[RE: [yocto] [meta-selinux][PATCH] systemd: no need to inherit enable-selinux] On 17.05.08 (Mon 01:40) Huang, Jie (Jackie) wrote:
> > > > -----Original Message----- > > From: Joe MacDonald [mailto:joe_macdon...@mentor.com] > > Sent: Tuesday, May 02, 2017 21:14 > > To: Huang, Jie (Jackie) > > Cc: yocto@yoctoproject.org > > Subject: Re: [yocto] [meta-selinux][PATCH] systemd: no need to inherit > > enable- > > selinux > > > > [[yocto] [meta-selinux][PATCH] systemd: no need to inherit enable-selinux] > > On > > 17.02.22 (Wed 14:44) jackie.hu...@windriver.com wrote: > > > > > From: Jackie Huang <jackie.hu...@windriver.com> > > > > > > The selinux PACKAGECONFIG is properly handled in > > > the recipe in oe-core, no need to inherit the > > > enable-selinux bbclass. > > > > That might be true, but other than belt-and-suspenders, what's the > > harm in this being in the recipe? I don't necessarily think it's an > > invalid change but my quick count shows ~44 instances of 'inherit > > enable-selinux' and 'inherit with-selinux' in meta-selinux, why's this > > one significant? > > That's because I have a patch to change the PACKAGECONFIG for selinux > in oe-core to fix a dependency issue: > > -PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux" > +PACKAGECONFIG[selinux] = > "--enable-selinux,--disable-selinux,libselinux,initscripts-sushell" > > But it would be overrode by the one in enable-selinux.bbclass: > $ grep PACKAGECONFIG enable-selinux.bbclass > PACKAGECONFIG_append = " ${@target_selinux(d)}" > PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux," > > So I need to remove the inherit here in meta-selinux. Sorry, this fell between the cracks. So, let me make sure I understand what you're saying. This oe-core commit: commit 1881c5e0c426a193630e5eed5b629b69ff3741d5 Author: Kai Kang <kai.k...@windriver.com> Date: Wed Jul 8 14:26:01 2015 +0800 systemd: add PACKAGECONFIG selinux Add PACKAGECONFIG 'selinux' for systemd. debug-shell.service starts different shell according whether selinux is enabled. (From OE-Core rev: 3d1aa27191fe4c21428eaf4ae036acb1496b7df7) Signed-off-by: Kai Kang <kai.k...@windriver.com> Signed-off-by: Richard Purdie <richard.pur...@linuxfoundation.org> conflicts with the --enable/--disable settings in meta-selinux and you want to remove the setting in meta-selinux? Again, I don't specifically object to this, but I'd like to understand the why of it. Is there a valid scenario to include meta-selinux in your project but have selinux disabled? If so, I would think the settings in meta-selinux should still take precedence. Otherwise, I'm confused why the other 40-ish cases aren't also covered. I haven't investigated, but are all the others in non-oe-core layers, maybe? Thanks, -J. > > Thanks, > Jackie > > > > > -J. > > > > > > > > Signed-off-by: Jackie Huang <jackie.hu...@windriver.com> > > > --- > > > recipes-core/systemd/systemd_%.bbappend | 1 - > > > 1 file changed, 1 deletion(-) > > > > > > diff --git a/recipes-core/systemd/systemd_%.bbappend b/recipes- > > core/systemd/systemd_%.bbappend > > > index 8d9029b..f1bdaf8 100644 > > > --- a/recipes-core/systemd/systemd_%.bbappend > > > +++ b/recipes-core/systemd/systemd_%.bbappend > > > @@ -1,2 +1 @@ > > > inherit enable-audit > > > -inherit enable-selinux > > > -- > > > 2.8.3 > > > > > -- > > -Joe MacDonald. > > :wq -- -Joe MacDonald. :wq
signature.asc
Description: Digital signature
-- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
