* [Buildroot] [PATCH] package/refpolicy: enable refpolicy's xdg module when systemd is enabled
@ 2021-10-31 22:42 Romain Naour
2021-11-01 6:10 ` ratbert90
0 siblings, 1 reply; 6+ messages in thread
From: Romain Naour @ 2021-10-31 22:42 UTC (permalink / raw)
To: buildroot; +Cc: Romain Naour, Antoine Tenart
policy/modules/system/systemd.te requires xdg module enabled [1]
otherwise refpolicy fail to build:
policy/modules/system/systemd.te:288:ERROR 'attribute xdg_config_type is not declared' at token ';' on line 508447:
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1710552468
https://gitlab.com/buildroot.org/buildroot/-/jobs/1710552470
[1] https://github.com/SELinuxProject/refpolicy/blob/RELEASE_2_20210908/policy/modules/system/systemd.te#L288
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Antoine Tenart <atenart@kernel.org>
---
package/refpolicy/refpolicy.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
index 975c3b584c..b1d101e311 100644
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@@ -69,6 +69,7 @@ REFPOLICY_MODULES = \
sysnetwork \
unconfined \
userdomain \
+ $(if $(BR2_PACKAGE_SYSTEMD),xdg) \
$(PACKAGES_SELINUX_MODULES) \
$(call qstrip,$(BR2_REFPOLICY_EXTRA_MODULES)) \
$(foreach d,$(REFPOLICY_EXTRA_MODULES_DIRS),\
--
2.31.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [Buildroot] [PATCH] package/refpolicy: enable refpolicy's xdg module when systemd is enabled
2021-10-31 22:42 [Buildroot] [PATCH] package/refpolicy: enable refpolicy's xdg module when systemd is enabled Romain Naour
@ 2021-11-01 6:10 ` ratbert90
2021-11-01 9:23 ` Romain Naour
0 siblings, 1 reply; 6+ messages in thread
From: ratbert90 @ 2021-11-01 6:10 UTC (permalink / raw)
To: Romain Naour, buildroot; +Cc: Romain Naour, Antoine Tenart
[-- Attachment #1.1: Type: text/plain, Size: 1782 bytes --]
Hello;
Shouldn’t this go in systemd.mk?
Adam
________________________________
Da: buildroot <buildroot-bounces@buildroot.org> per conto di Romain Naour <romain.naour@gmail.com>
Inviato: Sunday, October 31, 2021 3:42:07 PM
A: buildroot@buildroot.org <buildroot@buildroot.org>
Cc: Romain Naour <romain.naour@gmail.com>; Antoine Tenart <atenart@kernel.org>
Oggetto: [Buildroot] [PATCH] package/refpolicy: enable refpolicy's xdg module when systemd is enabled
policy/modules/system/systemd.te requires xdg module enabled [1]
otherwise refpolicy fail to build:
policy/modules/system/systemd.te:288:ERROR 'attribute xdg_config_type is not declared' at token ';' on line 508447:
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1710552468
https://gitlab.com/buildroot.org/buildroot/-/jobs/1710552470
[1] https://github.com/SELinuxProject/refpolicy/blob/RELEASE_2_20210908/policy/modules/system/systemd.te#L288
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Antoine Tenart <atenart@kernel.org>
---
package/refpolicy/refpolicy.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
index 975c3b584c..b1d101e311 100644
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@@ -69,6 +69,7 @@ REFPOLICY_MODULES = \
sysnetwork \
unconfined \
userdomain \
+ $(if $(BR2_PACKAGE_SYSTEMD),xdg) \
$(PACKAGES_SELINUX_MODULES) \
$(call qstrip,$(BR2_REFPOLICY_EXTRA_MODULES)) \
$(foreach d,$(REFPOLICY_EXTRA_MODULES_DIRS),\
--
2.31.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
[-- Attachment #1.2: Type: text/html, Size: 3610 bytes --]
[-- Attachment #2: Type: text/plain, Size: 150 bytes --]
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [Buildroot] [PATCH] package/refpolicy: enable refpolicy's xdg module when systemd is enabled
2021-11-01 6:10 ` ratbert90
@ 2021-11-01 9:23 ` Romain Naour
2021-11-02 17:26 ` Adam Duskett
0 siblings, 1 reply; 6+ messages in thread
From: Romain Naour @ 2021-11-01 9:23 UTC (permalink / raw)
To: ratbert90, buildroot; +Cc: Antoine Tenart
Hello Adam,
Le 01/11/2021 à 07:10, ratbert90 a écrit :
> Hello;
>
> Shouldn’t this go in systemd.mk?
