[Buildroot] [PATCH] package/refpolicy: Add option to disable "dontaudit" rules
Maxime Chevallier
maxime.chevallier at bootlin.com
Wed Jan 27 14:40:27 UTC 2021
Hi Antoine, Thomas,
Thanks for the reviews !
On Wed, 27 Jan 2021 11:34:35 +0100
Antoine Tenart <atenart at kernel.org> wrote:
>Quoting Thomas Petazzoni (2021-01-27 11:01:48)
>> On Wed, 27 Jan 2021 10:56:27 +0100
>> Maxime Chevallier <maxime.chevallier at bootlin.com> wrote:
>>
>> > define REFPOLICY_INSTALL_TARGET_CMDS
>> > - $(REFPOLICY_MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) install
>> > + $(REFPOLICY_MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) \
>> > + $(REFPOLICY_EXTRA_MAKE_INSTALL_TARGETS) install
>>
>> That being said, I'm not clear between what the "policy" make target
>> does (invoked in BUILD_CMDS) and what the "enableaudit" make target
>> does.
>
>The 'policy' target generates a policy.conf file (among other things)
>and 'enableaudit' removes lines from this file. While 'enableaudit'
>seems like a configuration step, it is in fact a fixup one.
>
>Maybe a POST_BUILD_HOOK would be better for that?
You're correct, it seems to be a better way to go, I'll send a v2 with
that solution :)
Thanks,
Maxime
>On a side note, there is no dependency between 'enableaudit' and
>'install'. The above change only works because REFPOLICY_MAKE uses
>MAKE1. (We have the same construct in the configuration step).
>
>Antoine
--
Maxime Chevallier, Bootlin
Embedded Linux and kernel engineering
https://bootlin.com
More information about the buildroot
mailing list