The driver beind this is to allow images to be built with the minimal
tools necessary to load a policy. Breaking all of the stuff that's
dependent on python out from the core utils allows us to make much
smaller images.
Signed-off-by: Philip Tricca <fl...@twobit.us>
---
recipes-security/selinux/policycoreutils.inc | 181 +++++++++++++++++++++++++-
1 file changed, 175 insertions(+), 6 deletions(-)
diff --git a/recipes-security/selinux/policycoreutils.inc
b/recipes-security/selinux/policycoreutils.inc
index dfd65e3..e6ff4ed 100644
--- a/recipes-security/selinux/policycoreutils.inc
+++ b/recipes-security/selinux/policycoreutils.inc
@@ -38,6 +38,92 @@ RDEPENDS_${BPN} += "\
python-ipy \
"
+RDEPENDS_${BPN}-audit2allow = " \
+ python-textutils \
+ libselinux-python \
+ sepolgen \
+ "
+RDEPENDS_${BPN}-chcat = " \
+ python-codecs \
+ python-shell \
+ python-stringold \
+ python-unixadmin \
+ ${BPN}-python \
+ libselinux-python \
+ "
+RDEPENDS_${BPN}-fixfiles += "\
+ ${BPN}-setfiles \
+ "
+RDEPENDS_${BPN}-genhomedircon += "\
+ ${BPN}-genhomedircon \
+ ${BPN}-semodule \
+ "
+RDEPENDS_${BPN}-loadpolicy += "\
+ libselinux \
+ libsepol \
+ "
+RDEPENDS_${BPN}-newrole += "\
+ libcap-ng \
+ libselinux \
+ "
+RDEPENDS_${BPN}-python += "\
+ python-codecs \
+ python-io \
+ python-ipy \
+ python-re \
+ python-stringold \
+ python-syslog \
+ python-unixadmin \
+ libselinux-python \
+ libsemanage-python \
+ "
+RDEPENDS_${BPN}-runinit += "libselinux"
+RDEPENDS_${BPN}-sandbox += "\
+ python-math \
+ python-shell \
+ python-subprocess \
+ python-textutils \
+ python-unixadmin \
+ libselinux-python \
+ ${BPN}-python \
+ "
+RDEPENDS_${BPN}-secon += "libselinux"
+RDEPENDS_${BPN}-semanage = " \
+ python-core \
+ python-ipy \
+ ${BPN}-python \
+ libselinux-python \
+ "
+RDEPENDS_${BPN}-semodule += "\
+ libsepol \
+ libselinux \
+ libsemanage \
+ "
+# static link to libsepol
+DEPENDS_${BPN}-semodule-deps += "libsepol"
+RDEPENDS_${BPN}-semodule-expand += "libsepol libselinux"
+RDEPENDS_${BPN}-semodule-link += "libsepol libselinux"
+RDEPENDS_${BPN}-semodule-package += "libsepol libselinux"
+RDEPENDS_${BPN}-sepolicy += "\
+ python-argparse \
+ python-codecs \
+ python-core \
+ python-syslog \
+ ${BPN}-python \
+ "
+# static link to libsepol
+DEPENDS_${BPN}-sepolgen-ifgen += "libsepol"
+RDEPENDS_${BPN}-sepolgen-ifgen += "libselinux-python"
+RDEPENDS_${BPN}-sestatus += "libselinux"
+RDEPENDS_${BPN}-setfiles += "\
+ libselinux \
+ libsepol \
+ "
+RDEPENDS_${BPN}-setsebool += "\
+ libsepol \
+ libselinux \
+ libsemanage \
+ "
RDEPENDS_${BPN} += "setools setools-libs ${BPN}-python"
WARN_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${WARN_QA}', d)}"
@@ -45,14 +131,97 @@ ERROR_QA :=
"${@oe_filter_out('unsafe-references-in-scripts', '${ERROR_QA}', d)}
inherit pythonnative
-PACKAGES =+ "${PN}-python ${PN}-sandbox system-config-selinux"
-FILES_${PN}-python =
"${libdir}/python${PYTHON_BASEVERSION}/site-packages/seobject.py* \
+PACKAGES =+ "\
