(HOST_CONFIGURE_OPTS) \
>> + TEST_TOOLCHAIN="$(HOST_DIR)"
>> +
>> +# Build requires python2 to run
>> +REFPOLICY_MAKE_ENV = \
>> + PYTHON="$(HOST_DIR)/usr/bin/python2" \
>> + AWK="$(HOST_DIR)/usr/bin/gawk" \
>> + M4="$(HOST_DIR)/usr/bin/m4"
>> +
>> +
>> +ifeq ($(BR2_PACKAGE_REFPOLICY_MODULAR),y)
>> + REFPOLICY_MONOLITHIC = n
>> +else
>> + REFPOLICY_MONOLITHIC = y
>> +endif
>> +
>> +ifeq ($(BR2_PACKAGE_REFPOLICY_CUSTOM_GIT),y)
>> +define REFPOLICY_GIT_SUBMODULE_SETUP
>> + rsync -ar $(RSYNC_VCS_EXCLUSIONS) $(REFPOLICY_CONTRIB_DIR)/* $(@D)/policy/modules/contrib/
> nit: wrap at ~70-80 characters
Fixed.
Thanks,
Clayton
Clayton Shotwell
Senior Software Engineer, Rockwell Collins
clayton.shotwell at rockwellcollins.com
next prev parent reply other threads:[~2015-07-14 14:59 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-10 23:27 [Buildroot] [PATCH v8 00/16] SELinux Buildroot Additions Clayton Shotwell
2015-07-10 23:27 ` [Buildroot] [PATCH v8 01/16] policycoreutils: new package Clayton Shotwell
2015-07-14 12:26 ` Samuel Martin
2015-07-14 14:28 ` Clayton Shotwell
2015-07-14 20:49 ` Arnout Vandecappelle
2015-07-10 23:27 ` [Buildroot] [PATCH v8 02/16] refpolicy: " Clayton Shotwell
2015-07-14 14:50 ` Samuel Martin
2015-07-14 14:59 ` Clayton Shotwell [this message]
2015-07-10 23:27 ` [Buildroot] [PATCH v8 03/16] busybox: applets as individual binaries Clayton Shotwell
2015-07-14 15:19 ` Samuel Martin
2015-07-10 23:27 ` [Buildroot] [PATCH v8 04/16] busybox: selinux support Clayton Shotwell
2015-07-14 14:59 ` Samuel Martin
2015-07-10 23:27 ` [Buildroot] [PATCH v8 05/16] linux-pam: " Clayton Shotwell
2015-07-14 15:12 ` Samuel Martin
2015-07-10 23:27 ` [Buildroot] [PATCH v8 06/16] busybox: added linux-pam support Clayton Shotwell
2015-07-14 12:29 ` Samuel Martin
2015-07-10 23:27 ` [Buildroot] [PATCH v8 07/16] sysvinit: added libselinux dependency Clayton Shotwell
2015-07-14 12:40 ` Samuel Martin
2015-07-10 23:27 ` [Buildroot] [PATCH v8 08/16] dbus: selinux file context support Clayton Shotwell
2015-07-14 12:44 ` Samuel Martin
2015-07-10 23:27 ` [Buildroot] [PATCH v8 09/16] openssh: selinux and pam support Clayton Shotwell
2015-07-14 15:24 ` Samuel Martin
2015-07-10 23:27 ` [Buildroot] [PATCH v8 10/16] util-linux: selinux, audit, " Clayton Shotwell
2015-07-14 12:55 ` Samuel Martin
2015-07-10 23:27 ` [Buildroot] [PATCH v8 11/16] rsyslog: fix config file comment style Clayton Shotwell
2015-07-11 7:28 ` Thomas Petazzoni
2015-07-12 22:51 ` Thomas Petazzoni
2015-07-13 12:25 ` Clayton Shotwell
2015-07-10 23:27 ` [Buildroot] [PATCH v8 12/16] qemu x86 selinux: added common selinux support files Clayton Shotwell
2015-07-10 23:27 ` [Buildroot] [PATCH v8 13/16] qemu x86 selinux: base br defconfig Clayton Shotwell
2015-07-10 23:28 ` [Buildroot] [PATCH v8 14/16] squashfs: Add xattr support Clayton Shotwell
2015-07-11 7:31 ` Thomas Petazzoni
2015-07-10 23:28 ` [Buildroot] [PATCH v8 15/16] cpio: new package Clayton Shotwell
2015-07-14 15:38 ` Samuel Martin
2015-07-14 16:08 ` Clayton Shotwell
2015-07-10 23:28 ` [Buildroot] [PATCH v8 16/16] audit: Add startup script Clayton Shotwell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CANn-YGReofOC8QGLKAKK6tJL3ev5j1_0tbTw22RPer9n2qMqfA@mail.gmail.com \
--to=clayton.shotwell@rockwellcollins.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.