There is a small cost to having compressed policy files on the final
image both in terms of memory requirements and load times. In nearly all
circumstances this is negligible, but this adds a DISTRO_FEATURE that
can be used to enable it, if desired.
The default selinux distros will enable the feature by default.
Signed-off-by: Joe MacDonald <j...@deserted.net>
---
conf/distro/oe-selinux.conf | 2 +-
recipes-security/refpolicy/refpolicy_common.inc | 32 ++++++++++++++++-------
2 files changed, 23 insertions(+), 11 deletions(-)
diff --git a/conf/distro/oe-selinux.conf b/conf/distro/oe-selinux.conf
index 6e55a32..5f4af87 100644
--- a/conf/distro/oe-selinux.conf
+++ b/conf/distro/oe-selinux.conf
@@ -1,4 +1,4 @@
DISTRO = "oe-selinux"
DISTROOVERRIDES .= ":selinux"
-DISTRO_FEATURES_append = " acl xattr pam selinux"
+DISTRO_FEATURES_append = " acl xattr pam selinux compressed_policy"
diff --git a/recipes-security/refpolicy/refpolicy_common.inc
b/recipes-security/refpolicy/refpolicy_common.inc
index b46903f..a71c5dd 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -11,8 +11,10 @@ SRC_URI += "file://customizable_types \
S = "${WORKDIR}/refpolicy"
-FILES_${PN} = "${sysconfdir}/selinux/${POLICY_NAME}/ \
- ${datadir}/selinux/${POLICY_NAME}/*.pp.bz2"
+FILES_${PN} = " \
+ ${sysconfdir}/selinux/${POLICY_NAME}/ \
+ ${@base_contains('DISTRO_FEATURES', 'compressed_policy',
'${datadir}/selinux/${POLICY_NAME}/*.pp.bz2',
'${datadir}/selinux/${POLICY_NAME}/*.pp', d)} \
+ "
FILES_${PN}-dev =+ "${datadir}/selinux/${POLICY_NAME}/include/"
DEPENDS += "checkpolicy-native policycoreutils-native m4-native"
@@ -79,14 +81,24 @@ EOF
mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules
mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files
touch
${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/file_contexts.local
- for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do
- bzip2 $i
- if [ "`basename $i`" != "base.pp" ]; then
- cp ${i}.bz2
${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`
- else
- cp ${i}.bz2
${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/`basename $i`
- fi
- done
+ if
${@base_contains('DISTRO_FEATURES','compressed_policy','true','false',d)}; then
+ for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do
+ bzip2 $i
+ if [ "`basename $i`" != "base.pp" ]; then
+ cp ${i}.bz2
${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`
+ else
+ cp ${i}.bz2
${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/`basename $i`
+ fi
+ done
+ else
+ bzip2 -c ${D}${datadir}/selinux/${POLICY_NAME}/base.pp >\
+
${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp
+ for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do
+ if [ "`basename $i`" != "base.pp" ]; then
+ bzip2 -c $i >
${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`;
+ fi
+ done
+ fi
# Create policy store and build the policy
semodule -p ${D} -s ${POLICY_NAME} -n -B
--
1.7.10.4
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
