From patchwork Mon Dec 28 16:11:29 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Maxime Chevallier <maxime.chevallier@bootlin.com>
X-Patchwork-Id: 1420935
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming-buildroot@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net
 (client-ip=140.211.166.133; helo=hemlock.osuosl.org;
 envelope-from=buildroot-bounces@busybox.net; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=none (p=none dis=none) header.from=bootlin.com
Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4D4Mxw2RFpz9sW4
	for <incoming-buildroot@patchwork.ozlabs.org>;
 Tue, 29 Dec 2020 03:12:04 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by hemlock.osuosl.org (Postfix) with ESMTP id B2DA484D8E;
	Mon, 28 Dec 2020 16:11:56 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from hemlock.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Az-QRXfI28hJ; Mon, 28 Dec 2020 16:11:56 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by hemlock.osuosl.org (Postfix) with ESMTP id 0A6E184C5F;
	Mon, 28 Dec 2020 16:11:56 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
 by ash.osuosl.org (Postfix) with ESMTP id 838091BF393
 for <buildroot@lists.busybox.net>; Mon, 28 Dec 2020 16:11:45 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by silver.osuosl.org (Postfix) with ESMTP id 801A3203D9
 for <buildroot@lists.busybox.net>; Mon, 28 Dec 2020 16:11:45 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
 by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id JHBCkw1KMl-F for <buildroot@lists.busybox.net>;
 Mon, 28 Dec 2020 16:11:45 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net
 [217.70.183.195])
 by silver.osuosl.org (Postfix) with ESMTPS id ADB8F2037E
 for <buildroot@buildroot.org>; Mon, 28 Dec 2020 16:11:44 +0000 (UTC)
X-Originating-IP: 90.55.97.122
Received: from pc-2.home (apoitiers-259-1-26-122.w90-55.abo.wanadoo.fr
 [90.55.97.122]) (Authenticated sender: maxime.chevallier@bootlin.com)
 by relay3-d.mail.gandi.net (Postfix) with ESMTPSA id 81AD860003;
 Mon, 28 Dec 2020 16:11:42 +0000 (UTC)
From: Maxime Chevallier <maxime.chevallier@bootlin.com>
To: buildroot@buildroot.org
Date: Mon, 28 Dec 2020 17:11:29 +0100
Message-Id: <20201228161134.303992-10-maxime.chevallier@bootlin.com>
X-Mailer: git-send-email 2.25.4
In-Reply-To: <20201228161134.303992-1-maxime.chevallier@bootlin.com>
References: <20201228161134.303992-1-maxime.chevallier@bootlin.com>
MIME-Version: 1.0
Subject: [Buildroot] [PATCH v2 09/14] package/iputils: add SELinux module
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
 <mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@busybox.net?subject=subscribe>
Cc: Antoine Tenart <antoine.tenart@kernel.org>,
 Thomas Petazzoni <thomas.petazzoni@bootlin.com>,
 Maxime Chevallier <maxime.chevallier@bootlin.com>
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Support for the iputils is added by the admin/netutils module in the
SELinux refpolicy for the following tools :
 - arping
 - ping
 - tracepath
 - traceroute6

Support for rdisc is added by services/rdisc.

Support for tftpd is added by services/tftp.

Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
V1 -> V2: Use a per-tool module selection, for rdisc and tftpd,
according to Antoine's review

 package/iputils/iputils.mk | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/package/iputils/iputils.mk b/package/iputils/iputils.mk
index 4f8d9cb768..b1d71b38f2 100644
--- a/package/iputils/iputils.mk
+++ b/package/iputils/iputils.mk
@@ -27,6 +27,22 @@ IPUTILS_CONF_OPTS += \
 	-DBUILD_TRACEROUTE6=$(if $(BR2_PACKAGE_IPUTILS_TRACEROUTE6),true,false) \
 	-DBUILD_NINFOD=$(if $(BR2_PACKAGE_IPUTILS_NINFOD),true,false)
 
+# Selectively select the appropriate SELinux refpolicy modules
+ifneq ($(BR2_PACKAGE_IPUTILS_ARPING)\
+	$(BR2_PACKAGE_IPUTILS_PING)\
+	$(BR2_PACKAGE_IPUTILS_TRACEPATH)\
+	$(BR2_PACKAGE_IPUTILS_TRACEROUTE6),)
+IPUTILS_SELINUX_MODULES += netutils
+endif
+
+ifeq ($(BR2_PACKAGE_IPUTILS_RDISC),y)
+IPUTILS_SELINUX_MODULES += rdisc
+endif
+
+ifeq ($(BR2_PACKAGE_IPUTILS_TFTPD),y)
+IPUTILS_SELINUX_MODULES += tftp
+endif
+
 #
 # arping
 #