There is a small cost to having compressed policy files on the final image both in terms of memory requirements and load times. In nearly all circumstances this is negligible, but this adds a DISTRO_FEATURE that can be used to enable it, if desired.
The default selinux distros will enable the feature by default. Signed-off-by: Joe MacDonald <j...@deserted.net> --- conf/distro/oe-selinux.conf | 2 +- recipes-security/refpolicy/refpolicy_common.inc | 32 ++++++++++++++++------- 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/conf/distro/oe-selinux.conf b/conf/distro/oe-selinux.conf index 6e55a32..5f4af87 100644 --- a/conf/distro/oe-selinux.conf +++ b/conf/distro/oe-selinux.conf @@ -1,4 +1,4 @@ DISTRO = "oe-selinux" DISTROOVERRIDES .= ":selinux" -DISTRO_FEATURES_append = " acl xattr pam selinux" +DISTRO_FEATURES_append = " acl xattr pam selinux compressed_policy" diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc index b46903f..a71c5dd 100644 --- a/recipes-security/refpolicy/refpolicy_common.inc +++ b/recipes-security/refpolicy/refpolicy_common.inc @@ -11,8 +11,10 @@ SRC_URI += "file://customizable_types \ S = "${WORKDIR}/refpolicy" -FILES_${PN} = "${sysconfdir}/selinux/${POLICY_NAME}/ \ - ${datadir}/selinux/${POLICY_NAME}/*.pp.bz2" +FILES_${PN} = " \ + ${sysconfdir}/selinux/${POLICY_NAME}/ \ + ${@base_contains('DISTRO_FEATURES', 'compressed_policy', '${datadir}/selinux/${POLICY_NAME}/*.pp.bz2', '${datadir}/selinux/${POLICY_NAME}/*.pp', d)} \ + " FILES_${PN}-dev =+ "${datadir}/selinux/${POLICY_NAME}/include/" DEPENDS += "checkpolicy-native policycoreutils-native m4-native" @@ -79,14 +81,24 @@ EOF mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files touch ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/file_contexts.local - for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do - bzip2 $i - if [ "`basename $i`" != "base.pp" ]; then - cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i` - else - cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/`basename $i` - fi - done + if ${@base_contains('DISTRO_FEATURES','compressed_policy','true','false',d)}; then + for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do + bzip2 $i + if [ "`basename $i`" != "base.pp" ]; then + cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i` + else + cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/`basename $i` + fi + done + else + bzip2 -c ${D}${datadir}/selinux/${POLICY_NAME}/base.pp >\ + ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp + for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do + if [ "`basename $i`" != "base.pp" ]; then + bzip2 -c $i > ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`; + fi + done + fi # Create policy store and build the policy semodule -p ${D} -s ${POLICY_NAME} -n -B -- 1.7.10.4 _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto