diff options
author | Mark Hatle <mark.hatle@windriver.com> | 2017-09-08 10:29:55 -0500 |
---|---|---|
committer | Mark Hatle <mark.hatle@windriver.com> | 2017-09-14 08:29:01 -0500 |
commit | 694b8d1f1a590083e4445d6941f24b412ec0f206 (patch) | |
tree | 3e8db887621892ddad7117bc293e5a8db34f821c | |
parent | 8bd72dfb5aafe68b82e10d204d3f824a3b5de7af (diff) | |
download | meta-selinux-694b8d1f1a590083e4445d6941f24b412ec0f206.tar.gz |
README: Update and remove references to distros, replace w/ DISTRO_FEATURES
Remove distros, instead of specifying an oe or poky example distribution,
we are moving to enabling the components using DISTRO_FEATURES. This will
make it easier for a user to enable selinux on a custom distribution, or on
a project specific basis.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
-rw-r--r-- | README | 61 | ||||
-rw-r--r-- | conf/distro/oe-selinux.conf | 5 | ||||
-rw-r--r-- | conf/distro/poky-selinux.conf | 4 |
3 files changed, 17 insertions, 53 deletions
@@ -1,10 +1,10 @@ | |||
1 | meta-selinux | 1 | meta-selinux |
2 | ============ | 2 | ============ |
3 | 3 | ||
4 | This layer's purpose is enabling SE Linux support when used with Poky. | 4 | This layer's purpose is enabling SE Linux support. |
5 | 5 | ||
6 | The majority of this layers work is accomplished in bbappend files, used to | 6 | The majority of this layers work is accomplished in bbappend files, used to |
7 | enable SE Linux support in existing Poky packages. | 7 | enable SE Linux support in existing recipes. |
8 | 8 | ||
9 | A new recipes-security was added. The purpose of this category is to add | 9 | A new recipes-security was added. The purpose of this category is to add |
10 | software specific to system security. | 10 | software specific to system security. |
@@ -12,27 +12,11 @@ software specific to system security. | |||
12 | Please see the MAINTAINERS file for information on contacting the maintainers | 12 | Please see the MAINTAINERS file for information on contacting the maintainers |
13 | of this layer, as well as instructions for submitting patches. | 13 | of this layer, as well as instructions for submitting patches. |
14 | 14 | ||
15 | status | ||
16 | ------ | ||
17 | Sep 17, 2013 - Updated to match oe-core/poky master for what will be the | ||
18 | 1.5 release | ||
19 | * Misc bug fixes | ||
20 | * Update distro config | ||
21 | * Uprev various packages | ||
22 | |||
23 | Jan 31, 2012 - Initial version of the layer available. Basic functionality: | ||
24 | * new recipes-security -- includes all SE Linux core components | ||
25 | * enable kernel configuration of SE Linux components | ||
26 | * enable a few basic recipes to be used as examples for others | ||
27 | |||
28 | 15 | ||
29 | Dependencies | 16 | Dependencies |
30 | ------------ | 17 | ------------ |
31 | 18 | ||
32 | This layer depends on the Poky metadata. For more information on Poky see | 19 | This layer depends on the openembedded-core metadata. |
33 | the Yocto Project website: | ||
34 | |||
35 | http://www.yoctoproject.org | ||
36 | 20 | ||
37 | This layer also optionally depends on the following layers: | 21 | This layer also optionally depends on the following layers: |
38 | 22 | ||
@@ -57,25 +41,22 @@ of this layer, as well as instructions for submitting patches. | |||
57 | Building the meta-selinux layer | 41 | Building the meta-selinux layer |
58 | ------------------------------- | 42 | ------------------------------- |
59 | In order to add selinux support to the poky build this layer should be added | 43 | In order to add selinux support to the poky build this layer should be added |
60 | to the bblayers.conf file. In addition you should modify your local.conf | 44 | to your projects bblayers.conf file. |
61 | to specify the "poky-selinux" distribution. | ||
