* [Buildroot] [PATCH 1/3] refpolicy: new package
@ 2017-05-10 17:46 Adam Duskett
2017-05-10 17:46 ` [Buildroot] [PATCH 2/3] refpolicy: add ability to specify policy version Adam Duskett
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Adam Duskett @ 2017-05-10 17:46 UTC (permalink / raw)
To: buildroot
The patch is for adding selinux reference policy (refpolicy).
It is a complete SELinux policy that can be used as the system policy
for a variety of systems and used as the basis for creating other policies.
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
---
package/Config.in | 1 +
package/refpolicy/Config.in | 29 ++++++++++++++++++++++++
package/refpolicy/refpolicy.hash | 2 ++
package/refpolicy/refpolicy.mk | 49 ++++++++++++++++++++++++++++++++++++++++
4 files changed, 81 insertions(+)
create mode 100644 package/refpolicy/Config.in
create mode 100644 package/refpolicy/refpolicy.hash
create mode 100644 package/refpolicy/refpolicy.mk
diff --git a/package/Config.in b/package/Config.in
index d57813c..6aa6885 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1754,6 +1754,7 @@ endmenu
menu "Security"
source "package/checkpolicy/Config.in"
source "package/policycoreutils/Config.in"
+ source "package/refpolicy/Config.in"
source "package/sepolgen/Config.in"
source "package/setools/Config.in"
endmenu
diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
new file mode 100644
index 0000000..e772cac
--- /dev/null
+++ b/package/refpolicy/Config.in
@@ -0,0 +1,29 @@
+config BR2_PACKAGE_REFPOLICY
+ bool "refpolicy"
+ depends on BR2_TOOLCHAIN_HAS_THREADS # policycoreutils
+ depends on BR2_TOOLCHAIN_USES_GLIBC # policycoreutils
+ select BR2_PACKAGE_POLICYCOREUTILS
+ select BR2_PACKAGE_BUSYBOX_SELINUX if BR2_PACKAGE_BUSYBOX
+ help
+ The SELinux Reference Policy project (refpolicy) is a
+ complete SELinux policy that can be used as the system
+ policy for a variety of systems and used as the basis
+ for creating other policies. Reference Policy was originally
+ based on the NSA example policy, but aims to accomplish
+ many additional goals.
+
+ The current refpolicy does not fully support Buildroot
+ and needs modifications to work with the default system
+ file layout. These changes should be added as patches to
+ the refpolicy that modify a single SELinux policy.
+
+ The refpolicy works for the most part in permissive mode. Only
+ the basic set of utilities are enabled in the example policy
+ config and some of the pathing in the policies is not correct.
+ Individual policies would need to be tweaked to get everything
+ functioning properly.
+
+ https://github.com/TresysTechnology/refpolicy
+
+comment "refpolicy needs a toolchain w/ threads, glibc"
+ depends on !BR2_TOOLCHAIN_HAS_THREADS || !BR2_TOOLCHAIN_USES_GLIBC
diff --git a/package/refpolicy/refpolicy.hash b/package/refpolicy/refpolicy.hash
new file mode 100644
index 0000000..7aeac41
--- /dev/null
+++ b/package/refpolicy/refpolicy.hash
@@ -0,0 +1,2 @@
+#From https://github.com/TresysTechnology/refpolicy/wiki/DownloadRelease
+sha256 08f9e2afc5e4939c23e56deeec7c47da029d7b85d82fb4ded01a36eb5da0651e refpolicy-RELEASE_2_20170204.tar.gz
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
new file mode 100644
index 0000000..d565cbd
--- /dev/null
+++ b/package/refpolicy/refpolicy.mk
@@ -0,0 +1,49 @@
+################################################################################
+#
+# refpolicy
+#
+################################################################################
+
+REFPOLICY_VERSION = RELEASE_2_20170204
+
+# Do not use GitHub helper as git submodules are needed for refpolicy-contrib
+REFPOLICY_SITE = https://github.com/TresysTechnology/refpolicy.git
+REFPOLICY_SITE_METHOD = git
+REFPOLICY_GIT_SUBMODULES = y
+REFPOLICY_LICENSE = GPLv2
+REFPOLICY_LICENSE_FILES = COPYING
+REFPOLICY_INSTALL_STAGING = YES
+REFPOLICY_DEPENDENCIES += \
+ host-m4 \
+ host-checkpolicy \
+ host-policycoreutils \
+ host-setools \
+ host-gawk \
