[oe] meta-selinux
Christopher Larson
clarson at kergoth.com
Wed Feb 11 16:25:05 UTC 2015
On Wed, Feb 11, 2015 at 8:53 AM, dpquigl <dpquigl at tycho.nsa.gov> wrote:
> I'm working on OpenXT and it makes use of the meta-selinux repo hosted
> by the yocto project. I'm trying to use it with a base openembedded core
> and its not in sync with oe-core because its based on pokey. This made
> me think of two questions. 1) Why is this not in OE core since so many
> packages in core can potentially have SELinux support enabled and 2) if
> its not supposed to be in core where should turning on SELinux support
> in a recipe go? For example coreutils can have SELinux support enabled.
> Currently this is in meta-selinux as a bbappend to the coreutils
> package. This works out because its always going to be there. However
> there is also a bbappend for an LXC recipe. LXC isn't in core which
> means it has a dependency on a layer not in core.
>
This is a bug in the layer. It's fairly trivial to construct a layer in
such a way that you can have per-layer bbappends that are only applied when
that layer exists. This is likely the approach meta-selinux should take to
address this implicit dependency upon meta-virtualization.
That said, I think most folks would be open to PACKAGECONFIGs for selinux
capability going into the main recipes, as that's not an invasive change,
nor a patch, but just a tweak in configuration.
--
Christopher Larson
clarson at kergoth dot com
Founder - BitBake, OpenEmbedded, OpenZaurus
Maintainer - Tslib
Senior Software Engineer, Mentor Graphics
More information about the Openembedded-devel
mailing list