Message ID | 20231009161817.2832969-1-adam.duskett@amarulasolutions.com |
---|---|
State | Accepted |
Headers | show |
Series | [1/1] package/pkg-generic: Auto-install selinux modules only for upstream refpolicy | expand |
On Mon, 9 Oct 2023 18:18:17 +0200 Adam Duskett <adam.duskett@amarulasolutions.com> wrote: > The description of REFPOLICY_CUSTOM_GIT states: > > The custom refpolicy must define the full policy explicitly, > and must be a fork of the original refpolicy, to have the > same build system. When this is selected, only the custom > policy definition are taken into account and all the modules > of the policy are built into the binary policy. > > Currently, if a user definess their own policy, a package containing a selinux > directory would add to their custom policy, which is not what they would want. > Disable applying selinux policies in selinux/ directories for custom git > refpolicies. > > Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> > --- > package/pkg-generic.mk | 3 +++ > 1 file changed, 3 insertions(+) Applied to master, thanks. Thomas
>>>>> "Adam" == Adam Duskett <adam.duskett@amarulasolutions.com> writes: > The description of REFPOLICY_CUSTOM_GIT states: > The custom refpolicy must define the full policy explicitly, > and must be a fork of the original refpolicy, to have the > same build system. When this is selected, only the custom > policy definition are taken into account and all the modules > of the policy are built into the binary policy. > Currently, if a user definess their own policy, a package containing a selinux > directory would add to their custom policy, which is not what they would want. > Disable applying selinux policies in selinux/ directories for custom git > refpolicies. > Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> Committed to 2023.02.x and 2023.08.x, thanks.
diff --git a/package/pkg-generic.mk b/package/pkg-generic.mk index 6e944dd6b7..28595a105c 100644 --- a/package/pkg-generic.mk +++ b/package/pkg-generic.mk @@ -1237,8 +1237,11 @@ KEEP_PYTHON_PY_FILES += $$($(2)_KEEP_PY_FILES) ifneq ($$($(2)_SELINUX_MODULES),) PACKAGES_SELINUX_MODULES += $$($(2)_SELINUX_MODULES) endif + +ifeq ($(BR2_PACKAGE_REFPOLICY_UPSTREAM_VERSION),y) PACKAGES_SELINUX_EXTRA_MODULES_DIRS += \ $$(if $$(wildcard $$($(2)_PKGDIR)/selinux),$$($(2)_PKGDIR)/selinux) +endif ifeq ($$($(2)_SITE_METHOD),svn) DL_TOOLS_DEPENDENCIES += svn
The description of REFPOLICY_CUSTOM_GIT states: The custom refpolicy must define the full policy explicitly, and must be a fork of the original refpolicy, to have the same build system. When this is selected, only the custom policy definition are taken into account and all the modules of the policy are built into the binary policy. Currently, if a user definess their own policy, a package containing a selinux directory would add to their custom policy, which is not what they would want. Disable applying selinux policies in selinux/ directories for custom git refpolicies. Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> --- package/pkg-generic.mk | 3 +++ 1 file changed, 3 insertions(+)