+ host-python \
+ policycoreutils
+
+REFPOLICY_PYINC = -I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/site-packages
+
+# Cannot use multiple threads to build the reference policy
+REFPOLICY_MAKE = PYTHON="$(HOST_DIR)/usr/bin/python2" $(TARGET_MAKE_ENV) $(MAKE1)
+
+define REFPOLICY_CONFIGURE_CMDS
+ $(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = 30" $(@D)/build.conf
+ $(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(@D)/build.conf
+ $(SED) "/NAME/c\NAME = targeted" $(@D)/build.conf
+endef
+
+define REFPOLICY_BUILD_CMDS
+ $(REFPOLICY_MAKE) -C $(@D) bare conf DESTDIR=$(STAGING_DIR)
+endef
+
+define REFPOLICY_INSTALL_STAGING_CMDS
+ $(REFPOLICY_MAKE) -C $(@D) install-src install-headers \
+ DESTDIR=$(STAGING_DIR)
+endef
+
+define REFPOLICY_INSTALL_TARGET_CMDS
+ $(REFPOLICY_MAKE) -C $(@D) install DESTDIR=$(TARGET_DIR)
+endef
+
+$(eval $(generic-package))
--
2.9.3
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 2/3] refpolicy: add ability to specify policy version
2017-05-10 17:46 [Buildroot] [PATCH 1/3] refpolicy: new package Adam Duskett
@ 2017-05-10 17:46 ` Adam Duskett
2017-05-10 17:47 ` [Buildroot] [PATCH 3/3] refpolicy: add ability to set default state Adam Duskett
2017-05-10 17:58 ` [Buildroot] [PATCH 1/3] refpolicy: new package Matthew Weber
2 siblings, 0 replies; 7+ messages in thread
From: Adam Duskett @ 2017-05-10 17:46 UTC (permalink / raw)
To: buildroot
Refpolicy by default will build the highest version supported.
This may cause older kernels to not load the policy.
This patch adds a custom policy version string which is defaulted
to 30, which is the highest supported as of today.
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
---
package/refpolicy/Config.in | 8 ++++++++
package/refpolicy/refpolicy.mk | 2 +-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
index e772cac..e12222e 100644
--- a/package/refpolicy/Config.in
+++ b/package/refpolicy/Config.in
@@ -27,3 +27,11 @@ config BR2_PACKAGE_REFPOLICY
comment "refpolicy needs a toolchain w/ threads, glibc"
depends on !BR2_TOOLCHAIN_HAS_THREADS || !BR2_TOOLCHAIN_USES_GLIBC
+
+if BR2_PACKAGE_REFPOLICY
+
+config BR2_PACKAGE_REFPOLICY_VERSION
+ string "Policy version"
+ default "30"
+
+endif
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
index d565cbd..1eb0c54 100644
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@@ -28,7 +28,7 @@ REFPOLICY_PYINC = -I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/site-p
REFPOLICY_MAKE = PYTHON="$(HOST_DIR)/usr/bin/python2" $(TARGET_MAKE_ENV) $(MAKE1)
define REFPOLICY_CONFIGURE_CMDS
- $(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = 30" $(@D)/build.conf
+ $(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = $(BR2_PACKAGE_REFPOLICY_VERSION)" $(@D)/build.conf
$(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(@D)/build.conf
$(SED) "/NAME/c\NAME = targeted" $(@D)/build.conf
endef
--
2.9.3
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 3/3] refpolicy: add ability to set default state.
2017-05-10 17:46 [Buildroot] [PATCH 1/3] refpolicy: new package Adam Duskett
2017-05-10 17:46 ` [Buildroot] [PATCH 2/3] refpolicy: add ability to specify policy version Adam Duskett
@ 2017-05-10 17:47 ` Adam Duskett
2017-05-10 17:59 ` Matthew Weber
2017-05-10 17:58 ` [Buildroot] [PATCH 1/3] refpolicy: new package Matthew Weber
2 siblings, 1 reply; 7+ messages in thread
From: Adam Duskett @ 2017-05-10 17:47 UTC (permalink / raw)
To: buildroot
SELinux requires a config file in /etc/selinux which controls the state
of SELinux on the system.
This config file has two options set in it:
SELINUX which set's the state of selinux on boot.
SELINUXTYPE which should equal the name of the policy. In this case, the
default name is targeted.
This patch adds:
- A choice menu on Config.in that allows the user to select a default
SELinux state.
- A basic config file that will be installed to
target/etc/selinux and will set SELINUX= to the selected state.
