[oe] meta-selinux

dpquigl dpquigl at tycho.nsa.gov
Wed Feb 11 17:00:29 UTC 2015 

On Wed, 2015-02-11 at 09:25 -0700, Christopher Larson wrote:
> On Wed, Feb 11, 2015 at 8:53 AM, dpquigl <dpquigl at tycho.nsa.gov> wrote:
> 
> > I'm working on OpenXT and it makes use of the meta-selinux repo hosted
> > by the yocto project. I'm trying to use it with a base openembedded core
> > and its not in sync with oe-core because its based on pokey. This made
> > me think of two questions. 1) Why is this not in OE core since so many
> > packages in core can potentially have SELinux support enabled and 2) if
> > its not supposed to be in core where should turning on SELinux support
> > in a recipe go? For example coreutils can have SELinux support enabled.
> > Currently this is in meta-selinux as a bbappend to the coreutils
> > package. This works out because its always going to be there. However
> > there is also a bbappend for an LXC recipe. LXC isn't in core which
> > means it has a dependency on a layer not in core.
> >
> 
> This is a bug in the layer. It's fairly trivial to construct a layer in
> such a way that you can have per-layer bbappends that are only applied when
> that layer exists. This is likely the approach meta-selinux should take to
> address this implicit dependency upon meta-virtualization.

Thanks for the suggestion. I figured there was a way to do this but I'm
new enough to OE and bitbake that it wasn't immediately obvious to me
how to accomplish this. I'll look into giving it a try.

> 
> That said, I think most folks would be open to PACKAGECONFIGs for selinux
> capability going into the main recipes, as that's not an invasive change,
> nor a patch, but just a tweak in configuration.

That is good to hear. I'm going through the repo now to figure out what
is really needed to get SELinux working and what is extra. We've been
having a discussion here about the need to support certain policy
configurations on embedded SELinux systems. I'm still new enough to all
of this that I imagine it will take me a while to figure out how and
what to add PACKAGECONFIG wise to fit meta-selinux into oe-core.

Dave

More information about the Openembedded-devel mailing list