CaROS/meta-selinux
3
0
Fork 0
mirror of git://git.yoctoproject.org/meta-selinux synced 2026-01-01 13:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
655db117a2
meta-selinux/README
Shrikant Bobade 655db117a2 README: update with systemd & virtual/refpolicy details 
add init manager user guidelines and examples for using refpolicy with
perticular version and type.

Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2016-07-04 15:42:36 -04:00

124 lines
4.0 KiB
Plaintext
Raw Blame History

meta-selinux
============
This layer's purpose is enabling SE Linux support when used with Poky.
The majority of this layers work is accomplished in bbappend files, used to
enable SE Linux support in existing Poky packages.
A new recipes-security was added. The purpose of this category is to add
software specific to system security.
Please see the MAINTAINERS file for information on contacting the maintainers
of this layer, as well as instructions for submitting patches.
status
------
Sep 17, 2013 - Updated to match oe-core/poky master for what will be the
1.5 release
* Misc bug fixes
* Update distro config
* Uprev various packages
Jan 31, 2012 - Initial version of the layer available. Basic functionality:
* new recipes-security -- includes all SE Linux core components
* enable kernel configuration of SE Linux components
* enable a few basic recipes to be used as examples for others
Dependencies
------------
This layer depends on the Poky metadata. For more information on Poky see
the Yocto Project website:
http://www.yoctoproject.org
This layer also optionally depends on the following layers:
URI: git://github.com/openembedded/meta-oe.git
branch: master
revision: HEAD
layers: meta-oe
meta-networking
meta-python
URI: git://git.yoctoproject.org/meta-virtualization
branch: master
revision: HEAD
Maintenance
-----------
Please see the MAINTAINERS file for information on contacting the maintainers
of this layer, as well as instructions for submitting patches.
Building the meta-selinux layer
-------------------------------
In order to add selinux support to the poky build this layer should be added
to the bblayers.conf file. In addition you should modify your local.conf
to specify the "poky-selinux" distribution.
An "oe-selinux" distribution is also included as a convienence for people
working with this layer, without the additional Poky meta data. This
approach may work, but is not generally tested by the maintainers.
e.g. DISTRO="poky-selinux"
Using different versions of linux-yocto
---------------------------------------
To prepare selinux enabled images using different ver. of linux-yocto,
we can choose supported versions of linux-yocto,
currently supported: v3.14, v3.19, v4.1(by default).
* enable the preferred linux-yocto to local.conf or oe-selinux.conf
e.g. PREFERRED_VERSION_linux-yocto_qemuarm = "3.19%"
Using different versions of refpolicy
-------------------------------------
To prepare selinux enabled images using different ver. of refpolicy,
we can choose supported releases of refpolicy
refer to available versions under recipes-security/refpolicy
We can use the refpolicy directly from git repository instead of release tarballs.
By default refpolicy from git builds head commit of master branch, we can update
SRCREV for refpolicy and refpolicy-contrib as appropriate at refpolicy_git.inc
to check refpolicy as per required commits.
* enable the preferred refpolicy-minimum to local.conf or oe-selinux.conf
e.g. PREFERRED_VERSION_refpolicy-minimum = "2.20151208"
Using perticular refpolicy policy type
--------------------------------------
Provider "virtual/refpolicy" used to set perticular refpolicy type.
* enabled refpolicy-minimum from refpolicy types at config level
e.g. PREFERRED_PROVIDER_virtual/refpolicy ?= "refpolicy-minimum"
Using different init manager
----------------------------
By default selinux enabled images coming up with "sysvinit" as init manager,
we can use "systemd" as an init manager using below changes to local.conf
* enable systemd as init manager changes to local.conf
DISTRO_FEATURES_remove = " sysvinit"
DISTRO_FEATURES_append = " systemd"
VIRTUAL-RUNTIME_init_manager = "systemd"
DISTRO_FEATURES_BACKFILL_CONSIDERED = ""
License
-------
All metadata is MIT licensed unless otherwise stated. Source code included
in tree for individual recipes is under the LICENSE stated in each recipe
(.bb file) unless otherwise stated.
This README document is Copyright (C) 2012 Wind River Systems, Inc.
Reference in New Issue View Git Blame Copy Permalink