CaROS/meta-selinux
3
0
Fork 0
mirror of git://git.yoctoproject.org/meta-selinux synced 2026-01-01 13:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use compressed_policy by default, and clear distro feature

Browse Source 
Original refpolicy install compressed policy modules to policy store,
but leave datadir ones uncompressed. After, a "compressed_policy" distro
feature is added for compressing the datadir ones.

This simple mechanism is unworthy for a distro feature, just clear it
and use compressed policy modules by default.

Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
This commit is contained in:
Xin Ouyang 2014-09-22 14:10:47 +08:00
parent b59250d423
commit af4937c07e
3 changed files with 17 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
conf/distro/oe-selinux.conf
View File

@ -1,4 +1,4 @@
DISTRO = "oe-selinux"
DISTROOVERRIDES .= ":selinux"
DISTRO_FEATURES_append = " acl xattr pam selinux compressed_policy"
DISTRO_FEATURES_append = " acl xattr pam selinux"

23
recipes-security/refpolicy/refpolicy-minimum_2.20140311.bb
View File

@ -38,20 +38,11 @@ prepare_policy_store () {
mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules
mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files
touch ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/file_contexts.local
if ${@base_contains('DISTRO_FEATURES','compressed_policy','true','false',d)}; then
for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do
bzip2 $i
done
cp base.pp.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp
for i in ${POLICY_MODULES_MIN}; do
cp ${i}.pp.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i.pp`
done
else
bzip2 -c ${D}${datadir}/selinux/${POLICY_NAME}/base.pp > \
${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp
for i in ${POLICY_MODULES_MIN}; do
bzip2 -c ${D}${datadir}/selinux/${POLICY_NAME}/$i.pp > \
${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/$i.pp
done
fi
for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do
bzip2 -f $i && mv -f $i.bz2 $i
done
cp base.pp ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp
for i in ${POLICY_MODULES_MIN}; do
cp ${i}.pp ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i.pp`
done
}

28
recipes-security/refpolicy/refpolicy_common.inc
View File

@ -13,7 +13,7 @@ S = "${WORKDIR}/refpolicy"
FILES_${PN} = " \
${sysconfdir}/selinux/${POLICY_NAME}/ \
${@base_contains('DISTRO_FEATURES', 'compressed_policy', '${datadir}/selinux/${POLICY_NAME}/*.pp.bz2', '${datadir}/selinux/${POLICY_NAME}/*.pp', d)} \
${datadir}/selinux/${POLICY_NAME}/*.pp \
"
FILES_${PN}-dev =+ "${datadir}/selinux/${POLICY_NAME}/include/"
@ -69,24 +69,14 @@ prepare_policy_store () {
mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules
mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files
touch ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/file_contexts.local
if ${@base_contains('DISTRO_FEATURES','compressed_policy','true','false',d)}; then
for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do
bzip2 $i
if [ "`basename $i`" != "base.pp" ]; then
cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`
else
cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/`basename $i`
fi
done
else
bzip2 -c ${D}${datadir}/selinux/${POLICY_NAME}/base.pp >\
${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp
for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do
if [ "`basename $i`" != "base.pp" ]; then
bzip2 -c $i > ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`;
fi
done
fi
for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do
bzip2 -f $i && mv -f $i.bz2 $i
if [ "`basename $i`" != "base.pp" ]; then
cp $i ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`
else
cp $i ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/`basename $i`
fi
done
}
rebuild_policy () {