62 | |||
63 | |||
64 | An "oe-selinux" distribution is also included as a convienence for people | ||
65 | working with this layer, without the additional Poky meta data. This | ||
66 | approach may work, but is not generally tested by the maintainers. | ||
67 | 45 | ||
68 | e.g. DISTRO="poky-selinux" | 46 | By default the selinux components are disabled. This conforms to the |
47 | Yocto Project compatible guideline that indicate that simply including a | ||
48 | layer should not change the system behavior. | ||
69 | 49 | ||
50 | In order to use the components in this layer you must add the 'selinux' to the | ||
51 | DISTRO_FEATURES. In addition to selinux, you should be sure that acl, xattr and | ||
52 | pam are also present. | ||
53 | e.g. DISTRO_FEATURES_append = " acl xattr pam selinux" | ||
70 | 54 | ||
71 | Using different versions of linux-yocto | 55 | You must also specify a preferred provider for the virtual/refpolicy. The |
72 | --------------------------------------- | 56 | included policies with this layer are simply reference policies and will need |
73 | To prepare selinux enabled images using different ver. of linux-yocto, | 57 | to be tailored for your environment. |
74 | we can choose supported versions of linux-yocto, | 58 | * Enable the refpolicy-mls: |
75 | currently supported: v3.14, v3.19, v4.1(by default). | 59 | e.g. PREFERRED_PROVIDER_virtual/refpolicy ?= "refpolicy-mls" |
76 | |||
77 | * enable the preferred linux-yocto to local.conf or oe-selinux.conf | ||
78 | e.g. PREFERRED_VERSION_linux-yocto_qemuarm = "3.19%" | ||
79 | 60 | ||
80 | 61 | ||
81 | Using different versions of refpolicy | 62 | Using different versions of refpolicy |
@@ -89,18 +70,10 @@ By default refpolicy from git builds head commit of master branch, we can update | |||
89 | SRCREV for refpolicy and refpolicy-contrib as appropriate at refpolicy_git.inc | 70 | SRCREV for refpolicy and refpolicy-contrib as appropriate at refpolicy_git.inc |
90 | to check refpolicy as per required commits. | 71 | to check refpolicy as per required commits. |
91 | 72 | ||
92 | * enable the preferred refpolicy-minimum to local.conf or oe-selinux.conf | 73 | * enable the preferred refpolicy-minimum: |
93 | e.g. PREFERRED_VERSION_refpolicy-minimum = "2.20151208" | 74 | e.g. PREFERRED_VERSION_refpolicy-minimum = "2.20151208" |
94 | 75 | ||
95 | 76 | ||
96 | Using perticular refpolicy policy type | ||
97 | -------------------------------------- | ||
98 | Provider "virtual/refpolicy" used to set perticular refpolicy type. | ||
99 | |||
100 | * enabled refpolicy-minimum from refpolicy types at config level | ||
101 | e.g. PREFERRED_PROVIDER_virtual/refpolicy ?= "refpolicy-minimum" | ||
102 | |||
103 | |||
104 | Using different init manager | 77 | Using different init manager |
105 | ---------------------------- | 78 | ---------------------------- |
106 | By default selinux enabled images coming up with "sysvinit" as init manager, | 79 | By default selinux enabled images coming up with "sysvinit" as init manager, |
diff --git a/conf/distro/oe-selinux.conf b/conf/distro/oe-selinux.conf deleted file mode 100644 index 0011d45..0000000 --- a/conf/distro/oe-selinux.conf +++ /dev/null | |||
@@ -1,5 +0,0 @@ | |||
1 | DISTRO = "oe-selinux" | ||
2 | DISTROOVERRIDES .= ":selinux" | ||
3 | |||
4 | DISTRO_FEATURES_append = " acl xattr pam selinux" | ||
5 | PREFERRED_PROVIDER_virtual/refpolicy ?= "refpolicy-mls" | ||
diff --git a/conf/distro/poky-selinux.conf b/conf/distro/poky-selinux.conf deleted file mode 100644 index fb5dc09..0000000 --- a/conf/distro/poky-selinux.conf +++ /dev/null | |||
@@ -1,4 +0,0 @@ | |||
1 | require conf/distro/poky.conf | ||
2 | require conf/distro/oe-selinux.conf | ||
3 | |||
4 | DISTRO = "poky-selinux" | ||