jeans/motioneyeos
jeans/motioneyeos
1
0
Fork 0
mirror of https://github.com/motioneye-project/motioneyeos.git synced 2025-07-28 05:36:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

refpolicy: add ability to set default state.

Browse Source 
SELinux requires a config file in /etc/selinux which controls the state
of SELinux on the system.

This config file has two options set in it:
SELINUX which set's the state of selinux on boot.
SELINUXTYPE which should equal the name of the policy.  In this case, the
default name is targeted.

This patch adds:
- A choice menu on Config.in that allows the user to select a default
  SELinux state.

- A basic config file that will be installed to
  target/etc/selinux and will set SELINUX= to the selected state.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Acked-by: Matt Weber  <matthew.weber@rockwellcollins.com>
[Thomas:
 - rename option to BR2_PACKAGE_REFPOLICY_POLICY_STATE
 - qstrip the variable
 - drop unused REFPOLICY_NAME variable.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit is contained in:
Adam Duskett 2017-05-20 16:41:43 -04:00 committed by Thomas Petazzoni
parent d54aa0e861
commit 83875effcf
3 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
package/refpolicy/Config.in
View File

@ -40,4 +40,30 @@ config BR2_PACKAGE_REFPOLICY_POLICY_VERSION
string "Policy version" string "Policy version"
default "30" default "30"
choice
prompt "SELinux default state"
default BR2_PACKAGE_REFPOLICY_POLICY_STATE_PERMISSIVE
config BR2_PACKAGE_REFPOLICY_POLICY_STATE_ENFORCING
bool "Enforcing"
help
SELinux security policy is enforced
config BR2_PACKAGE_REFPOLICY_POLICY_STATE_PERMISSIVE
bool "Permissive"
help
SELinux prints warnings instead of enforcing
config BR2_PACKAGE_REFPOLICY_POLICY_STATE_DISABLED
bool "Disabled"
help
No SELinux policy is loaded
endchoice
config BR2_PACKAGE_REFPOLICY_POLICY_STATE
string
default "permissive" if BR2_PACKAGE_REFPOLICY_POLICY_STATE_PERMISSIVE
default "enforcing" if BR2_PACKAGE_REFPOLICY_POLICY_STATE_ENFORCING
default "disabled" if BR2_PACKAGE_REFPOLICY_POLICY_STATE_DISABLED
endif endif

8
package/refpolicy/config Normal file
View File

@ -0,0 +1,8 @@
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
SELINUXTYPE=targeted

6
package/refpolicy/refpolicy.mk
View File

@ -31,6 +31,8 @@ REFPOLICY_MAKE = \
REFPOLICY_POLICY_VERSION = \ REFPOLICY_POLICY_VERSION = \
$(call qstrip,$(BR2_PACKAGE_REFPOLICY_POLICY_VERSION)) $(call qstrip,$(BR2_PACKAGE_REFPOLICY_POLICY_VERSION))
REFPOLICY_POLICY_STATE = \
$(call qstrip,$(BR2_PACKAGE_REFPOLICY_POLICY_STATE))
define REFPOLICY_CONFIGURE_CMDS define REFPOLICY_CONFIGURE_CMDS
$(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = $(REFPOLICY_POLICY_VERSION)" \ $(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = $(REFPOLICY_POLICY_VERSION)" \
@ -50,6 +52,10 @@ endef
define REFPOLICY_INSTALL_TARGET_CMDS define REFPOLICY_INSTALL_TARGET_CMDS
$(REFPOLICY_MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) install $(REFPOLICY_MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) install
$(INSTALL) -m 0755 -D package/refpolicy/config \
$(TARGET_DIR)/etc/selinux/config
$(SED) "/^SELINUX=/c\SELINUX=$(REFPOLICY_POLICY_STATE)" \
$(TARGET_DIR)/etc/selinux/config
endef endef
$(eval $(generic-package)) $(eval $(generic-package))