diff mbox series

[v2] package/openrc: enable support when libselinux is selected

Message ID 20200416032137.721705-1-unixmania@gmail.com
State Accepted
Headers show
Series [v2] package/openrc: enable support when libselinux is selected | expand

Commit Message

Carlos Santos April 16, 2020, 3:21 a.m. UTC 
From: Adam Duskett <Aduskett@gmail.com>

OpenRC suports SELinux, so there is no reason to forcibly disable it.

Notice this only allows OpenRC to perform the initial policy load and
set the enforcing mode. In order really use SELinux it's also necessary
to select refpolicy, which provides a policy, and policycoreutils, which
provides restorecon and other SELinux utilities.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Tested-by: Carlos Santos <unixmania@gmail.com>
---
Tested on QEMU, with ext4fs, selecting refpolicy and policycoreutils.
Only disabled and permissive modes were used, since the enforcing mode
currently does not work. See the help text in

    package/refpolicy/Config.in for additional details.
---
CC: "Yann E. MORIN" <yann.morin.1998@free.fr>
---
Changes v1->v2:
  - Improve the commit message, as suggested by Yann E. MORIN
  - Explain which tests were performed
---
 package/openrc/openrc.mk | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

Comments

Thomas Petazzoni April 17, 2020, 8:09 p.m. UTC | #1 
On Thu, 16 Apr 2020 00:21:37 -0300
unixmania@gmail.com wrote:

> From: Adam Duskett <Aduskett@gmail.com>
> 
> OpenRC suports SELinux, so there is no reason to forcibly disable it.
> 
> Notice this only allows OpenRC to perform the initial policy load and
> set the enforcing mode. In order really use SELinux it's also necessary
> to select refpolicy, which provides a policy, and policycoreutils, which
> provides restorecon and other SELinux utilities.
> 
> Signed-off-by: Adam Duskett <Aduskett@gmail.com>
> Signed-off-by: Carlos Santos <unixmania@gmail.com>
> Tested-by: Carlos Santos <unixmania@gmail.com>
> ---
> Tested on QEMU, with ext4fs, selecting refpolicy and policycoreutils.
> Only disabled and permissive modes were used, since the enforcing mode
> currently does not work. See the help text in

Applied to master, thanks.

Thomas
diff mbox series

Patch

diff --git a/package/openrc/openrc.mk b/package/openrc/openrc.mk
index 6057451bfe..97536dad37 100644
--- a/package/openrc/openrc.mk
+++ b/package/openrc/openrc.mk
@@ -18,7 +18,6 @@  OPENRC_MAKE_OPTS = \
 	LIBNAME=lib \
 	LIBEXECDIR=/usr/libexec/rc \
 	MKPKGCONFIG=no \
-	MKSELINUX=no \
 	MKSYSVINIT=yes \
 	BRANDING="Buildroot $(BR2_VERSION_FULL)" \
 	CC=$(TARGET_CC)
@@ -29,6 +28,13 @@  else
 OPENRC_MAKE_OPTS += MKSTATICLIBS=yes
 endif
 
+ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
+OPENRC_MAKE_OPTS += MKSELINUX=yes
+OPENRC_DEPENDENCIES += libselinux
+else
+OPENRC_MAKE_OPTS += MKSELINUX=no
+endif
+
 define OPENRC_BUILD_CMDS
 	$(MAKE) $(OPENRC_MAKE_OPTS) -C $(@D)
 endef