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
---
package/refpolicy/Config.in | 25 +++++++++++++++++++++++++
package/refpolicy/config | 9 +++++++++
package/refpolicy/refpolicy.mk | 6 ++++++
3 files changed, 40 insertions(+)
create mode 100644 package/refpolicy/config
diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
index e12222e..b6f86d3 100644
--- a/package/refpolicy/Config.in
+++ b/package/refpolicy/Config.in
@@ -33,5 +33,30 @@ if BR2_PACKAGE_REFPOLICY
config BR2_PACKAGE_REFPOLICY_VERSION
string "Policy version"
default "30"
+choice
+ prompt "SELinux default state"
+ default BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
+
+config BR2_PACKAGE_REFPOLICY_STATE_ENFORCING
+ bool "Enforcing"
+ help
+ SELinux security policy is enforced
+
+config BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
+ bool "Permissive"
+ help
+ SELinux prints warnings instead of enforcing
+
+config BR2_PACKAGE_REFPOLICY_STATE_DISABLED
+ bool "Disabled"
+ help
+ No SELinux policy is loaded
+endchoice
+
+config BR2_PACKAGE_REFPOLICY_STATE
+ string
+ default "permissive" if BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
+ default "enforcing" if BR2_PACKAGE_REFPOLICY_STATE_ENFORCING
+ default "disabled" if BR2_PACKAGE_REFPOLICY_STATE_DISABLED
endif
diff --git a/package/refpolicy/config b/package/refpolicy/config
new file mode 100644
index 0000000..a45a349
--- /dev/null
+++ b/package/refpolicy/config
@@ -0,0 +1,9 @@
+# This file controls the state of SELinux on the system.
+# SELINUX= can take one of these three values:
+# enforcing - SELinux security policy is enforced.
+# permissive - SELinux prints warnings instead of enforcing.
+# disabled - No SELinux policy is loaded.
+SELINUX=disabled
+
+SELINUXTYPE=targeted
+
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
index 1eb0c54..c982014 100644
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@@ -23,6 +23,7 @@ REFPOLICY_DEPENDENCIES += \
policycoreutils
REFPOLICY_PYINC = -I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/site-packages
+REFPOLICY_NAME = "targeted"
# Cannot use multiple threads to build the reference policy
REFPOLICY_MAKE = PYTHON="$(HOST_DIR)/usr/bin/python2" $(TARGET_MAKE_ENV) $(MAKE1)
@@ -44,6 +45,11 @@ endef
define REFPOLICY_INSTALL_TARGET_CMDS
$(REFPOLICY_MAKE) -C $(@D) install DESTDIR=$(TARGET_DIR)
+ $(INSTALL) -m 0755 -D package/refpolicy/config \
+ $(TARGET_DIR)/etc/selinux/config
+
+ $(SED) "/^SELINUX=/c\SELINUX=$(BR2_PACKAGE_REFPOLICY_STATE)" \
+ $(TARGET_DIR)/etc/selinux/config
endef
$(eval $(generic-package))
--
2.9.3
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 1/3] refpolicy: new package
2017-05-10 17:46 [Buildroot] [PATCH 1/3] refpolicy: new package Adam Duskett
2017-05-10 17:46 ` [Buildroot] [PATCH 2/3] refpolicy: add ability to specify policy version Adam Duskett
2017-05-10 17:47 ` [Buildroot] [PATCH 3/3] refpolicy: add ability to set default state Adam Duskett
@ 2017-05-10 17:58 ` Matthew Weber
2017-05-10 19:50 ` Thomas Petazzoni
2 siblings, 1 reply; 7+ messages in thread
From: Matthew Weber @ 2017-05-10 17:58 UTC (permalink / raw)
To: buildroot
Adam,
On Wed, May 10, 2017 at 12:46 PM, Adam Duskett <aduskett@gmail.com> wrote:
> The patch is for adding selinux reference policy (refpolicy).
> It is a complete SELinux policy that can be used as the system policy
> for a variety of systems and used as the basis for creating other policies.
