This is intended to demonstrate the minimal set packages necessary to boot and load a system with SELinux enabled. Specifically we don't need any of the packages that depend on python.
Signed-off-by: Philip Tricca <fl...@twobit.us> --- .../images/core-image-selinux-minimal.bb | 15 +++++++++++ .../packagegroups/packagegroup-selinux-minimal.bb | 26 ++++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 recipes-security/images/core-image-selinux-minimal.bb create mode 100644 recipes-security/packagegroups/packagegroup-selinux-minimal.bb diff --git a/recipes-security/images/core-image-selinux-minimal.bb b/recipes-security/images/core-image-selinux-minimal.bb new file mode 100644 index 0000000..45cd847 --- /dev/null +++ b/recipes-security/images/core-image-selinux-minimal.bb @@ -0,0 +1,15 @@ +DESCRIPTION = "Minimal image with SELinux support (no python)" + +IMAGE_FEATURES += "splash ssh-server-openssh" + +LICENSE = "MIT" + +IMAGE_INSTALL = "\ + ${CORE_IMAGE_BASE_INSTALL} \ + bash \ + util-linux-agetty \ + packagegroup-core-boot \ + packagegroup-selinux-minimal \ +" + +inherit core-image diff --git a/recipes-security/packagegroups/packagegroup-selinux-minimal.bb b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb new file mode 100644 index 0000000..16f6bae --- /dev/null +++ b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb @@ -0,0 +1,26 @@ +DESCRIPTION = "SELinux packagegroup with only packages required for basic operations" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=3f40d7994397109285ec7b81fdeb3b58 \ + file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" +PR = "r0" + +PACKAGES = "\ + ${PN} \ + " + +ALLOW_EMPTY_${PN} = "1" + +RDEPENDS_${PN} = " \ + coreutils \ + libsepol \ + libselinux \ + libselinux-bin \ + libsemanage \ + policycoreutils-fixfiles \ + policycoreutils-secon \ + policycoreutils-semodule \ + policycoreutils-sestatus \ + policycoreutils-setfiles \ + selinux-config \ + refpolicy-mls \ + " -- 1.7.10.4 _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto