[yocto] [meta-selinux][PATCH 0/3] refpolicy virtual package
Philip Tricca
flihp at twobit.us
Sun Apr 3 17:21:32 PDT 2016
We currently require each image to depend on the policy (or multiple
policies) that they want installed and the selinux-config package
enables the DEFAULT_POLICY. Since only one policy can be in effect at a
time, and we're targeting "embedded" systems it makes sense (to me at
least) that we would treat the policy much like we do the kernel and use
a virtual provider.
Feedback would be much appreciated,
Philip
Philip Tricca (3):
refpolicy: Setup virtual/refpolicy provider.
Integrate selinux-config into refpolicy_common.
refpolicy_common: Sanity test DEFAULT_ENFORCING value and set default.
conf/distro/oe-selinux.conf | 1 +
.../packagegroups/packagegroup-core-selinux.bb | 4 +-
.../packagegroups/packagegroup-selinux-minimal.bb | 3 +-
recipes-security/refpolicy/refpolicy_common.inc | 43 +++++++++++++++++++++-
recipes-security/selinux/selinux-config_0.1.bb | 41 ---------------------
5 files changed, 44 insertions(+), 48 deletions(-)
delete mode 100644 recipes-security/selinux/selinux-config_0.1.bb
--
2.1.4
More information about the yocto
mailing list