| Message ID | 20201228161134.303992-10-maxime.chevallier@bootlin.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | packages: Add SELinux modules to some packages | expand |
Maxime, All, On 2020-12-28 17:11 +0100, Maxime Chevallier spake thusly: > Support for the iputils is added by the admin/netutils module in the > SELinux refpolicy for the following tools : > - arping > - ping > - tracepath > - traceroute6 > > Support for rdisc is added by services/rdisc. > > Support for tftpd is added by services/tftp. > > Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com> > --- > V1 -> V2: Use a per-tool module selection, for rdisc and tftpd, > according to Antoine's review > > package/iputils/iputils.mk | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > > diff --git a/package/iputils/iputils.mk b/package/iputils/iputils.mk > index 4f8d9cb768..b1d71b38f2 100644 > --- a/package/iputils/iputils.mk > +++ b/package/iputils/iputils.mk > @@ -27,6 +27,22 @@ IPUTILS_CONF_OPTS += \ > -DBUILD_TRACEROUTE6=$(if $(BR2_PACKAGE_IPUTILS_TRACEROUTE6),true,false) \ > -DBUILD_NINFOD=$(if $(BR2_PACKAGE_IPUTILS_NINFOD),true,false) > > +# Selectively select the appropriate SELinux refpolicy modules > +ifneq ($(BR2_PACKAGE_IPUTILS_ARPING)\ I am not ver fond of negative logic, especially as the following related conditions do use positive logic. So, I've taken advantage of the fact that the refpolicy modules are $(sort)ed in the end, and so it does not matter that they are listed more than once, to come up with this simpler solution: IPUTILS_SELINUX_MODULES = \ $(if $(BR2_PACKAGE_IPUTILS_ARPING),netutils) \ $(if $(BR2_PACKAGE_IPUTILS_PING),netutils) \ $(if $(BR2_PACKAGE_IPUTILS_TRACEPATH),netutils) \ $(if $(BR2_PACKAGE_IPUTILS_TRACEROUTE6),netutils) \ $(if $(BR2_PACKAGE_IPUTILS_RDISC),rdisc) \ $(if $(BR2_PACKAGE_IPUTILS_TFTPD),tftp) Applied with this change. Thanks! Regards, Yann E. MORIN. > + $(BR2_PACKAGE_IPUTILS_PING)\ > + $(BR2_PACKAGE_IPUTILS_TRACEPATH)\ > + $(BR2_PACKAGE_IPUTILS_TRACEROUTE6),) > +IPUTILS_SELINUX_MODULES += netutils > +endif > + > +ifeq ($(BR2_PACKAGE_IPUTILS_RDISC),y) > +IPUTILS_SELINUX_MODULES += rdisc > +endif > + > +ifeq ($(BR2_PACKAGE_IPUTILS_TFTPD),y) > +IPUTILS_SELINUX_MODULES += tftp > +endif > + > # > # arping > # > -- > 2.25.4 > > _______________________________________________ > buildroot mailing list > buildroot@busybox.net > http://lists.busybox.net/mailman/listinfo/buildroot
diff --git a/package/iputils/iputils.mk b/package/iputils/iputils.mk index 4f8d9cb768..b1d71b38f2 100644 --- a/package/iputils/iputils.mk +++ b/package/iputils/iputils.mk @@ -27,6 +27,22 @@ IPUTILS_CONF_OPTS += \ -DBUILD_TRACEROUTE6=$(if $(BR2_PACKAGE_IPUTILS_TRACEROUTE6),true,false) \ -DBUILD_NINFOD=$(if $(BR2_PACKAGE_IPUTILS_NINFOD),true,false) +# Selectively select the appropriate SELinux refpolicy modules +ifneq ($(BR2_PACKAGE_IPUTILS_ARPING)\ + $(BR2_PACKAGE_IPUTILS_PING)\ + $(BR2_PACKAGE_IPUTILS_TRACEPATH)\ + $(BR2_PACKAGE_IPUTILS_TRACEROUTE6),) +IPUTILS_SELINUX_MODULES += netutils +endif + +ifeq ($(BR2_PACKAGE_IPUTILS_RDISC),y) +IPUTILS_SELINUX_MODULES += rdisc +endif + +ifeq ($(BR2_PACKAGE_IPUTILS_TFTPD),y) +IPUTILS_SELINUX_MODULES += tftp +endif + # # arping #
Support for the iputils is added by the admin/netutils module in the SELinux refpolicy for the following tools : - arping - ping - tracepath - traceroute6 Support for rdisc is added by services/rdisc. Support for tftpd is added by services/tftp. Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com> --- V1 -> V2: Use a per-tool module selection, for rdisc and tftpd, according to Antoine's review package/iputils/iputils.mk | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)