I'm not sure to understand, what do you mean?
It's about a refpolicy module not selinux module (SYSTEMD_SELINUX_MODULES).
Another way to fix the issue is to add xdp to BR2_REFPOLICY_EXTRA_MODULES in the
test config... but I don't think it's the right fix.
Best regards,
Romain
>
> Adam
> --------------------------------------------------------------------------------
> *Da:* buildroot <buildroot-bounces@buildroot.org> per conto di Romain Naour
> <romain.naour@gmail.com>
> *Inviato:* Sunday, October 31, 2021 3:42:07 PM
> *A:* buildroot@buildroot.org <buildroot@buildroot.org>
> *Cc:* Romain Naour <romain.naour@gmail.com>; Antoine Tenart <atenart@kernel.org>
> *Oggetto:* [Buildroot] [PATCH] package/refpolicy: enable refpolicy's xdg module
> when systemd is enabled
>
> policy/modules/system/systemd.te requires xdg module enabled [1]
> otherwise refpolicy fail to build:
>
> policy/modules/system/systemd.te:288:ERROR 'attribute xdg_config_type is not
> declared' at token ';' on line 508447:
>
> Fixes:
> https://gitlab.com/buildroot.org/buildroot/-/jobs/1710552468
> <https://gitlab.com/buildroot.org/buildroot/-/jobs/1710552468>
> https://gitlab.com/buildroot.org/buildroot/-/jobs/1710552470
> <https://gitlab.com/buildroot.org/buildroot/-/jobs/1710552470>
>
> [1]
> https://github.com/SELinuxProject/refpolicy/blob/RELEASE_2_20210908/policy/modules/system/systemd.te#L288
> <https://github.com/SELinuxProject/refpolicy/blob/RELEASE_2_20210908/policy/modules/system/systemd.te#L288>
>
> Signed-off-by: Romain Naour <romain.naour@gmail.com>
> Cc: Antoine Tenart <atenart@kernel.org>
> ---
> package/refpolicy/refpolicy.mk | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
> index 975c3b584c..b1d101e311 100644
> --- a/package/refpolicy/refpolicy.mk
> +++ b/package/refpolicy/refpolicy.mk
> @@ -69,6 +69,7 @@ REFPOLICY_MODULES = \
> sysnetwork \
> unconfined \
> userdomain \
> + $(if $(BR2_PACKAGE_SYSTEMD),xdg) \
> $(PACKAGES_SELINUX_MODULES) \
> $(call qstrip,$(BR2_REFPOLICY_EXTRA_MODULES)) \
> $(foreach d,$(REFPOLICY_EXTRA_MODULES_DIRS),\
> --
> 2.31.1
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
> <https://lists.buildroot.org/mailman/listinfo/buildroot>
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Buildroot] [PATCH] package/refpolicy: enable refpolicy's xdg module when systemd is enabled
2021-11-01 9:23 ` Romain Naour
@ 2021-11-02 17:26 ` Adam Duskett
2021-11-03 21:06 ` Romain Naour
0 siblings, 1 reply; 6+ messages in thread
From: Adam Duskett @ 2021-11-02 17:26 UTC (permalink / raw)
To: Romain Naour; +Cc: Antoine Tenart, buildroot
Hey Romain;
Sorry for the late reply!
On Mon, Nov 1, 2021 at 2:23 AM Romain Naour <romain.naour@gmail.com> wrote:
>
> Hello Adam,
>
> Le 01/11/2021 à 07:10, ratbert90 a écrit :
> > Hello;
> >
> > Shouldn’t this go in systemd.mk?
>
> I'm not sure to understand, what do you mean?
>
> It's about a refpolicy module not selinux module (SYSTEMD_SELINUX_MODULES).
Refpolicy modules are SELinux modules!
I just tested by adding xdg to SYSTEMD_SELINUX_MODULES which does
indeed fix the issue.
Adam
>
> Another way to fix the issue is to add xdp to BR2_REFPOLICY_EXTRA_MODULES in the
> test config... but I don't think it's the right fix.
