summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorXin Ouyang <xin.ouyang@windriver.com>2014-09-22 14:10:47 +0800
committerXin Ouyang <xin.ouyang@windriver.com>2014-09-22 16:14:21 +0800
commitaf4937c07eadb13d829c1ef278bed6528a2603a5 (patch)
tree618e830f5b777047de3b734ac84856adedd9eb0c
parentb59250d423e9938ae934c201922141886e279188 (diff)
downloadmeta-selinux-af4937c07eadb13d829c1ef278bed6528a2603a5.tar.gz
Use compressed_policy by default, and clear distro feature
Original refpolicy install compressed policy modules to policy store, but leave datadir ones uncompressed. After, a "compressed_policy" distro feature is added for compressing the datadir ones. This simple mechanism is unworthy for a distro feature, just clear it and use compressed policy modules by default. Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
Diffstat
-rw-r--r--conf/distro/oe-selinux.conf2
-rw-r--r--recipes-security/refpolicy/refpolicy-minimum_2.20140311.bb23
-rw-r--r--recipes-security/refpolicy/refpolicy_common.inc28
3 files changed, 17 insertions, 36 deletions
diff --git a/conf/distro/oe-selinux.conf b/conf/distro/oe-selinux.conf
index 5f4af87..6e55a32 100644
--- a/conf/distro/oe-selinux.conf
+++ b/conf/distro/oe-selinux.conf
@@ -1,4 +1,4 @@
1DISTRO = "oe-selinux" 1DISTRO = "oe-selinux"
2DISTROOVERRIDES .= ":selinux" 2DISTROOVERRIDES .= ":selinux"
3 3
4DISTRO_FEATURES_append = " acl xattr pam selinux compressed_policy" 4DISTRO_FEATURES_append = " acl xattr pam selinux"
diff --git a/recipes-security/refpolicy/refpolicy-minimum_2.20140311.bb b/recipes-security/refpolicy/refpolicy-minimum_2.20140311.bb
index 0b286ac..b275821 100644
--- a/recipes-security/refpolicy/refpolicy-minimum_2.20140311.bb
+++ b/recipes-security/refpolicy/refpolicy-minimum_2.20140311.bb
@@ -38,20 +38,11 @@ prepare_policy_store () {
38 mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules 38 mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules
39 mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files 39 mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files
40 touch ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/file_contexts.local 40 touch ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/file_contexts.local
41 if ${@base_contains('DISTRO_FEATURES','compressed_policy','true','false',d)}; then 41 for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do
42 for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do 42 bzip2 -f $i && mv -f $i.bz2 $i
43 bzip2 $i 43 done
44 done 44 cp base.pp ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp
45 cp base.pp.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp 45 for i in ${POLICY_MODULES_MIN}; do
46 for i in ${POLICY_MODULES_MIN}; do 46 cp ${i}.pp ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i.pp`
47 cp ${i}.pp.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i.pp` 47 done
48 done
49 else
50 bzip2 -c ${D}${datadir}/selinux/${POLICY_NAME}/base.pp > \
51 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp
52 for i in ${POLICY_MODULES_MIN}; do
53 bzip2 -c ${D}${datadir}/selinux/${POLICY_NAME}/$i.pp > \
54 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/$i.pp
55 done
56 fi
57} 48}
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index fd205cf..0dc055e 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -13,7 +13,7 @@ S = "${WORKDIR}/refpolicy"
13 13
14FILES_${PN} = " \ 14FILES_${PN} = " \
15 ${sysconfdir}/selinux/${POLICY_NAME}/ \ 15 ${sysconfdir}/selinux/${POLICY_NAME}/ \
16 ${@base_contains('DISTRO_FEATURES', 'compressed_policy', '${datadir}/selinux/${POLICY_NAME}/*.pp.bz2', '${datadir}/selinux/${POLICY_NAME}/*.pp', d)} \ 16 ${datadir}/selinux/${POLICY_NAME}/*.pp \
17 " 17 "
18FILES_${PN}-dev =+ "${datadir}/selinux/${POLICY_NAME}/include/" 18FILES_${PN}-dev =+ "${datadir}/selinux/${POLICY_NAME}/include/"
19 19
@@ -69,24 +69,14 @@ prepare_policy_store () {
69 mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules 69 mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules
70 mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files 70 mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files
71 touch ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/file_contexts.local 71 touch ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/file_contexts.local
72 if ${@base_contains('DISTRO_FEATURES','compressed_policy','true','false',d)}; then 72 for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do
73 for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do 73 bzip2 -f $i && mv -f $i.bz2 $i
74 bzip2 $i 74 if [ "`basename $i`" != "base.pp" ]; then
75 if [ "`basename $i`" != "base.pp" ]; then 75 cp $i ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`
76 cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i` 76 else
77 else 77 cp $i ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/`basename $i`
78 cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/`basename $i` 78 fi
79 fi 79 done
80 done
81 else
82 bzip2 -c ${D}${datadir}/selinux/${POLICY_NAME}/base.pp >\
83 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp
84 for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do
85 if [ "`basename $i`" != "base.pp" ]; then
86 bzip2 -c $i > ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`;
87 fi
88 done
89 fi
90} 80}
91 81
92rebuild_policy () { 82rebuild_policy () {
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-26 01:58:45 +0000