On Mon, Sep 20, 2021 at 12:30 PM Antoine Tenart wrote: > Quoting José Pekkarinen (2021-09-20 08:01:27) > > On Fri, Sep 17, 2021 at 8:22 PM Antoine Tenart <[1]atenart@kernel.org > > > > wrote: > > Quoting José Pekkarinen (2021-08-30 13:45:31) > > > The current processing of the modules doesn't work for > > > custom made policies appended through the extra dir mechanism, > > > since sed won't find a match for custom modules, it will > > > continue without triggering and error. This patch removes > > > all the modules from modules.conf and add them one by > > > one using REFPOLICY_MODULES values. > > > > I'm failing to see what particular setup the change below would fix. > > > > Could you elaborate on the above? Maybe including configuration > > snippets and example of such a module (with the file tree, starting > from > > REFPOLICY_EXTRA_MODULES_DIRS). > > > > Absolutely, in the security section of my .config we can read the > > following: > > BR2_PACKAGE_POLICYCOREUTILS=y > > BR2_PACKAGE_REFPOLICY=y > > BR2_REFPOLICY_EXTRA_MODULES_DIRS="$OUTPUT_DIR/selinux" > > BR2_PACKAGE_REFPOLICY_POLICY_STATE_ENFORCING=y > > This should work. Did you check the content of your module show up after > applying this patch? > Hi, Yes, after the patch I can see the module copied in the folder: build/refpolicy-2.20200818$ ls policy/modules/buildroot/ base.fc base.if base.te metadata.xml secure.fc secure.if secure.te And: /build/refpolicy-2.20200818$ grep secure policy/modules.conf # Module: secure secure = base # Small and secure DNS daemon. I'm wondering if this has to do with: > > BR2_REFPOLICY_EXTRA_MODULES_DIRS="$OUTPUT_DIR/selinux" > > What is the value of $OUTPUT_DIR? Where does this come from? Could you > try without using a variable in BR2_REFPOLICY_EXTRA_MODULES_DIRS? > I put that to try to make your life easier, in fact we use more variables in this line that are modified on the fly by a makefile. The line translates to something like: $ ls /output/secure/output_x86_qemu/selinux/ base.fc base.if base.te secure.fc secure.if secure.te Best regards. José.