+ ${PN}-audit2allow \
+ ${PN}-chcat \
+ ${PN}-fixfiles \
+ ${PN}-genhomedircon \
+ ${PN}-loadpolicy \
+ ${PN}-newrole \
+ ${PN}-python \
+ ${PN}-runinit \
+ ${PN}-sandbox \
+ ${PN}-secon \
+ ${PN}-semanage \
+ ${PN}-semodule \
+ ${PN}-semodule-deps \
+ ${PN}-semodule-expand \
+ ${PN}-semodule-link \
+ ${PN}-semodule-package \
+ ${PN}-sepolgen-ifgen \
+ ${PN}-sepolicy \
+ ${PN}-sestatus \
+ ${PN}-setfiles \
+ ${PN}-setsebool \
+ system-config-selinux \
+ "
+FILES_${PN}-audit2allow = " \
+ ${bindir}/audit2allow \
+ ${bindir}/audit2why \
+ "
+FILES_${PN}-chcat = " \
+ ${bindir}/chcat \
+ "
+FILES_${PN}-fixfiles += "${base_sbindir}/fixfiles"
+FILES_${PN}-genhomedircon += "${sbindir}/genhomedircon"
+FILES_${PN}-loadpolicy += "\
+ ${base_sbindir}/load_policy \
+ ${sbindir}/load_policy \
+ "
+FILES_${PN}-newrole += "\
+ ${bindir}/newrole \
+ ${@base_contains('DISTRO_FEATURES', 'pam',
'${sysconfdir}/pam.d/newrole', '', d)} \
+ "
+FILES_${PN}-python = " \
+ ${libdir}/python${PYTHON_BASEVERSION}/site-packages/seobject.py* \
${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolicy*.egg-info \
- ${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolicy/*"
+ ${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolicy/* \
+ "
+FILES_${PN}-runinit += "\
+ ${sbindir}/run_init \
+ ${sbindir}/open_init_pty \
+ ${@base_contains('DISTRO_FEATURES', 'pam',
'${sysconfdir}/pam.d/run_init', '', d)} \
+ "
FILES_${PN}-dbg +=
"${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolicy/.debug/*"
-FILES_${PN}-sandbox = "${datadir}/sandbox/*"
-FILES_${PN}-sandbox += "${bindir}/sandbox"
-FILES_${PN}-sandbox += "${sbindir}/seunshare"
+FILES_${PN}-sandbox += "\
+ ${datadir}/sandbox/* \
+ ${bindir}/sandbox \
+ ${sbindir}/seunshare \
+ ${sysconfdir}/sysconfig/sandbox \
+ "
+FILES_${PN}-secon += "${bindir}/secon"
+FILES_${PN}-semanage = " \
+ ${sbindir}/semanage \
+ ${sysconfdir}/bash_completion.d/semanage-bash-completion.sh \
+ "
+FILES_${PN}-semodule += "${sbindir}/semodule"
+FILES_${PN}-semodule-deps += "${bindir}/semodule_deps"
+FILES_${PN}-semodule-expand += "${bindir}/semodule_expand"
+FILES_${PN}-semodule-link += "${bindir}/semodule_link"
+FILES_${PN}-semodule-package += "\
+ ${bindir}/semodule_package \
+ ${bindir}/semodule_unpackage \
+ "
+FILES_${PN}-sepolicy += "\
+ ${bindir}/sepolicy \
+ ${sysconfdir}/bash_completion.d/sepolicy-bash-completion.sh \
+ "
+FILES_${PN}-sepolgen-ifgen += "\
+ ${bindir}/sepolgen-ifgen \
+ ${bindir}/sepolgen-ifgen-attr-helper \
+ "
+FILES_${PN}-sestatus += "\
+ ${sbindir}/sestatus \
+ ${sysconfdir}/sestatus.conf \
+ "
+FILES_${PN}-setfiles += " \
+ ${base_sbindir}/restorecon \
+ ${base_sbindir}/setfiles \
+ "
+FILES_${PN}-setsebool += " \
+ ${sbindir}/setsebool \
+ ${sysconfdir}/bash_completion.d/setsebool-bash-completion.sh \
+ "
FILES_system-config-selinux = " \
${bindir}/sepolgen \
${datadir}/system-config-selinux/* \
--
1.7.10.4
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