>
> Best regards,
> Romain
>
>
> >
> > Adam
> > --------------------------------------------------------------------------------
> > *Da:* buildroot <buildroot-bounces@buildroot.org> per conto di Romain Naour
> > <romain.naour@gmail.com>
> > *Inviato:* Sunday, October 31, 2021 3:42:07 PM
> > *A:* buildroot@buildroot.org <buildroot@buildroot.org>
> > *Cc:* Romain Naour <romain.naour@gmail.com>; Antoine Tenart <atenart@kernel.org>
> > *Oggetto:* [Buildroot] [PATCH] package/refpolicy: enable refpolicy's xdg module
> > when systemd is enabled
> >
> > policy/modules/system/systemd.te requires xdg module enabled [1]
> > otherwise refpolicy fail to build:
> >
> > policy/modules/system/systemd.te:288:ERROR 'attribute xdg_config_type is not
> > declared' at token ';' on line 508447:
> >
> > Fixes:
> > https://gitlab.com/buildroot.org/buildroot/-/jobs/1710552468
> > <https://gitlab.com/buildroot.org/buildroot/-/jobs/1710552468>
> > https://gitlab.com/buildroot.org/buildroot/-/jobs/1710552470
> > <https://gitlab.com/buildroot.org/buildroot/-/jobs/1710552470>
> >
> > [1]
> > https://github.com/SELinuxProject/refpolicy/blob/RELEASE_2_20210908/policy/modules/system/systemd.te#L288
> > <https://github.com/SELinuxProject/refpolicy/blob/RELEASE_2_20210908/policy/modules/system/systemd.te#L288>
> >
> > Signed-off-by: Romain Naour <romain.naour@gmail.com>
> > Cc: Antoine Tenart <atenart@kernel.org>
> > ---
> > package/refpolicy/refpolicy.mk | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
> > index 975c3b584c..b1d101e311 100644
> > --- a/package/refpolicy/refpolicy.mk
> > +++ b/package/refpolicy/refpolicy.mk
> > @@ -69,6 +69,7 @@ REFPOLICY_MODULES = \
> > sysnetwork \
> > unconfined \
> > userdomain \
> > + $(if $(BR2_PACKAGE_SYSTEMD),xdg) \
> > $(PACKAGES_SELINUX_MODULES) \
> > $(call qstrip,$(BR2_REFPOLICY_EXTRA_MODULES)) \
> > $(foreach d,$(REFPOLICY_EXTRA_MODULES_DIRS),\
> > --
> > 2.31.1
> >
> > _______________________________________________
> > buildroot mailing list
> > buildroot@buildroot.org
> > https://lists.buildroot.org/mailman/listinfo/buildroot
> > <https://lists.buildroot.org/mailman/listinfo/buildroot>
>
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Buildroot] [PATCH] package/refpolicy: enable refpolicy's xdg module when systemd is enabled
2021-11-02 17:26 ` Adam Duskett
@ 2021-11-03 21:06 ` Romain Naour
2021-11-03 22:04 ` Thomas Petazzoni
0 siblings, 1 reply; 6+ messages in thread
From: Romain Naour @ 2021-11-03 21:06 UTC (permalink / raw)
To: Adam Duskett; +Cc: Antoine Tenart, buildroot
Hello Adam,
Le 02/11/2021 à 18:26, Adam Duskett a écrit :
> Hey Romain;
>
> Sorry for the late reply!
>
>
> On Mon, Nov 1, 2021 at 2:23 AM Romain Naour <romain.naour@gmail.com> wrote:
>>
>> Hello Adam,
>>
>> Le 01/11/2021 à 07:10, ratbert90 a écrit :
>>> Hello;
>>>
>>> Shouldn’t this go in systemd.mk?
>>
>> I'm not sure to understand, what do you mean?
>>
>> It's about a refpolicy module not selinux module (SYSTEMD_SELINUX_MODULES).
>
> Refpolicy modules are SELinux modules!
>
> I just tested by adding xdg to SYSTEMD_SELINUX_MODULES which does
> indeed fix the issue.
ok but it's not clear to me if we need to add xdg to SYSTEMD_SELINUX_MODULES or
REFPOLICY_MODULES.
Best regards,
Romain
>
> Adam
>>
>> Another way to fix the issue is to add xdp to BR2_REFPOLICY_EXTRA_MODULES in the
>> test config... but I don't think it's the right fix.
