From: Antoine Tenart Date: Fri, 31 Jul 2020 10:10:30 +0000 (+0200) Subject: package/refpolicy: allow packages to select SELinux modules X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=0228f521d637ec374546196e77db38361312f466;p=buildroot.git package/refpolicy: allow packages to select SELinux modules Add support for packages to enable SELinux modules already supported by the refpolicy, but not selected by default in its policy. With this commit, packages will be able to do something like: SYSTEMD_SELINUX_MODULES = systemd udev to enable additional SELinux modules. Signed-off-by: Antoine Tenart Signed-off-by: Thomas Petazzoni --- diff --git a/package/pkg-generic.mk b/package/pkg-generic.mk index 3a4c5d5970..7b6a08b016 100644 --- a/package/pkg-generic.mk +++ b/package/pkg-generic.mk @@ -1089,6 +1089,10 @@ TARGET_FINALIZE_HOOKS += $$($(2)_TARGET_FINALIZE_HOOKS) ROOTFS_PRE_CMD_HOOKS += $$($(2)_ROOTFS_PRE_CMD_HOOKS) KEEP_PYTHON_PY_FILES += $$($(2)_KEEP_PY_FILES) +ifneq ($$($(2)_SELINUX_MODULES),) +PACKAGES_SELINUX_MODULES += $$($(2)_SELINUX_MODULES) +endif + ifeq ($$($(2)_SITE_METHOD),svn) DL_TOOLS_DEPENDENCIES += svn else ifeq ($$($(2)_SITE_METHOD),git) diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk index 0ce83d2cbd..c29912a53b 100644 --- a/package/refpolicy/refpolicy.mk +++ b/package/refpolicy/refpolicy.mk @@ -45,13 +45,14 @@ REFPOLICY_MODULES = \ sysadm \ sysnetwork \ unconfined \ - userdomain + userdomain \ + $(PACKAGES_SELINUX_MODULES) # In the context of a monolithic policy enabling a piece of the policy as # 'base' or 'module' is equivalent, so we enable them as 'base'. define REFPOLICY_CONFIGURE_MODULES $(SED) "s/ = module/ = no/g" $(@D)/policy/modules.conf - $(foreach m,$(REFPOLICY_MODULES), + $(foreach m,$(sort $(REFPOLICY_MODULES)), $(SED) "/^$(m) =/c\$(m) = base" $(@D)/policy/modules.conf ) endef