diff mbox

[09/10] dbus: add support for SELinux

Message ID 1378429464-12546-10-git-send-email-rjbarnet@rockwellcollins.com
State Changes Requested
Headers show

Commit Message

Ryan Barnett Sept. 6, 2013, 1:04 a.m. UTC 
Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
---
 package/dbus/dbus.mk |   10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)

Comments

Thomas Petazzoni Sept. 8, 2013, 4:40 p.m. UTC | #1 
Dear Ryan Barnett,

On Thu, 5 Sep 2013 20:04:23 -0500, Ryan Barnett wrote:

> +# SELinux support relies on audit support so enable both 
> +# of them if libselinux has been selected.
> +ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
> +DBUS_CONF_OPT += --enable-selinux --enable-libaudit
> +DBUS_DEPENDENCIES += libselinux audit

This doesn't look good: it's not because libselinux is enabled in the
configuration that audit is also enabled.

So your options are:

 * Only enable SELinux support in DBus when both libselinux and audit
   are enabled:

ifeq ($(BR2_PACKAGE_LIBSELINUX)$(BR2_PACKAGE_AUDIT),y)
DBUS_CONF_OPT += --enable-selinux --enable-libaudit
DBUS_DEPENDENCIES += libselinux audit
else
...

   This is the easiest, but it kind of "diverges" from the other
   packages, where enabling the 'libselinux' package was sufficient to
   get SELinux support.

 * Ensure audit is selected when libselinux is available. This could be
   done by adding the following line to dbus/Config.in:

select BR2_PACKAGE_AUDIT if BR2_PACKAGE_LIBSELINUX

   if you add this, then you can keep your dbus.mk change as it is,
   since having BR2_PACKAGE_LIBSELINUX enabled guarantees us that
   BR2_PACKAGE_AUDIT is also enabled.

Best regards,

Thomas
diff mbox

Patch

diff --git a/package/dbus/dbus.mk b/package/dbus/dbus.mk
index d50f630..228b98e 100644
--- a/package/dbus/dbus.mk
+++ b/package/dbus/dbus.mk
@@ -21,7 +21,6 @@  DBUS_CONF_OPT = --with-dbus-user=dbus \
 		--disable-tests \
 		--disable-asserts \
 		--enable-abstract-sockets \
-		--disable-selinux \
 		--disable-xml-docs \
 		--disable-doxygen-docs \
 		--disable-static \
@@ -54,6 +53,15 @@  ifeq ($(BR2_PACKAGE_SYSTEMD),y)
 DBUS_CONF_OPT += --with-systemdsystemunitdir=/lib/systemd/system
 endif
 
+# SELinux support relies on audit support so enable both 
+# of them if libselinux has been selected.
+ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
+DBUS_CONF_OPT += --enable-selinux --enable-libaudit
+DBUS_DEPENDENCIES += libselinux audit
+else
+DBUS_CONF_OPT += --disable-selinux --disable-libaudit
+endif
+
 # fix rebuild (dbus makefile errors out if /var/lib/dbus is a symlink)
 define DBUS_REMOVE_VAR_LIB_DBUS
 	rm -rf $(TARGET_DIR)/var/lib/dbus