README: Update and remove references to distros, replace w/ DISTRO_FEATURES

Remove distros, instead of specifying an oe or poky example distribution, we are moving to enabling the components using DISTRO_FEATURES. This will make it easier for a user to enable selinux on a custom distribution, or on a project specific basis. Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
author: Mark Hatle <mark.hatle@windriver.com> 2017-09-08 10:29:55 -0500
committer: Mark Hatle <mark.hatle@windriver.com> 2017-09-14 08:29:01 -0500
commit: 694b8d1f1a590083e4445d6941f24b412ec0f206 (patch)
tree: 3e8db887621892ddad7117bc293e5a8db34f821c
parent: 8bd72dfb5aafe68b82e10d204d3f824a3b5de7af (diff)
download: meta-selinux-694b8d1f1a590083e4445d6941f24b412ec0f206.tar.gz
3 files changed, 17 insertions, 53 deletions
diff --git a/README b/README
index dabaa41..f4fadce 100644
--- a/README
+++ b/README
@@ -1,10 +1,10 @@
 meta-selinux
 ============
-This layer's purpose is enabling SE Linux support when used with Poky.
+This layer's purpose is enabling SE Linux support.
 The majority of this layers work is accomplished in bbappend files, used to
-enable SE Linux support in existing Poky packages.
+enable SE Linux support in existing recipes.
 A new recipes-security was added.  The purpose of this category is to add
 software specific to system security.
@@ -12,27 +12,11 @@ software specific to system security.
 Please see the MAINTAINERS file for information on contacting the maintainers
 of this layer, as well as instructions for submitting patches.
-status
------
-Sep 17, 2013 - Updated to match oe-core/poky master for what will be the
-        1.5 release
-  * Misc bug fixes
-  * Update distro config
-  * Uprev various packages
-Jan 31, 2012 - Initial version of the layer available.  Basic functionality:
-  * new recipes-security -- includes all SE Linux core components
-  * enable kernel configuration of SE Linux components
-  * enable a few basic recipes to be used as examples for others
 Dependencies
 ------------
-This layer depends on the Poky metadata.  For more information on Poky see
+This layer depends on the openembedded-core metadata.
-the Yocto Project website:
-http://www.yoctoproject.org
 This layer also optionally depends on the following layers:
@@ -57,25 +41,22 @@ of this layer, as well as instructions for submitting patches.
 Building the meta-selinux layer
 -------------------------------
 In order to add selinux support to the poky build this layer should be added
-to the bblayers.conf file.  In addition you should modify your local.conf
+to your projects bblayers.conf file.
-to specify the "poky-selinux" distribution.
-An "oe-selinux" distribution is also included as a convienence for people
-working with this layer, without the additional Poky meta data.  This
-approach may work, but is not generally tested by the maintainers.
-e.g. DISTRO="poky-selinux"
+By default the selinux components are disabled.  This conforms to the
+Yocto Project compatible guideline that indicate that simply including a
+layer should not change the system behavior.
+In order to use the components in this layer you must add the 'selinux' to the
+DISTRO_FEATURES.  In addition to selinux, you should be sure that acl, xattr and
+pam are also present.
+e.g. DISTRO_FEATURES_append = " acl xattr pam selinux"
-Using different versions of linux-yocto
+You must also specify a preferred provider for the virtual/refpolicy.  The
---------------------------------------
+included policies with this layer are simply reference policies and will need
-To prepare selinux enabled images using different ver. of linux-yocto,
+to be tailored for your environment.  
-we can choose supported versions of linux-yocto,
+* Enable the refpolicy-mls:
-currently supported: v3.14, v3.19, v4.1(by default).
+e.g. PREFERRED_PROVIDER_virtual/refpolicy ?= "refpolicy-mls"
-* enable the preferred linux-yocto to local.conf or oe-selinux.conf
-e.g. PREFERRED_VERSION_linux-yocto_qemuarm = "3.19%"
 Using different versions of refpolicy
@@ -89,18 +70,10 @@ By default refpolicy from git builds head commit of master branch, we can update
 SRCREV for refpolicy and refpolicy-contrib as appropriate at refpolicy_git.inc
 to check refpolicy as per required commits.