>
Similar patchset submitted here:
https://patchwork.ozlabs.org/patch/711535/
> Signed-off-by: Adam Duskett <aduskett@codeblue.com>
> ---
> package/Config.in | 1 +
> package/refpolicy/Config.in | 29 ++++++++++++++++++++++++
> package/refpolicy/refpolicy.hash | 2 ++
> package/refpolicy/refpolicy.mk | 49 ++++++++++++++++++++++++++++++++++++++++
> 4 files changed, 81 insertions(+)
> create mode 100644 package/refpolicy/Config.in
> create mode 100644 package/refpolicy/refpolicy.hash
> create mode 100644 package/refpolicy/refpolicy.mk
>
> diff --git a/package/Config.in b/package/Config.in
> index d57813c..6aa6885 100644
> --- a/package/Config.in
> +++ b/package/Config.in
> @@ -1754,6 +1754,7 @@ endmenu
> menu "Security"
> source "package/checkpolicy/Config.in"
> source "package/policycoreutils/Config.in"
> + source "package/refpolicy/Config.in"
> source "package/sepolgen/Config.in"
> source "package/setools/Config.in"
> endmenu
> diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
> new file mode 100644
> index 0000000..e772cac
> --- /dev/null
> +++ b/package/refpolicy/Config.in
> @@ -0,0 +1,29 @@
> +config BR2_PACKAGE_REFPOLICY
> + bool "refpolicy"
> + depends on BR2_TOOLCHAIN_HAS_THREADS # policycoreutils
> + depends on BR2_TOOLCHAIN_USES_GLIBC # policycoreutils
> + select BR2_PACKAGE_POLICYCOREUTILS
> + select BR2_PACKAGE_BUSYBOX_SELINUX if BR2_PACKAGE_BUSYBOX
> + help
> + The SELinux Reference Policy project (refpolicy) is a
> + complete SELinux policy that can be used as the system
> + policy for a variety of systems and used as the basis
> + for creating other policies. Reference Policy was originally
> + based on the NSA example policy, but aims to accomplish
> + many additional goals.
> +
> + The current refpolicy does not fully support Buildroot
> + and needs modifications to work with the default system
> + file layout. These changes should be added as patches to
> + the refpolicy that modify a single SELinux policy.
> +
> + The refpolicy works for the most part in permissive mode. Only
> + the basic set of utilities are enabled in the example policy
> + config and some of the pathing in the policies is not correct.
> + Individual policies would need to be tweaked to get everything
> + functioning properly.
> +
> + https://github.com/TresysTechnology/refpolicy
> +
> +comment "refpolicy needs a toolchain w/ threads, glibc"
> + depends on !BR2_TOOLCHAIN_HAS_THREADS || !BR2_TOOLCHAIN_USES_GLIBC
> diff --git a/package/refpolicy/refpolicy.hash b/package/refpolicy/refpolicy.hash
> new file mode 100644
> index 0000000..7aeac41
> --- /dev/null
> +++ b/package/refpolicy/refpolicy.hash
> @@ -0,0 +1,2 @@
> +#From https://github.com/TresysTechnology/refpolicy/wiki/DownloadRelease
> +sha256 08f9e2afc5e4939c23e56deeec7c47da029d7b85d82fb4ded01a36eb5da0651e refpolicy-RELEASE_2_20170204.tar.gz
> diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
> new file mode 100644
> index 0000000..d565cbd
> --- /dev/null
> +++ b/package/refpolicy/refpolicy.mk
> @@ -0,0 +1,49 @@
> +################################################################################
> +#
> +# refpolicy
> +#
> +################################################################################
> +
> +REFPOLICY_VERSION = RELEASE_2_20170204
> +
> +# Do not use GitHub helper as git submodules are needed for refpolicy-contrib
> +REFPOLICY_SITE = https://github.com/TresysTechnology/refpolicy.git
> +REFPOLICY_SITE_METHOD = git
> +REFPOLICY_GIT_SUBMODULES = y
> +REFPOLICY_LICENSE = GPLv2
> +REFPOLICY_LICENSE_FILES = COPYING
> +REFPOLICY_INSTALL_STAGING = YES
> +REFPOLICY_DEPENDENCIES += \
> + host-m4 \
> + host-checkpolicy \
> + host-policycoreutils \
> + host-setools \
> + host-gawk \
> + host-python \
> + policycoreutils
> +
> +REFPOLICY_PYINC = -I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/site-packages
> +
> +# Cannot use multiple threads to build the reference policy
> +REFPOLICY_MAKE = PYTHON="$(HOST_DIR)/usr/bin/python2" $(TARGET_MAKE_ENV) $(MAKE1)
> +
> +define REFPOLICY_CONFIGURE_CMDS
> + $(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = 30" $(@D)/build.conf
> + $(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(@D)/build.conf
> + $(SED) "/NAME/c\NAME = targeted" $(@D)/build.conf
> +endef
> +
> +define REFPOLICY_BUILD_CMDS
> + $(REFPOLICY_MAKE) -C $(@D) bare conf DESTDIR=$(STAGING_DIR)
> +endef
> +
> +define REFPOLICY_INSTALL_STAGING_CMDS
> + $(REFPOLICY_MAKE) -C $(@D) install-src install-headers \
> + DESTDIR=$(STAGING_DIR)
> +endef
> +
> +define REFPOLICY_INSTALL_TARGET_CMDS
> + $(REFPOLICY_MAKE) -C $(@D) install DESTDIR=$(TARGET_DIR)
> +endef
> +
> +$(eval $(generic-package))
> --
> 2.9.3
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
Matthew L Weber / Pr Software Engineer
Airborne Information Systems / Security Systems and Software / Secure Platforms
MS 131-100, C Ave NE, Cedar Rapids, IA, 52498, USA
www.rockwellcollins.com
Note: Any Export License Required Information and License Restricted
Third Party Intellectual Property (TPIP) content must be encrypted and
sent to matthew.weber at corp.rockwellcollins.com.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 3/3] refpolicy: add ability to set default state.
