[Buildroot] [PATCH 05/17] checkpolicy: new package
Arnout Vandecappelle
arnout at mind.be
Wed Sep 11 16:44:08 UTC 2013
On 09/09/13 19:33, Clayton Shotwell wrote:
> Thomas,
>
> Thomas Petazzoni <thomas.petazzoni at free-electrons.com> wrote on
> 09/06/2013 12:56:09 PM:
> > Is a target variant of this package really needed? In the context of
> > Buildroot and cross-compilation, I would expect the policy to be
> > written on the development machine, the compilation to happen on the
> > development machine, and only the resulting binary copied
> > to the target.
> >
> > We generally don't support "development" on the target,
> > and we expect
> > the system generated by Buildroot to be ready to use. I am
> > not familiar
> > with SELinux at all, but my understanding is that this
> > Buildroot policy
> > should translate into just the SELinux binary policy to be
> > installed on
> > the target, the compiler being kept on the host.
>
> Very good point and I agree completely. This package is used to compile
> the SELinux policy from source and that should only be done on the host.
> I will go ahead and remove the target build commands and Config.in file
> to keep this a host only utility.
Note: you'll probably want to add a Config.in.host for this package, so
people can select it in their config and use it in a post-build script.
In the long term, it is probably also a good idea to have a
system-level SELinux menu where you can specify some policy files to be
put on the target, and buildroot will compile and install them for you.
Regards,
Arnout
--
Arnout Vandecappelle arnout at mind be
Senior Embedded Software Architect +32-16-286500
Essensium/Mind http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint: 7CB5 E4CC 6C2E EFD4 6E3D A754 F963 ECAB 2450 2F1F
More information about the buildroot
mailing list