[Buildroot] [PATCH] package/refpolicy: Treat all modules as custom

Antoine Tenart atenart at kernel.org
Fri Sep 17 17:22:37 UTC 2021


Hello José,

Quoting José Pekkarinen (2021-08-30 13:45:31)
> The current processing of the modules doesn't work for
> custom made policies appended through the extra dir mechanism,
> since sed won't find a match for custom modules, it will
> continue without triggering and error. This patch removes
> all the modules from modules.conf and add them one by
> one using REFPOLICY_MODULES values.

I'm failing to see what particular setup the change below would fix.

Could you elaborate on the above? Maybe including configuration
snippets and example of such a module (with the file tree, starting from
REFPOLICY_EXTRA_MODULES_DIRS).

Thanks!
Antoine

> diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
> index 0194708b37..1c0a2c3385 100644
> --- a/package/refpolicy/refpolicy.mk
> +++ b/package/refpolicy/refpolicy.mk
> @@ -85,9 +85,9 @@ endef
>  # In the context of a monolithic policy enabling a piece of the policy as
>  # 'base' or 'module' is equivalent, so we enable them as 'base'.
>  define REFPOLICY_CONFIGURE_MODULES
> -       $(SED) "s/ = module/ = no/g" $(@D)/policy/modules.conf
> +       $(SED) "/ = module/d" $(@D)/policy/modules.conf
>         $(foreach m,$(sort $(REFPOLICY_MODULES)),
> -               $(SED) "/^$(m) =/c\$(m) = base" $(@D)/policy/modules.conf
> +               $(SED) "/^# Module: $(m)/a\$(m) = base" $(@D)/policy/modules.conf
>         )
>  endef
>  
> -- 
> 2.25.1
> 
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot


More information about the buildroot mailing list