2017-05-10 17:47 ` [Buildroot] [PATCH 3/3] refpolicy: add ability to set default state Adam Duskett
@ 2017-05-10 17:59 ` Matthew Weber
0 siblings, 0 replies; 7+ messages in thread
From: Matthew Weber @ 2017-05-10 17:59 UTC (permalink / raw)
To: buildroot
Adam,
On Wed, May 10, 2017 at 12:47 PM, Adam Duskett <aduskett@gmail.com> wrote:
> SELinux requires a config file in /etc/selinux which controls the state
> of SELinux on the system.
>
> This config file has two options set in it:
> SELINUX which set's the state of selinux on boot.
> SELINUXTYPE which should equal the name of the policy. In this case, the
> default name is targeted.
>
> This patch adds:
> - A choice menu on Config.in that allows the user to select a default
> SELinux state.
>
> - A basic config file that will be installed to
> target/etc/selinux and will set SELINUX= to the selected state.
>
Similar patchset submitted here:
https://patchwork.ozlabs.org/patch/711537/
https://patchwork.ozlabs.org/patch/711536/
> Signed-off-by: Adam Duskett <aduskett@codeblue.com>
> ---
> package/refpolicy/Config.in | 25 +++++++++++++++++++++++++
> package/refpolicy/config | 9 +++++++++
> package/refpolicy/refpolicy.mk | 6 ++++++
> 3 files changed, 40 insertions(+)
> create mode 100644 package/refpolicy/config
>
> diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
> index e12222e..b6f86d3 100644
> --- a/package/refpolicy/Config.in
> +++ b/package/refpolicy/Config.in
> @@ -33,5 +33,30 @@ if BR2_PACKAGE_REFPOLICY
> config BR2_PACKAGE_REFPOLICY_VERSION
> string "Policy version"
> default "30"
> +choice
> + prompt "SELinux default state"
> + default BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
> +
> +config BR2_PACKAGE_REFPOLICY_STATE_ENFORCING
> + bool "Enforcing"
> + help
> + SELinux security policy is enforced
> +
> +config BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
> + bool "Permissive"
> + help
> + SELinux prints warnings instead of enforcing
> +
> +config BR2_PACKAGE_REFPOLICY_STATE_DISABLED
> + bool "Disabled"
> + help
> + No SELinux policy is loaded
> +endchoice
> +
> +config BR2_PACKAGE_REFPOLICY_STATE
> + string
> + default "permissive" if BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
> + default "enforcing" if BR2_PACKAGE_REFPOLICY_STATE_ENFORCING
> + default "disabled" if BR2_PACKAGE_REFPOLICY_STATE_DISABLED
>
> endif
> diff --git a/package/refpolicy/config b/package/refpolicy/config
> new file mode 100644
> index 0000000..a45a349
> --- /dev/null
> +++ b/package/refpolicy/config
> @@ -0,0 +1,9 @@
> +# This file controls the state of SELinux on the system.
> +# SELINUX= can take one of these three values:
> +# enforcing - SELinux security policy is enforced.
> +# permissive - SELinux prints warnings instead of enforcing.
> +# disabled - No SELinux policy is loaded.
