refpolicy has introduced a new build.conf option, SYSTEMD=y,
to enable rules specific to using systemd as the init system.
In particular, without setting this option, rules for direct
domain transitions from init_t to daemon domains are not included
in the policy. Define a POLICY_SYSTEMD variable in the refpolicy
common include file that can be set elsewhere to enable this support.
Signed-off-by: Stephen Smalley <s...@tycho.nsa.gov>
---
recipes-security/refpolicy/refpolicy_common.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/recipes-security/refpolicy/refpolicy_common.inc
b/recipes-security/refpolicy/refpolicy_common.inc
index 0b0b2fd..67d0426 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -35,6 +35,7 @@ POLICY_DISTRO ?= "redhat"
POLICY_UBAC ?= "n"
POLICY_UNK_PERMS ?= "allow"
POLICY_DIRECT_INITRC ?= "n"
+POLICY_SYSTEMD ?= "n"
POLICY_MONOLITHIC ?= "n"
POLICY_CUSTOM_BUILDOPT ?= ""
POLICY_QUIET ?= "y"
@@ -48,6 +49,7 @@ EXTRA_OEMAKE += "NAME=${POLICY_NAME} \
UBAC=${POLICY_UBAC} \
UNK_PERMS=${POLICY_UNK_PERMS} \
DIRECT_INITRC=${POLICY_DIRECT_INITRC} \
+ SYSTEMD=${POLICY_SYSTEMD} \
MONOLITHIC=${POLICY_MONOLITHIC} \
CUSTOM_BUILDOPT=${POLICY_CUSTOM_BUILDOPT} \
QUIET=${POLICY_QUIET} \
--
2.4.3
--
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
