[Buildroot] [PATCH] package/refpolicy: Add option to disable "dontaudit" rules

Antoine Tenart atenart at kernel.org
Wed Jan 27 10:34:35 UTC 2021


Quoting Thomas Petazzoni (2021-01-27 11:01:48)
> On Wed, 27 Jan 2021 10:56:27 +0100
> Maxime Chevallier <maxime.chevallier at bootlin.com> wrote:
> 
> >  define REFPOLICY_INSTALL_TARGET_CMDS
> > -     $(REFPOLICY_MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) install
> > +     $(REFPOLICY_MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) \
> > +             $(REFPOLICY_EXTRA_MAKE_INSTALL_TARGETS) install
> 
> That being said, I'm not clear between what the "policy" make target
> does (invoked in BUILD_CMDS) and what the "enableaudit" make target
> does.

The 'policy' target generates a policy.conf file (among other things)
and 'enableaudit' removes lines from this file. While 'enableaudit'
seems like a configuration step, it is in fact a fixup one.

Maybe a POST_BUILD_HOOK would be better for that?

On a side note, there is no dependency between 'enableaudit' and
'install'. The above change only works because REFPOLICY_MAKE uses
MAKE1. (We have the same construct in the configuration step).

Antoine



More information about the buildroot mailing list