diff options
| author | Shrikant Bobade <shrikant_bobade@mentor.com> | 2015-07-30 19:07:23 +0530 |
|---|---|---|
| committer | Joe MacDonald <joe_macdonald@mentor.com> | 2015-08-07 16:48:19 -0400 |
| commit | e59f3b7d04bea0a8897a6458f5f5427a364d3388 (patch) | |
| tree | d4fdedceb24208622fd296f5499a03dc471f96dc | |
| parent | 46b344baa3e20ff2ea433691315e163a9a119e04 (diff) | |
| download | meta-selinux-e59f3b7d04bea0a8897a6458f5f5427a364d3388.tar.gz | |
refpolicy-minimum: update base refpolicy 20141203
A simple forward-port of refpolicy-minimum to use the 20141203
base refpolicy.
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
| -rw-r--r-- | recipes-security/refpolicy/refpolicy-minimum_2.20141203.bb | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy-minimum_2.20141203.bb b/recipes-security/refpolicy/refpolicy-minimum_2.20141203.bb new file mode 100644 index 0000000..b275821 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy-minimum_2.20141203.bb | |||
| @@ -0,0 +1,48 @@ | |||
| 1 | include refpolicy-targeted_${PV}.bb | ||
| 2 | |||
| 3 | SUMMARY = "SELinux minimum policy" | ||
| 4 | DESCRIPTION = "\ | ||
| 5 | This is a minimum reference policy with just core policy modules, and \ | ||
| 6 | could be used as a base for customizing targeted policy. \ | ||
| 7 | Pretty much everything runs as initrc_t or unconfined_t so all of the \ | ||
| 8 | domains are unconfined. \ | ||
| 9 | " | ||
| 10 | |||
| 11 | POLICY_NAME = "minimum" | ||
| 12 | |||
| 13 | FILESEXTRAPATHS_prepend := "${THISDIR}/files:${THISDIR}/refpolicy-${PV}:${THISDIR}/refpolicy-targeted:" | ||
| 14 | |||
| 15 | CORE_POLICY_MODULES = "unconfined \ | ||
| 16 | selinuxutil storage sysnetwork \ | ||
| 17 | application libraries miscfiles logging userdomain \ | ||
| 18 | init mount modutils getty authlogin locallogin \ | ||
| 19 | " | ||
| 20 | |||
| 21 | # nscd caches libc-issued requests to the name service. | ||
| 22 | # Without nscd.pp, commands want to use these caches will be blocked. | ||
| 23 | EXTRA_POLICY_MODULES += "nscd" | ||
| 24 | |||
| 25 | # pam_mail module enables checking and display of mailbox status upon | ||
| 26 | # "login", so "login" process will access to /var/spool/mail. | ||
| 27 | EXTRA_POLICY_MODULES += "mta" | ||
| 28 | |||
| 29 | POLICY_MODULES_MIN = "${CORE_POLICY_MODULES} ${EXTRA_POLICY_MODULES}" | ||
| 30 | |||
| 31 | # re-write the same func from refpolicy_common.inc | ||
| 32 | prepare_policy_store () { | ||
| 33 | oe_runmake 'DESTDIR=${D}' 'prefix=${D}${prefix}' install | ||
| 34 | |||
| 35 | # Prepare to create policy store | ||
| 36 | mkdir -p ${D}${sysconfdir}/selinux/ | ||
| 37 | mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/policy | ||
| 38 | mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules | ||
| 39 | mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files | ||
| 40 | touch ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/file_contexts.local | ||
| 41 | for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do | ||
| 42 | bzip2 -f $i && mv -f $i.bz2 $i | ||
| 43 | done | ||
| 44 | cp base.pp ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp | ||
| 45 | for i in ${POLICY_MODULES_MIN}; do | ||
| 46 | cp ${i}.pp ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i.pp` | ||
| 47 | done | ||
| 48 | } | ||