From patchwork Wed May 27 22:17:12 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Clayton Shotwell X-Patchwork-Id: 477444 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from silver.osuosl.org (silver.osuosl.org [140.211.166.136]) by ozlabs.org (Postfix) with ESMTP id 922FE140A9A for ; Thu, 28 May 2015 08:23:30 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 7052733748; Wed, 27 May 2015 22:23:29 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cXI8trdQy-OU; Wed, 27 May 2015 22:23:17 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id 575E531E6B; Wed, 27 May 2015 22:18:27 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (silver.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 928B81C1013 for ; Wed, 27 May 2015 22:18:14 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 6F96C33754 for ; Wed, 27 May 2015 22:18:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JFdy84yV33f0 for ; Wed, 27 May 2015 22:18:03 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from da1vs02.rockwellcollins.com (da1vs02.rockwellcollins.com [205.175.227.29]) by silver.osuosl.org (Postfix) with ESMTPS id 5A44A33686 for ; Wed, 27 May 2015 22:17:45 +0000 (UTC) Received: from ofwda1n02.rockwellcollins.com (HELO crulimr01.rockwellcollins.com) ([205.175.227.14]) by da1vs02.rockwellcollins.com with ESMTP; 27 May 2015 17:17:44 -0500 X-Received: from thehammer.rockwellcollins.com (unknown [192.168.141.197]) by crulimr01.rockwellcollins.com (Postfix) with ESMTP id 68AF5607C6; Wed, 27 May 2015 17:17:44 -0500 (CDT) From: Clayton Shotwell To: buildroot@buildroot.org Date: Wed, 27 May 2015 17:17:12 -0500 Message-Id: <1432765046-1223-9-git-send-email-clayton.shotwell@rockwellcollins.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1432765046-1223-1-git-send-email-clayton.shotwell@rockwellcollins.com> References: <1432765046-1223-1-git-send-email-clayton.shotwell@rockwellcollins.com> Cc: Thomas Petazzoni , Clayton Shotwell Subject: [Buildroot] [PATCH v6 08/22] busybox: selinux support X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Add a configure option to enable the SELinux support in the busybox configuration from the Buildroot menuconfig. Signed-off-by: Thomas Petazzoni Signed-off-by: Clayton Shotwell Signed-off-by: Matt Weber --- Changes v5 -> v6: - Added help text to the SELinux configuration option (Suggested by Thomas P. and Samuel) Changes v4 -> v5: - Renamed to follow patch naming convention (Matt W.) - Added a dependency on having threads for the busybox SELinux flag to ensure it does not cause libselinux to build when threads are not available. Also added a select for libselinux to make the linking apparent. (Clayton S.) - Add dependency on not static libs for libselinux (Clayton S.) Changes v1 -> v4: - Did not exist --- ...ags-strip-non-l-arguments-returned-by-pkg.patch | 28 ++++++++++++++++++++++ package/busybox/Config.in | 17 +++++++++++++ package/busybox/busybox.mk | 9 +++++++ 3 files changed, 54 insertions(+) create mode 100644 package/busybox/0008-Makefile.flags-strip-non-l-arguments-returned-by-pkg.patch diff --git a/package/busybox/0008-Makefile.flags-strip-non-l-arguments-returned-by-pkg.patch b/package/busybox/0008-Makefile.flags-strip-non-l-arguments-returned-by-pkg.patch new file mode 100644 index 0000000..105626c --- /dev/null +++ b/package/busybox/0008-Makefile.flags-strip-non-l-arguments-returned-by-pkg.patch @@ -0,0 +1,28 @@ +From 67eb23d2be8aba3c474dac81a15b0fa11e5847b7 Mon Sep 17 00:00:00 2001 +From: Thomas Petazzoni +Date: Mon, 25 Nov 2013 22:51:53 +0100 +Subject: [PATCH] Makefile.flags: strip non -l arguments returned by pkg-config + +Signed-off-by: Thomas Petazzoni +--- + Makefile.flags | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/Makefile.flags b/Makefile.flags +index 307afa7..885e323 100644 +--- a/Makefile.flags ++++ b/Makefile.flags +@@ -141,7 +141,9 @@ ifeq ($(CONFIG_SELINUX),y) + SELINUX_PC_MODULES = libselinux libsepol + $(eval $(call pkg_check_modules,SELINUX,$(SELINUX_PC_MODULES))) + CPPFLAGS += $(SELINUX_CFLAGS) +-LDLIBS += $(if $(SELINUX_LIBS),$(SELINUX_LIBS:-l%=%),$(SELINUX_PC_MODULES:lib%=%)) ++LDLIBS += $(if $(SELINUX_LIBS),\ ++ $(patsubst -l%,%,$(filter -l%,$(SELINUX_LIBS))),\ ++ $(SELINUX_PC_MODULES:lib%=%)) + endif + + ifeq ($(CONFIG_EFENCE),y) +-- +1.8.1.2 + diff --git a/package/busybox/Config.in b/package/busybox/Config.in index 275e317..0b5cc2f 100644 --- a/package/busybox/Config.in +++ b/package/busybox/Config.in @@ -35,6 +35,23 @@ comment "Busybox individual binaries depends on dynamic libraries" depends on BR2_STATIC_LIBS depends on BR2_bfin +config BR2_PACKAGE_BUSYBOX_SELINUX + select BR2_PACKAGE_LIBSELINUX + depends on BR2_TOOLCHAIN_HAS_THREADS + depends on !BR2_STATIC_LIBS + bool "Enable SELinux support" + help + Enable SELinux support in BusyBox. Please note that depending on + you BusyBox config and the SELinux policy implementation, you may + want to also enable BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES. + + For instance, if your BusyBox configuration only uses a couple of + minor BusyBox features, such as simple command line utilities, the + symlinked version of BusyBox can be used to save space. If BusyBox + provides more features, such as crond, then individual binaries + have to be enabled for the SELinux type transitions to occur properly. + + config BR2_PACKAGE_BUSYBOX_WATCHDOG bool "Install the watchdog daemon startup script" help diff --git a/package/busybox/busybox.mk b/package/busybox/busybox.mk index dbee100..f60e3f2 100644 --- a/package/busybox/busybox.mk +++ b/package/busybox/busybox.mk @@ -171,6 +171,14 @@ define BUSYBOX_INSTALL_INDIVIDUAL_BINARIES endef endif +ifeq ($(BR2_PACKAGE_BUSYBOX_SELINUX),y) +BUSYBOX_DEPENDENCIES += host-pkgconf libselinux libsepol +define BUSYBOX_SET_SELINUX + $(call KCONFIG_ENABLE_OPT,CONFIG_SELINUX,$(BUSYBOX_BUILD_CONFIG)) + $(call KCONFIG_ENABLE_OPT,CONFIG_SELINUXENABLED,$(BUSYBOX_BUILD_CONFIG)) +endef +endif + define BUSYBOX_INSTALL_LOGGING_SCRIPT if grep -q CONFIG_SYSLOGD=y $(@D)/.config; then \ $(INSTALL) -m 0755 -D package/busybox/S01logging \ @@ -207,6 +215,7 @@ define BUSYBOX_KCONFIG_FIXUP_CMDS $(BUSYBOX_SET_INIT) $(BUSYBOX_SET_WATCHDOG) $(BUSYBOX_CONFIGURE_INDIVIDUAL_BINARIES) + $(BUSYBOX_SET_SELINUX) endef define BUSYBOX_CONFIGURE_CMDS