Add packagegroup and image recipe for minimal SELinux image.

This is intended to demonstrate the minimal set packages necessary
to boot and load a system with SELinux enabled. Specifically we
don't need any of the packages that depend on python.

Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe@deserted.net>

2 files changed, 41 insertions, 0 deletions

diff --git a/recipes-security/images/core-image-selinux-minimal.bb b/recipes-security/images/core-image-selinux-minimal.bb
new file mode 100644
index 0000000..45cd847
--- /dev/null
+++ b/recipes-security/images/core-image-selinux-minimal.bb
@@ -0,0 +1,15 @@
+DESCRIPTION = "Minimal image with SELinux support (no python)"
+
+IMAGE_FEATURES += "splash ssh-server-openssh"
+
+LICENSE = "MIT"
+
+IMAGE_INSTALL = "\
+        ${CORE_IMAGE_BASE_INSTALL} \
+        bash \
+        util-linux-agetty \
+        packagegroup-core-boot \
+        packagegroup-selinux-minimal \
+"
+
+inherit core-image
diff --git a/recipes-security/packagegroups/packagegroup-selinux-minimal.bb b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
new file mode 100644
index 0000000..bae15ea
--- /dev/null
+++ b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
@@ -0,0 +1,26 @@
+DESCRIPTION = "SELinux packagegroup with only packages required for basic operations"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=3f40d7994397109285ec7b81fdeb3b58 \
+                    file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+PR = "r0"
+
+PACKAGES = "\
+        ${PN} \
+"
+
+ALLOW_EMPTY_${PN} = "1"
+
+RDEPENDS_${PN} = "\
+        coreutils \
+        libsepol \
+        libselinux \
+        libselinux-bin \
+        libsemanage \
+        policycoreutils-fixfiles \
+        policycoreutils-secon \
+        policycoreutils-semodule \
+        policycoreutils-sestatus \
+        policycoreutils-setfiles \
+        selinux-config \
+        refpolicy-mls \
+"