-* enable the preferred refpolicy-minimum to local.conf or oe-selinux.conf
+* enable the preferred refpolicy-minimum:
 e.g. PREFERRED_VERSION_refpolicy-minimum = "2.20151208"
-Using perticular refpolicy policy type
--------------------------------------
-Provider "virtual/refpolicy" used to set perticular refpolicy type.
-* enabled refpolicy-minimum from refpolicy types at config level
-e.g. PREFERRED_PROVIDER_virtual/refpolicy ?= "refpolicy-minimum"
 Using different init manager
 ----------------------------
 By default selinux enabled images coming up with "sysvinit" as init manager,
diff --git a/conf/distro/oe-selinux.conf b/conf/distro/oe-selinux.conf
deleted file mode 100644
index 0011d45..0000000
--- a/conf/distro/oe-selinux.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-DISTRO = "oe-selinux"
-DISTROOVERRIDES .= ":selinux"
-DISTRO_FEATURES_append = " acl xattr pam selinux"
-PREFERRED_PROVIDER_virtual/refpolicy ?= "refpolicy-mls"
diff --git a/conf/distro/poky-selinux.conf b/conf/distro/poky-selinux.conf
deleted file mode 100644
index fb5dc09..0000000
--- a/conf/distro/poky-selinux.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-require conf/distro/poky.conf
-require conf/distro/oe-selinux.conf
-DISTRO = "poky-selinux"
author	Mark Hatle <mark.hatle@windriver.com>	2017-09-08 10:29:55 -0500
committer	Mark Hatle <mark.hatle@windriver.com>	2017-09-14 08:29:01 -0500
commit	694b8d1f1a590083e4445d6941f24b412ec0f206 (patch)
tree	3e8db887621892ddad7117bc293e5a8db34f821c
parent	8bd72dfb5aafe68b82e10d204d3f824a3b5de7af (diff)
download	meta-selinux-694b8d1f1a590083e4445d6941f24b412ec0f206.tar.gz

diff --git a/README b/README index dabaa41..f4fadce 100644 --- a/README +++ b/README
@@ -1,10 +1,10 @@
1	meta-selinux	1	meta-selinux
2	============	2	============
3		3
4	This layer's purpose is enabling SE Linux support when used with Poky.	4	This layer's purpose is enabling SE Linux support.
5		5
6	The majority of this layers work is accomplished in bbappend files, used to	6	The majority of this layers work is accomplished in bbappend files, used to
7	enable SE Linux support in existing Poky packages.	7	enable SE Linux support in existing recipes.
8		8
9	A new recipes-security was added. The purpose of this category is to add	9	A new recipes-security was added. The purpose of this category is to add
10	software specific to system security.	10	software specific to system security.
@@ -12,27 +12,11 @@ software specific to system security.
12	Please see the MAINTAINERS file for information on contacting the maintainers	12	Please see the MAINTAINERS file for information on contacting the maintainers
13	of this layer, as well as instructions for submitting patches.	13	of this layer, as well as instructions for submitting patches.
14		14
15	status
16	------
17	Sep 17, 2013 - Updated to match oe-core/poky master for what will be the
18	1.5 release
19	* Misc bug fixes
20	* Update distro config
21	* Uprev various packages
22
23	Jan 31, 2012 - Initial version of the layer available. Basic functionality:
24	* new recipes-security -- includes all SE Linux core components
25	* enable kernel configuration of SE Linux components
26	* enable a few basic recipes to be used as examples for others
27
28		15
29	Dependencies	16	Dependencies
30	------------	17	------------
31		18
32	This layer depends on the Poky metadata. For more information on Poky see	19	This layer depends on the openembedded-core metadata.
33	the Yocto Project website:
34
35	http://www.yoctoproject.org
36		20
37	This layer also optionally depends on the following layers:	21	This layer also optionally depends on the following layers:
38		22
@@ -57,25 +41,22 @@ of this layer, as well as instructions for submitting patches.
