[Buildroot] [PATCH v3 00/16] SELinux Buildroot Additions

Thomas Petazzoni thomas.petazzoni at free-electrons.com
Tue Oct 1 19:51:20 UTC 2013


Dear Clayton Shotwell,

On Wed, 25 Sep 2013 14:32:35 -0500, Clayton Shotwell wrote:

> For this implementation, I have added a package hierarchy that will allow
> for both a debugging and a paired down release version.  The debugging
> version required Python support, and is therefore much larger while the
> release version does not.  To enable the release version, simply select
> the refpolicy package (BR2_PACKAGE_REFPOLICY) and it selects all of the 
> necessary packages to enable SELinux. For the debugging version, select
> the policycoreutils debugging configure option
> (BR2_PACKAGE_POLICYCOREUTILS_POLICY_DEBUGGING).  This will pull in Python
> and a bunch of other packages into the build to debug the SELinux policy 
> on target.  

I still don't quite understand when Python is needed exactly. For
example, in your PATCH 02/16 that adds the libselinux package, the
Python support is enabled as soon as the Python interpreter is enabled.

Is this libselinux Python stuff only needed to *debug* SELinux on the
target?

If so, then we clearly don't want to enable it as soon as Python is
enabled in the Buildroot configuration: an user can perfectly want a
Python interpreter to be installed on the target and to use SELinux,
but not to have the SELinux debugging stuff.

I'd really like to understand this point before moving on with those
packages.

Best regards,

Thomas
-- 
Thomas Petazzoni, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com


More information about the buildroot mailing list