This causes do_populate_sysroot error if build two or more types of
refpolicy:
$ bitbake refpolicy-minimum && bitbake refpolicy-mls
ERROR: refpolicy-mls-git-r0 do_populate_sysroot: The recipe
refpolicy-mls is trying to install files into a shared area when those
files already exist. Those files and their manifest location are:
/buildarea/raid5/wfan/yocto/builds/selinux_sysvinit/tmp/sysroots/qemux86-64/etc/selinux/sepolgen.conf
Matched in manifest-qemux86-64-refpolicy-minimum.populate_sysroot
/buildarea/raid5/wfan/yocto/builds/selinux_sysvinit/tmp/sysroots/qemux86-64/etc/selinux/config
Matched in manifest-qemux86-64-refpolicy-minimum.populate_sysroot
/buildarea/raid5/wfan/yocto/builds/selinux_sysvinit/tmp/sysroots/qemux86-64/sysroot-providers/virtual_refpolicy
Matched in manifest-qemux86-64-refpolicy-minimum.populate_sysroot
Please verify which recipe should provide the above files.
Philip,
Can you consider to withdraw the integration?
Thanks
Wenzong
On 04/04/2016 08:21 AM, Philip Tricca wrote:
With the virutal package there's no need for a separate recipe to build
the config. This can be generated and included as part of the policy
package.
Signed-off-by: Philip Tricca <fl...@twobit.us>
---
.../packagegroups/packagegroup-core-selinux.bb | 1 -
.../packagegroups/packagegroup-selinux-minimal.bb | 1 -
recipes-security/refpolicy/refpolicy_common.inc | 30 ++++++++++++++--
recipes-security/selinux/selinux-config_0.1.bb | 40 ----------------------
4 files changed, 28 insertions(+), 44 deletions(-)
delete mode 100644 recipes-security/selinux/selinux-config_0.1.bb
diff --git a/recipes-security/packagegroups/packagegroup-core-selinux.bb
b/recipes-security/packagegroups/packagegroup-core-selinux.bb
index 62c5a76..c6d22b7 100644
--- a/recipes-security/packagegroups/packagegroup-core-selinux.bb
+++ b/recipes-security/packagegroups/packagegroup-core-selinux.bb
@@ -22,7 +22,6 @@ RDEPENDS_${PN} = " \
packagegroup-selinux-policycoreutils \
setools \
setools-console \
- selinux-config \
selinux-autorelabel \
selinux-init \
selinux-labeldev \
diff --git a/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
index 87ae686..451ae8b 100644
--- a/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
+++ b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
@@ -21,7 +21,6 @@ RDEPENDS_${PN} = "\
policycoreutils-semodule \
policycoreutils-sestatus \
policycoreutils-setfiles \
- selinux-config \
selinux-labeldev \
virtual/refpolicy \
"
diff --git a/recipes-security/refpolicy/refpolicy_common.inc
b/recipes-security/refpolicy/refpolicy_common.inc
index ba887e4..305675f 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -1,3 +1,5 @@
+DEFAULT_ENFORCING ??= "enforcing"
+
SECTION = "base"
LICENSE = "GPLv2"
@@ -14,7 +16,8 @@ SRC_URI += "file://customizable_types \
S = "${WORKDIR}/refpolicy"
-FILES_${PN} = " \
+CONFFILES_${PN} += "${sysconfdir}/selinux/config"
+FILES_${PN} += " \
${sysconfdir}/selinux/${POLICY_NAME}/ \
${datadir}/selinux/${POLICY_NAME}/*.pp \
${localstatedir}/lib/selinux/${POLICY_NAME}/ \
@@ -25,7 +28,6 @@ FILES_${PN}-dev =+ " \
"
DEPENDS += "checkpolicy-native policycoreutils-native m4-native"
-RDEPENDS_${PN} += "selinux-config"
PACKAGE_ARCH = "${MACHINE_ARCH}"
@@ -137,13 +139,37 @@ install_misc_files () {
oe_runmake 'DESTDIR=${D}' 'prefix=${D}${prefix}' install-headers
}
+install_config () {
+ echo "\
+# This file controls the state of SELinux on the system.
+# SELINUX= can take one of these three values:
+# enforcing - SELinux security policy is enforced.
+# permissive - SELinux prints warnings instead of enforcing.
+# disabled - No SELinux policy is loaded.
+SELINUX=${DEFAULT_ENFORCING}
+# SELINUXTYPE= can take one of these values:
+# standard - Standard Security protection.
+# mls - Multi Level Security protection.
+# targeted - Targeted processes are protected.
+# mcs - Multi Category Security protection.
+SELINUXTYPE=${POLICY_TYPE}
+" > ${WORKDIR}/config
+ install -d ${D}/${sysconfdir}/selinux
+ install -m 0644 ${WORKDIR}/config ${D}/${sysconfdir}/selinux/
+}
+
do_install () {
prepare_policy_store
rebuild_policy
install_misc_files
+ install_config
}
do_install_append(){
# While building policies on target, Makefile will be searched from
SELINUX_DEVEL_PATH
echo "SELINUX_DEVEL_PATH=${datadir}/selinux/${POLICY_NAME}/include" >
${D}${sysconfdir}/selinux/sepolgen.conf
}
+
+sysroot_stage_all_append () {
+ sysroot_stage_dir ${D}${sysconfdir} ${SYSROOT_DESTDIR}${sysconfdir}
+}
diff --git a/recipes-security/selinux/selinux-config_0.1.bb
b/recipes-security/selinux/selinux-config_0.1.bb
deleted file mode 100644
index e902e98..0000000
--- a/recipes-security/selinux/selinux-config_0.1.bb
+++ /dev/null
@@ -1,40 +0,0 @@
-DEFAULT_ENFORCING ??= "enforcing"
-
-SUMMARY = "SELinux configuration"
-DESCRIPTION = "\
-SELinux configuration files for Yocto. \
-"
-
-SECTION = "base"
-LICENSE = "MIT"
-LIC_FILES_CHKSUM =
"file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
-PR = "r4"
-
-S = "${WORKDIR}"
-
-CONFFILES_${PN} += "${sysconfdir}/selinux/config"
-
-PACKAGE_ARCH = "${MACHINE_ARCH}"
-
-do_install () {
- echo "\
-# This file controls the state of SELinux on the system.
-# SELINUX= can take one of these three values:
-# enforcing - SELinux security policy is enforced.
-# permissive - SELinux prints warnings instead of enforcing.
-# disabled - No SELinux policy is loaded.
-SELINUX=${DEFAULT_ENFORCING}
-# SELINUXTYPE= can take one of these values:
-# standard - Standard Security protection.
-# mls - Multi Level Security protection.
-# targeted - Targeted processes are protected.
-# mcs - Multi Category Security protection.
-SELINUXTYPE=${@d.getVar("PREFERRED_PROVIDER_virtual/refpolicy",
False)[len("refpolicy-"):]}
-" > ${WORKDIR}/config
- install -d ${D}/${sysconfdir}/selinux
- install -m 0644 ${WORKDIR}/config ${D}/${sysconfdir}/selinux/
-}
-
-sysroot_stage_all_append () {
- sysroot_stage_dir ${D}${sysconfdir} ${SYSROOT_DESTDIR}${sysconfdir}
-}
--
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