57	Building the meta-selinux layer	41	Building the meta-selinux layer
58	-------------------------------	42	-------------------------------
59	In order to add selinux support to the poky build this layer should be added	43	In order to add selinux support to the poky build this layer should be added
60	to the bblayers.conf file. In addition you should modify your local.conf	44	to your projects bblayers.conf file.
61	to specify the "poky-selinux" distribution.
62
63
64	An "oe-selinux" distribution is also included as a convienence for people
65	working with this layer, without the additional Poky meta data. This
66	approach may work, but is not generally tested by the maintainers.
67		45
68	e.g. DISTRO="poky-selinux"	46	By default the selinux components are disabled. This conforms to the
		47	Yocto Project compatible guideline that indicate that simply including a
		48	layer should not change the system behavior.
69		49
		50	In order to use the components in this layer you must add the 'selinux' to the
		51	DISTRO_FEATURES. In addition to selinux, you should be sure that acl, xattr and
		52	pam are also present.
		53	e.g. DISTRO_FEATURES_append = " acl xattr pam selinux"
70		54
71	Using different versions of linux-yocto	55	You must also specify a preferred provider for the virtual/refpolicy. The
72	---------------------------------------	56	included policies with this layer are simply reference policies and will need
73	To prepare selinux enabled images using different ver. of linux-yocto,	57	to be tailored for your environment.
74	we can choose supported versions of linux-yocto,	58	* Enable the refpolicy-mls:
75	currently supported: v3.14, v3.19, v4.1(by default).	59	e.g. PREFERRED_PROVIDER_virtual/refpolicy ?= "refpolicy-mls"
76
77	* enable the preferred linux-yocto to local.conf or oe-selinux.conf
78	e.g. PREFERRED_VERSION_linux-yocto_qemuarm = "3.19%"
79		60
80		61
81	Using different versions of refpolicy	62	Using different versions of refpolicy
@@ -89,18 +70,10 @@ By default refpolicy from git builds head commit of master branch, we can update
89	SRCREV for refpolicy and refpolicy-contrib as appropriate at refpolicy_git.inc	70	SRCREV for refpolicy and refpolicy-contrib as appropriate at refpolicy_git.inc
90	to check refpolicy as per required commits.	71	to check refpolicy as per required commits.
91		72
92	* enable the preferred refpolicy-minimum to local.conf or oe-selinux.conf	73	* enable the preferred refpolicy-minimum:
93	e.g. PREFERRED_VERSION_refpolicy-minimum = "2.20151208"	74	e.g. PREFERRED_VERSION_refpolicy-minimum = "2.20151208"
94		75
95		76
96	Using perticular refpolicy policy type
97	--------------------------------------
98	Provider "virtual/refpolicy" used to set perticular refpolicy type.
99
100	* enabled refpolicy-minimum from refpolicy types at config level
101	e.g. PREFERRED_PROVIDER_virtual/refpolicy ?= "refpolicy-minimum"
102
103
104	Using different init manager	77	Using different init manager
105	----------------------------	78	----------------------------
106	By default selinux enabled images coming up with "sysvinit" as init manager,	79	By default selinux enabled images coming up with "sysvinit" as init manager,


diff --git a/conf/distro/oe-selinux.conf b/conf/distro/oe-selinux.conf deleted file mode 100644 index 0011d45..0000000 --- a/conf/distro/oe-selinux.conf +++ /dev/null
@@ -1,5 +0,0 @@
1	DISTRO = "oe-selinux"
2	DISTROOVERRIDES .= ":selinux"
3
4	DISTRO_FEATURES_append = " acl xattr pam selinux"
5	PREFERRED_PROVIDER_virtual/refpolicy ?= "refpolicy-mls"


diff --git a/conf/distro/poky-selinux.conf b/conf/distro/poky-selinux.conf deleted file mode 100644 index fb5dc09..0000000 --- a/conf/distro/poky-selinux.conf +++ /dev/null
@@ -1,4 +0,0 @@
1	require conf/distro/poky.conf
2	require conf/distro/oe-selinux.conf
3
4	DISTRO = "poky-selinux"