[Buildroot] [PATCH 4/4] package/selinux-python: always build sepolgen
Arnout Vandecappelle (Essensium/Mind)
arnout at mind.be
Wed Oct 9 22:06:41 UTC 2019
The selinux-python package has two suboptions, audit2allow and sepolgen.
If neither of them is selected, nothing gets installed, which is not so
nice. Since audit2allow selects sepolgen, sepolgen will always be
installed if anything is installed. Therefore, it makes no sense to have
a separate option for sepolgen.
Remove the BR2_PACKAGE_SELINUX_PYTHON_SEPOLGEN and always install
sepolgen. With this, it's more logical to move the unconditional
addition of sepolgen to SELINUX_PYTHON_MAKE_DIRS before audit2allow.
Remove selecting BR2_PACKAGE_SELINUX_PYTHON_SEPOLGEN from the legacy
handling of BR2_PACKAGE_SEPOLGEN. It already selects
BR2_PACKAGE_SELINUX_PYTHON, so sepolgen is implied.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout at mind.be>
---
Config.in.legacy | 1 -
package/selinux-python/Config.in | 14 ++++----------
package/selinux-python/selinux-python.mk | 6 ++----
3 files changed, 6 insertions(+), 15 deletions(-)
diff --git a/Config.in.legacy b/Config.in.legacy
index 4a670f0f0e..feb0a7d819 100644
--- a/Config.in.legacy
+++ b/Config.in.legacy
@@ -1693,7 +1693,6 @@ config BR2_PACKAGE_SEPOLGEN
bool "sepolgen package has been removed"
select BR2_LEGACY
select BR2_PACKAGE_SELINUX_PYTHON
- select BR2_PACKAGE_SELINUX_PYTHON_SEPOLGEN
help
Sepolgen is no longer a individual package, but instead has
been moved into the selinux-python package by the SELinux
diff --git a/package/selinux-python/Config.in b/package/selinux-python/Config.in
index 144dc131e1..0ab4ec848d 100644
--- a/package/selinux-python/Config.in
+++ b/package/selinux-python/Config.in
@@ -7,8 +7,10 @@ config BR2_PACKAGE_SELINUX_PYTHON
select BR2_PACKAGE_PYTHON3 if !BR2_PACKAGE_PYTHON
help
A set of SELinux tools written in python that help with
- managing a system with SELinux enabled. If no packages are
- selected nothing will actually be built.
+ managing a system with SELinux enabled.
+
+ The sepolgen program is always installed. It allows to
+ generate an initial SELinux policy module template.
https://github.com/SELinuxProject/selinux/wiki
@@ -18,7 +20,6 @@ config BR2_PACKAGE_SELINUX_PYTHON_AUDIT2ALLOW
bool "audit2allow"
depends on !BR2_arc # checkpolicy
select BR2_PACKAGE_CHECKPOLICY
- select BR2_PACKAGE_SELINUX_PYTHON_SEPOLGEN
select BR2_PACKAGE_SEMODULE_UTILS
help
This module installs two programs:
@@ -29,13 +30,6 @@ config BR2_PACKAGE_SELINUX_PYTHON_AUDIT2ALLOW
audit2why - translates SELinux audit messages into a
description of why the access was denied (audit2allow -w)
-config BR2_PACKAGE_SELINUX_PYTHON_SEPOLGEN
- bool "sepolgen"
- select BR2_PACKAGE_SEMODULE_UTILS
- help
- This package contains a Python module that allows you to
- generate an initial SELinux policy module template.
-
endif
comment "selinux-python packages needs a toolchain w/ wchar, threads, dynamic library"
diff --git a/package/selinux-python/selinux-python.mk b/package/selinux-python/selinux-python.mk
index 978bee7c88..ebd91d5ab3 100644
--- a/package/selinux-python/selinux-python.mk
+++ b/package/selinux-python/selinux-python.mk
@@ -24,15 +24,13 @@ SELINUX_PYTHON_MAKE_OPTS += \
PYTHONLIBDIR="usr/lib/python$(PYTHON_VERSION_MAJOR)"
endif
+SELINUX_PYTHON_MAKE_DIRS = sepolgen/src/sepolgen
+
ifeq ($(BR2_PACKAGE_SELINUX_PYTHON_AUDIT2ALLOW),y)
SELINUX_PYTHON_DEPENDENCIES += checkpolicy
SELINUX_PYTHON_MAKE_DIRS += audit2allow
endif
-ifeq ($(BR2_PACKAGE_SELINUX_PYTHON_SEPOLGEN),y)
-SELINUX_PYTHON_MAKE_DIRS += sepolgen/src/sepolgen
-endif
-
define SELINUX_PYTHON_BUILD_CMDS
$(foreach d,$(SELINUX_PYTHON_MAKE_DIRS),
$(MAKE) -C $(@D)/$(d) $(SELINUX_PYTHON_MAKE_OPTS) \
--
2.21.0
More information about the buildroot
mailing list