From 2da0c93c650feb5b81375b9a9a319cade3c1c99e Mon Sep 17 00:00:00 2001 From: Philip Tricca Date: Wed, 9 Oct 2013 12:32:44 +0000 Subject: Break policycoreutils out into separate packages for the various utilities. The driver beind this is to allow images to be built with the minimal tools necessary to load a policy. Breaking all of the stuff that's dependent on python out from the core utils allows us to make much smaller images. Signed-off-by: Philip Tricca Signed-off-by: Joe MacDonald --- recipes-security/selinux/policycoreutils.inc | 188 +++++++++++++++++++++++++-- 1 file changed, 178 insertions(+), 10 deletions(-) diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc index dfd65e3..f8187e4 100644 --- a/recipes-security/selinux/policycoreutils.inc +++ b/recipes-security/selinux/policycoreutils.inc @@ -13,7 +13,7 @@ SRC_URI += "${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} PAM_SRC_URI = "file://pam.d/newrole \ file://pam.d/run_init \ - " +" DEPENDS += "libsepol libselinux libsemanage" EXTRA_DEPENDS = "libcap-ng libcgroup setools" @@ -26,7 +26,7 @@ RDEPENDS_${BPN} += "\ libselinux-python \ libsemanage-python \ sepolgen \ - " +" RDEPENDS_${BPN} += "\ python \ python-unixadmin \ @@ -36,8 +36,93 @@ RDEPENDS_${BPN} += "\ python-syslog \ python-textutils \ python-ipy \ - " - +" +RDEPENDS_${BPN}-audit2allow = "\ + python-textutils \ + libselinux-python \ + sepolgen \ +" +RDEPENDS_${BPN}-chcat = "\ + python-codecs \ + python-shell \ + python-stringold \ + python-unixadmin \ + ${BPN}-python \ + libselinux-python \ +" +RDEPENDS_${BPN}-fixfiles += "\ + ${BPN}-setfiles \ +" +RDEPENDS_${BPN}-genhomedircon += "\ + ${BPN}-genhomedircon \ + ${BPN}-semodule \ +" +RDEPENDS_${BPN}-loadpolicy += "\ + libselinux \ + libsepol \ +" +RDEPENDS_${BPN}-newrole += "\ + libcap-ng \ + libselinux \ +" +RDEPENDS_${BPN}-python += "\ + python-codecs \ + python-io \ + python-ipy \ + python-re \ + python-stringold \ + python-syslog \ + python-unixadmin \ + libselinux-python \ + libsemanage-python \ +" +RDEPENDS_${BPN}-runinit += "libselinux" +RDEPENDS_${BPN}-sandbox += "\ + python-math \ + python-shell \ + python-subprocess \ + python-textutils \ + python-unixadmin \ + libselinux-python \ + ${BPN}-python \ +" +RDEPENDS_${BPN}-secon += "libselinux" +RDEPENDS_${BPN}-semanage = "\ + python-core \ + python-ipy \ + ${BPN}-python \ + libselinux-python \ +" +RDEPENDS_${BPN}-semodule += "\ + libsepol \ + libselinux \ + libsemanage \ +" +# static link to libsepol +DEPENDS_${BPN}-semodule-deps += "libsepol" +RDEPENDS_${BPN}-semodule-expand += "libsepol libselinux" +RDEPENDS_${BPN}-semodule-link += "libsepol libselinux" +RDEPENDS_${BPN}-semodule-package += "libsepol libselinux" +RDEPENDS_${BPN}-sepolicy += "\ + python-argparse \ + python-codecs \ + python-core \ + python-syslog \ + ${BPN}-python \ +" +# static link to libsepol +DEPENDS_${BPN}-sepolgen-ifgen += "libsepol" +RDEPENDS_${BPN}-sepolgen-ifgen += "libselinux-python" +RDEPENDS_${BPN}-sestatus += "libselinux" +RDEPENDS_${BPN}-setfiles += "\ + libselinux \ + libsepol \ +" +RDEPENDS_${BPN}-setsebool += "\ + libsepol \ + libselinux \ + libsemanage \ +" RDEPENDS_${BPN} += "setools setools-libs ${BPN}-python" WARN_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${WARN_QA}', d)}" @@ -45,14 +130,97 @@ ERROR_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${ERROR_QA}', d)} inherit pythonnative -PACKAGES =+ "${PN}-python ${PN}-sandbox system-config-selinux" -FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/seobject.py* \ +PACKAGES =+ "\ + ${PN}-audit2allow \ + ${PN}-chcat \ + ${PN}-fixfiles \ + ${PN}-genhomedircon \ + ${PN}-loadpolicy \ + ${PN}-newrole \ + ${PN}-python \ + ${PN}-runinit \ + ${PN}-sandbox \ + ${PN}-secon \ + ${PN}-semanage \ + ${PN}-semodule \ + ${PN}-semodule-deps \ + ${PN}-semodule-expand \ + ${PN}-semodule-link \ + ${PN}-semodule-package \ + ${PN}-sepolgen-ifgen \ + ${PN}-sepolicy \ + ${PN}-sestatus \ + ${PN}-setfiles \ + ${PN}-setsebool \ + system-config-selinux \ +" +FILES_${PN}-audit2allow = "\ + ${bindir}/audit2allow \ + ${bindir}/audit2why \ +" +FILES_${PN}-chcat = "\ + ${bindir}/chcat \ +" +FILES_${PN}-fixfiles += "${base_sbindir}/fixfiles" +FILES_${PN}-genhomedircon += "${sbindir}/genhomedircon" +FILES_${PN}-loadpolicy += "\ + ${base_sbindir}/load_policy \ + ${sbindir}/load_policy \ +" +FILES_${PN}-newrole += "\ + ${bindir}/newrole \ + ${@base_contains('DISTRO_FEATURES', 'pam', '${sysconfdir}/pam.d/newrole', '', d)} \ +" +FILES_${PN}-python = "\ + ${libdir}/python${PYTHON_BASEVERSION}/site-packages/seobject.py* \ ${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolicy*.egg-info \ - ${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolicy/*" + ${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolicy/* \ +" +FILES_${PN}-runinit += "\ + ${sbindir}/run_init \ + ${sbindir}/open_init_pty \ + ${@base_contains('DISTRO_FEATURES', 'pam', '${sysconfdir}/pam.d/run_init', '', d)} \ +" FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolicy/.debug/*" -FILES_${PN}-sandbox = "${datadir}/sandbox/*" -FILES_${PN}-sandbox += "${bindir}/sandbox" -FILES_${PN}-sandbox += "${sbindir}/seunshare" +FILES_${PN}-sandbox += "\ + ${datadir}/sandbox/* \ + ${bindir}/sandbox \ + ${sbindir}/seunshare \ + ${sysconfdir}/sysconfig/sandbox \ +" +FILES_${PN}-secon += "${bindir}/secon" +FILES_${PN}-semanage = "\ + ${sbindir}/semanage \ + ${sysconfdir}/bash_completion.d/semanage-bash-completion.sh \ +" +FILES_${PN}-semodule += "${sbindir}/semodule" +FILES_${PN}-semodule-deps += "${bindir}/semodule_deps" +FILES_${PN}-semodule-expand += "${bindir}/semodule_expand" +FILES_${PN}-semodule-link += "${bindir}/semodule_link" +FILES_${PN}-semodule-package += "\ + ${bindir}/semodule_package \ + ${bindir}/semodule_unpackage \ +" +FILES_${PN}-sepolicy += "\ + ${bindir}/sepolicy \ + ${sysconfdir}/bash_completion.d/sepolicy-bash-completion.sh \ +" +FILES_${PN}-sepolgen-ifgen += "\ + ${bindir}/sepolgen-ifgen \ + ${bindir}/sepolgen-ifgen-attr-helper \ +" +FILES_${PN}-sestatus += "\ + ${sbindir}/sestatus \ + ${sysconfdir}/sestatus.conf \ +" +FILES_${PN}-setfiles += "\ + ${base_sbindir}/restorecon \ + ${base_sbindir}/setfiles \ +" +FILES_${PN}-setsebool += "\ + ${sbindir}/setsebool \ + ${sysconfdir}/bash_completion.d/setsebool-bash-completion.sh \ +" FILES_system-config-selinux = " \ ${bindir}/sepolgen \ ${datadir}/system-config-selinux/* \ -- cgit v1.2.3-54-g00ecf