> +SELINUX=disabled
> +
> +SELINUXTYPE=targeted
> +
> diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
> index 1eb0c54..c982014 100644
> --- a/package/refpolicy/refpolicy.mk
> +++ b/package/refpolicy/refpolicy.mk
> @@ -23,6 +23,7 @@ REFPOLICY_DEPENDENCIES += \
> policycoreutils
>
> REFPOLICY_PYINC = -I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/site-packages
> +REFPOLICY_NAME = "targeted"
>
> # Cannot use multiple threads to build the reference policy
> REFPOLICY_MAKE = PYTHON="$(HOST_DIR)/usr/bin/python2" $(TARGET_MAKE_ENV) $(MAKE1)
> @@ -44,6 +45,11 @@ endef
>
> define REFPOLICY_INSTALL_TARGET_CMDS
> $(REFPOLICY_MAKE) -C $(@D) install DESTDIR=$(TARGET_DIR)
> + $(INSTALL) -m 0755 -D package/refpolicy/config \
> + $(TARGET_DIR)/etc/selinux/config
> +
> + $(SED) "/^SELINUX=/c\SELINUX=$(BR2_PACKAGE_REFPOLICY_STATE)" \
> + $(TARGET_DIR)/etc/selinux/config
> endef
>
> $(eval $(generic-package))
> --
> 2.9.3
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
Matthew L Weber / Pr Software Engineer
Airborne Information Systems / Security Systems and Software / Secure Platforms
MS 131-100, C Ave NE, Cedar Rapids, IA, 52498, USA
www.rockwellcollins.com
Note: Any Export License Required Information and License Restricted
Third Party Intellectual Property (TPIP) content must be encrypted and
sent to matthew.weber at corp.rockwellcollins.com.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 1/3] refpolicy: new package
2017-05-10 17:58 ` [Buildroot] [PATCH 1/3] refpolicy: new package Matthew Weber
@ 2017-05-10 19:50 ` Thomas Petazzoni
2017-05-10 20:18 ` Adam Duskett
0 siblings, 1 reply; 7+ messages in thread
From: Thomas Petazzoni @ 2017-05-10 19:50 UTC (permalink / raw)
To: buildroot
Hello,
On Wed, 10 May 2017 12:58:46 -0500, Matthew Weber wrote:
> On Wed, May 10, 2017 at 12:46 PM, Adam Duskett <aduskett@gmail.com> wrote:
> > The patch is for adding selinux reference policy (refpolicy).
> > It is a complete SELinux policy that can be used as the system policy
> > for a variety of systems and used as the basis for creating other policies.
> >
>
> Similar patchset submitted here:
> https://patchwork.ozlabs.org/patch/711535/
Exactly what I was going to say: what is the difference between this
new submission, and the one from Bryce Ferguson already in patchwork ?
Best regards,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 1/3] refpolicy: new package
2017-05-10 19:50 ` Thomas Petazzoni
@ 2017-05-10 20:18 ` Adam Duskett
0 siblings, 0 replies; 7+ messages in thread
From: Adam Duskett @ 2017-05-10 20:18 UTC (permalink / raw)
To: buildroot
Hello
On May 10, 2017 3:50 PM, "Thomas Petazzoni" <
thomas.petazzoni@free-electrons.com> wrote:
Hello,
On Wed, 10 May 2017 12:58:46 -0500, Matthew Weber wrote:
> On Wed, May 10, 2017 at 12:46 PM, Adam Duskett <aduskett@gmail.com> wrote:
> > The patch is for adding selinux reference policy (refpolicy).
> > It is a complete SELinux policy that can be used as the system policy
> > for a variety of systems and used as the basis for creating other
policies.
> >
>
> Similar patchset submitted here:
> https://patchwork.ozlabs.org/patch/711535/
Exactly what I was going to say: what is the difference between this
new submission, and the one from Bryce Ferguson already in patchwork ?
I talked to Bryce earlier today and asked if I could take over the patch
for him, so I cleaned up the makefile and made everything cleaner for the
next round.
Best regards,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
Adam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20170510/439adc57/attachment.html>
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2017-05-10 20:18 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-10 17:46 [Buildroot] [PATCH 1/3] refpolicy: new package Adam Duskett
2017-05-10 17:46 ` [Buildroot] [PATCH 2/3] refpolicy: add ability to specify policy version Adam Duskett
2017-05-10 17:47 ` [Buildroot] [PATCH 3/3] refpolicy: add ability to set default state Adam Duskett
2017-05-10 17:59 ` Matthew Weber
2017-05-10 17:58 ` [Buildroot] [PATCH 1/3] refpolicy: new package Matthew Weber
2017-05-10 19:50 ` Thomas Petazzoni
2017-05-10 20:18 ` Adam Duskett
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.