[yocto] [PATCH 11/13] refpolicy: Add support for the SYSTEMD build.conf option.

[Stephen Smalley]

refpolicy has introduced a new build.conf option, SYSTEMD=y,
to enable rules specific to using systemd as the init system.
In particular, without setting this option, rules for direct
domain transitions from init_t to daemon domains are not included
in the policy.  Define a POLICY_SYSTEMD variable in the refpolicy
common include file that can be set elsewhere to enable this support.

Signed-off-by: Stephen Smalley <sds at tycho.nsa.gov>
---
 recipes-security/refpolicy/refpolicy_common.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index 0b0b2fd..67d0426 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -35,6 +35,7 @@ POLICY_DISTRO ?= "redhat"
 POLICY_UBAC ?= "n"
 POLICY_UNK_PERMS ?= "allow"
 POLICY_DIRECT_INITRC ?= "n"
+POLICY_SYSTEMD ?= "n"
 POLICY_MONOLITHIC ?= "n"
 POLICY_CUSTOM_BUILDOPT ?= ""
 POLICY_QUIET ?= "y"
@@ -48,6 +49,7 @@ EXTRA_OEMAKE += "NAME=${POLICY_NAME} \
 	UBAC=${POLICY_UBAC} \
 	UNK_PERMS=${POLICY_UNK_PERMS} \
 	DIRECT_INITRC=${POLICY_DIRECT_INITRC} \
+	SYSTEMD=${POLICY_SYSTEMD} \
 	MONOLITHIC=${POLICY_MONOLITHIC} \
 	CUSTOM_BUILDOPT=${POLICY_CUSTOM_BUILDOPT} \
 	QUIET=${POLICY_QUIET} \
-- 
2.4.3