[Buildroot] [PATCH] package/refpolicy: Treat all modules as custom

José Pekkarinen jose.pekkarinen at unikie.com
Tue Sep 21 06:29:38 UTC 2021


On Mon, Sep 20, 2021 at 4:52 PM Antoine Tenart <atenart at kernel.org> wrote:

> Quoting José Pekkarinen (2021-09-20 15:39:13)
> >    On Mon, Sep 20, 2021 at 4:21 PM Antoine Tenart <[1]atenart at kernel.org
> >
> >    wrote:
> >
> >      The logic is the following in Buildroot for extra modules:
> >
> >      1. The modules are rsynced in policy/modules/buildrood/.
> >      2. If not already there, a metadata.xml file is added.
> >      3. The refpolicy build system is used[2] to generate modules.conf
> using
> >         all modules matching 'policy/modules/*/*.te'.
> >      4. All modules in modules.conf are disabled and then only the ones
> in
> >         REFPOLICY_MODULES are enabled.
> >
> >      It looks like more of a refpolicy/module issue than a Buildroot one:
> >      steps 1 and 2 seem to work, but not step 3. If you retrieve the
> >      refpolicy project outside of Builroot and mimic the above steps, are
> >      your modules listed in modules.conf? If not that might be a good
> >      starting point. I don't have a better idea for now...
> >
> >    I did, and this is how modules.conf looks like when
> >    it comes to the section of my module:
> >    [...]
> >    # Module: xscreensaver
> >    #
> >    # Modular screen saver and locker for X11.
> >    #
> >    xscreensaver = module
> >
> >    # Layer: buildroot
> >    # Module: secure
> >    #
> >    # Layer: kernel
> >    # Module: storage
> >    [...]
> >
> >    Now, reading the INSTALL file, it says the following:
> >    If you do not have a modules.conf, one can be generated:
> >
> >       make conf
> >
> >    This will create a default modules.conf.
> >
> >    This default makes me think it implies you'd need to
> >    activate your own modules if they are there, and why I believe
> >    buildroot would require that extra logic. refpolicy project may
> >    stand for letting users add their own, but not taking part on
> >    it theirselves.
>
> Reproducing locally the modules were correctly listed and enabled.
> However looking at the modules.conf generated on your machine, your
> modules' documentation is included but the modules aren't enabled (as
> modules) by default. There might be some rules in the refpolicy build
> system that can explain such a difference.
>
> I think the issue comes down to understanding how modules are selected
> to be enabled by default (or not enabled), and why your modules are
> impacted. (Then there might be something to improve in Buildroot).
>

Can this be that I'm working with an out of date version of buildroot?

My project was started with 2021.02 and I observe the refpolicy dates from
August last year. I plan to start the works on fixing this, since it impacts
any sort of upstreaming.

Best regards.


José.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildroot.org/pipermail/buildroot/attachments/20210921/38c07eb7/attachment.html>


More information about the buildroot mailing list