Hi Thomas, On Sat, Jan 04, 2020 at 02:15:38PM +0100, Thomas Petazzoni wrote: > Hello, > > On Sat, 4 Jan 2020 15:06:38 +0200 > Daniel Golle <dan...@makrotopia.org> wrote: > > > > @@ -76,6 +76,9 @@ LDLIBS += $(call BUSYBOX_IF_ENABLED,PAM,pam pam_misc > > > pthread) > > > ifeq ($(CONFIG_USE_GLIBC),y) > > > LDLIBS += $(call BUSYBOX_IF_ENABLED,NSLOOKUP_OPENWRT,resolv) > > > endif > > > +ifeq ($(CONFIG_BUSYBOX_CONFIG_SELINUX),y) > > > + LDLIBS += selinux sepol > > > +endif > > > > also here, it would be better to have a build-variant of busybox with > > has selinux enabled instead of a buildroot compile option. > > Thanks for your feedback. Could you give some initial hints on what you > mean by "build-variant", or at least point at some existing examples ?
See package/utils/px5g/Makefile, in that case px5g is build two times, once with built-in crypto and once with libmbedtls linked. The result are two binary packages 'px5g'(-standalone) and 'px5g-mbedtls'. Doing the same for SELinux-enabled busybox and procd will potentially allow building SELinux-enabled images using the ImageBuilder (as opposed to building them entirely from source). And similar to how we do for seccomp-policies (see package/network/services/umdns/Makefile) we could ship SELinux policies with packages or as add-on packages like in other distributions (given we will add support for that in the build system as well as in opkg). Cheers Daniel > > Thanks a lot, > > Thomas > -- > Thomas Petazzoni, CTO, Bootlin > Embedded Linux and Kernel engineering > https://bootlin.com _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