>>
>> Best regards,
>> Romain
>>
>>
>>>
>>> Adam
>>> --------------------------------------------------------------------------------
>>> *Da:* buildroot <buildroot-bounces@buildroot.org> per conto di Romain Naour
>>> <romain.naour@gmail.com>
>>> *Inviato:* Sunday, October 31, 2021 3:42:07 PM
>>> *A:* buildroot@buildroot.org <buildroot@buildroot.org>
>>> *Cc:* Romain Naour <romain.naour@gmail.com>; Antoine Tenart <atenart@kernel.org>
>>> *Oggetto:* [Buildroot] [PATCH] package/refpolicy: enable refpolicy's xdg module
>>> when systemd is enabled
>>>
>>> policy/modules/system/systemd.te requires xdg module enabled [1]
>>> otherwise refpolicy fail to build:
>>>
>>> policy/modules/system/systemd.te:288:ERROR 'attribute xdg_config_type is not
>>> declared' at token ';' on line 508447:
>>>
>>> Fixes:
>>> https://gitlab.com/buildroot.org/buildroot/-/jobs/1710552468
>>> <https://gitlab.com/buildroot.org/buildroot/-/jobs/1710552468>
>>> https://gitlab.com/buildroot.org/buildroot/-/jobs/1710552470
>>> <https://gitlab.com/buildroot.org/buildroot/-/jobs/1710552470>
>>>
>>> [1]
>>> https://github.com/SELinuxProject/refpolicy/blob/RELEASE_2_20210908/policy/modules/system/systemd.te#L288
>>> <https://github.com/SELinuxProject/refpolicy/blob/RELEASE_2_20210908/policy/modules/system/systemd.te#L288>
>>>
>>> Signed-off-by: Romain Naour <romain.naour@gmail.com>
>>> Cc: Antoine Tenart <atenart@kernel.org>
>>> ---
>>> package/refpolicy/refpolicy.mk | 1 +
>>> 1 file changed, 1 insertion(+)
>>>
>>> diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
>>> index 975c3b584c..b1d101e311 100644
>>> --- a/package/refpolicy/refpolicy.mk
>>> +++ b/package/refpolicy/refpolicy.mk
>>> @@ -69,6 +69,7 @@ REFPOLICY_MODULES = \
>>> sysnetwork \
>>> unconfined \
>>> userdomain \
>>> + $(if $(BR2_PACKAGE_SYSTEMD),xdg) \
>>> $(PACKAGES_SELINUX_MODULES) \
>>> $(call qstrip,$(BR2_REFPOLICY_EXTRA_MODULES)) \
>>> $(foreach d,$(REFPOLICY_EXTRA_MODULES_DIRS),\
>>> --
>>> 2.31.1
>>>
>>> _______________________________________________
>>> buildroot mailing list
>>> buildroot@buildroot.org
>>> https://lists.buildroot.org/mailman/listinfo/buildroot
>>> <https://lists.buildroot.org/mailman/listinfo/buildroot>
>>
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Buildroot] [PATCH] package/refpolicy: enable refpolicy's xdg module when systemd is enabled
2021-11-03 21:06 ` Romain Naour
@ 2021-11-03 22:04 ` Thomas Petazzoni
0 siblings, 0 replies; 6+ messages in thread
From: Thomas Petazzoni @ 2021-11-03 22:04 UTC (permalink / raw)
To: Romain Naour; +Cc: Antoine Tenart, Adam Duskett, buildroot
Hello,
On Wed, 3 Nov 2021 22:06:43 +0100
Romain Naour <romain.naour@gmail.com> wrote:
> > I just tested by adding xdg to SYSTEMD_SELINUX_MODULES which does
> > indeed fix the issue.
>
> ok but it's not clear to me if we need to add xdg to SYSTEMD_SELINUX_MODULES or
> REFPOLICY_MODULES.
Clearly to SYSTEMD_SELINUX_MODULES. The idea of REFPOLICY_MODULES is to list:
(1) Mandatory refpolicy modules
(2) refpolicy modules needed by other Buildroot packages, i.e.
$(PACKAGES_SELINUX_MODULES)
(3) refpolicy modules explicitly enabled by the user through the
BR2_REFPOLICY_EXTRA_MODULES option
(4) additional SELinux policy modules provided directly within a
package directory, in package/<foo>/selinux/
In our case, it's the systemd refpolicy module that needs xdg, so
systemd.mk should be patched:
-SYSTEMD_SELINUX_MODULES = systemd udev
+SYSTEMD_SELINUX_MODULES = systemd udev xdg
Could you send an updated patch ?
Thanks!
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-11-03 22:04 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-31 22:42 [Buildroot] [PATCH] package/refpolicy: enable refpolicy's xdg module when systemd is enabled Romain Naour
2021-11-01 6:10 ` ratbert90
2021-11-01 9:23 ` Romain Naour
2021-11-02 17:26 ` Adam Duskett
2021-11-03 21:06 ` Romain Naour
2021-11-03 22:04 ` Thomas Petazzoni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.