[Buildroot] [PATCH] package/refpolicy: Treat all modules as custom
José Pekkarinen
jose.pekkarinen at unikie.com
Tue Sep 21 06:29:38 UTC 2021
On Mon, Sep 20, 2021 at 4:52 PM Antoine Tenart <atenart at kernel.org> wrote:
> Quoting José Pekkarinen (2021-09-20 15:39:13)
> > On Mon, Sep 20, 2021 at 4:21 PM Antoine Tenart <[1]atenart at kernel.org
> >
> > wrote:
> >
> > The logic is the following in Buildroot for extra modules:
> >
> > 1. The modules are rsynced in policy/modules/buildrood/.
> > 2. If not already there, a metadata.xml file is added.
> > 3. The refpolicy build system is used[2] to generate modules.conf
> using
> > all modules matching 'policy/modules/*/*.te'.
> > 4. All modules in modules.conf are disabled and then only the ones
> in
> > REFPOLICY_MODULES are enabled.
> >
> > It looks like more of a refpolicy/module issue than a Buildroot one:
> > steps 1 and 2 seem to work, but not step 3. If you retrieve the
> > refpolicy project outside of Builroot and mimic the above steps, are
> > your modules listed in modules.conf? If not that might be a good
> > starting point. I don't have a better idea for now...
> >
> > I did, and this is how modules.conf looks like when
> > it comes to the section of my module:
> > [...]
> > # Module: xscreensaver
> > #
> > # Modular screen saver and locker for X11.
> > #
> > xscreensaver = module
> >
> > # Layer: buildroot
> > # Module: secure
> > #
> > # Layer: kernel
> > # Module: storage
> > [...]
> >
> > Now, reading the INSTALL file, it says the following:
> > If you do not have a modules.conf, one can be generated:
> >
> > make conf
> >
> > This will create a default modules.conf.
> >
> > This default makes me think it implies you'd need to
> > activate your own modules if they are there, and why I believe
> > buildroot would require that extra logic. refpolicy project may
> > stand for letting users add their own, but not taking part on
> > it theirselves.
>
> Reproducing locally the modules were correctly listed and enabled.
> However looking at the modules.conf generated on your machine, your
> modules' documentation is included but the modules aren't enabled (as
> modules) by default. There might be some rules in the refpolicy build
> system that can explain such a difference.
>
> I think the issue comes down to understanding how modules are selected
> to be enabled by default (or not enabled), and why your modules are
> impacted. (Then there might be something to improve in Buildroot).
>
Can this be that I'm working with an out of date version of buildroot?
My project was started with 2021.02 and I observe the refpolicy dates from
August last year. I plan to start the works on fixing this, since it impacts
any sort of upstreaming.
Best regards.
José.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildroot.org/pipermail/buildroot/attachments/20210921/38c07eb7/attachment.html>
More information about the buildroot
mailing list