| Message ID | 20200908085106.3197433-2-antoine.tenart@bootlin.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [1/2] package/mtd: add host-acl dependency for host | expand |
On Tue, 8 Sep 2020 10:51:06 +0200 Antoine Tenart <antoine.tenart@bootlin.com> wrote: > This patch sets the --with-xattr option when generating an image with > mkfs.jffs2 if BR2_PACKAGE_REFPOLICY is selected, so that SELinux > security contexts will be kept and available in jffs2 images. > > Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> > --- > fs/jffs2/jffs2.mk | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/fs/jffs2/jffs2.mk b/fs/jffs2/jffs2.mk > index 2adbc2320e38..ac00a522cc28 100644 > --- a/fs/jffs2/jffs2.mk > +++ b/fs/jffs2/jffs2.mk > @@ -35,6 +35,10 @@ JFFS2_OPTS += -n > SUMTOOL_OPTS += -n > endif > > +ifeq ($(BR2_PACKAGE_REFPOLICY),y) > +JFFS2_OPTS += --with-xattr > +endif I'm not sure this condition should be on BR2_PACKAGE_REFPOLICY. Since libselinux.mk is in charge of enabling xattr support in the Linux kernel filesystem drivers, I'm tempted to say that we should be consistent and use BR2_PACKAGE_LIBSELINUX=y as a condition here as well; What do you think? Note: no need to resend a new version, this can be changed when applying. Thomas
Hi Thomas, Quoting Thomas Petazzoni (2020-09-08 11:20:57) > On Tue, 8 Sep 2020 10:51:06 +0200 > Antoine Tenart <antoine.tenart@bootlin.com> wrote: > > > This patch sets the --with-xattr option when generating an image with > > mkfs.jffs2 if BR2_PACKAGE_REFPOLICY is selected, so that SELinux > > security contexts will be kept and available in jffs2 images. > > > > Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> > > --- > > fs/jffs2/jffs2.mk | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/fs/jffs2/jffs2.mk b/fs/jffs2/jffs2.mk > > index 2adbc2320e38..ac00a522cc28 100644 > > --- a/fs/jffs2/jffs2.mk > > +++ b/fs/jffs2/jffs2.mk > > @@ -35,6 +35,10 @@ JFFS2_OPTS += -n > > SUMTOOL_OPTS += -n > > endif > > > > +ifeq ($(BR2_PACKAGE_REFPOLICY),y) > > +JFFS2_OPTS += --with-xattr > > +endif > > I'm not sure this condition should be on BR2_PACKAGE_REFPOLICY. Since > libselinux.mk is in charge of enabling xattr support in the Linux > kernel filesystem drivers, I'm tempted to say that we should be > consistent and use BR2_PACKAGE_LIBSELINUX=y as a condition here as well; > > What do you think? I think you're right. Without BR2_PACKAGE_REFPOLICY we won't have SELinux security contexts set when making the image, but that doesn't mean SELinux couldn't be used later on. So I agree having the check on BR2_PACKAGE_LIBSELINUX would be better (and it's also nice to have the same check everywhere to improve consistency). Thanks! Antoine
diff --git a/fs/jffs2/jffs2.mk b/fs/jffs2/jffs2.mk index 2adbc2320e38..ac00a522cc28 100644 --- a/fs/jffs2/jffs2.mk +++ b/fs/jffs2/jffs2.mk @@ -35,6 +35,10 @@ JFFS2_OPTS += -n SUMTOOL_OPTS += -n endif +ifeq ($(BR2_PACKAGE_REFPOLICY),y) +JFFS2_OPTS += --with-xattr +endif + ROOTFS_JFFS2_DEPENDENCIES = host-mtd ifneq ($(BR2_TARGET_ROOTFS_JFFS2_SUMMARY),)
This patch sets the --with-xattr option when generating an image with mkfs.jffs2 if BR2_PACKAGE_REFPOLICY is selected, so that SELinux security contexts will be kept and available in jffs2 images. Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> --- fs/jffs2/jffs2.mk | 4 ++++ 1 file changed, 4 insertions(+)