[Buildroot] [PATCH] package/refpolicy: Treat all modules as custom

José Pekkarinen jose.pekkarinen at unikie.com
Wed Sep 22 14:00:19 UTC 2021


On Tue, Sep 21, 2021 at 4:42 PM Antoine Tenart <atenart at kernel.org> wrote:

> Quoting José Pekkarinen (2021-09-21 15:32:32)
> > On Tue, Sep 21, 2021 at 10:12 AM Antoine Tenart <[1]atenart at kernel.org>
> > wrote:
> >
> > I tested today to build the system with buildroot 2021.05.2(without
> > the patch) and it reproduces exactly the same behaviour,
> > policy/modules.conf doesn't receive the line to activate the secure
> > module, and if I search in policy.conf or policy.32 through sesearch I
> > find no sign of the policies defined in the module.  I'll attempt the
> > upgrade to 2021.08, but that will require a bit more time.
>
> Alternatively you can just test with newer refpolicy versions, outside
> of Buildroot and look at the generated modules.conf. This will give the
> same information and should be easier to do. (My feeling is this won't
> change and we'll have to dive into the refpolicy logic for enabling
> modules when running 'make conf').
>

The config generator requires a summary line in the module.if file

to be added in policy/modules.conf, otherwise it doesn't process any
further.
It seems to be something tricky to address, in your end developing a check
the summary is in place doesn't make sense, in their end, not using that
hook to learn the modules from the xml make be also complicated. All
in all, thanks for the comments, at least I have a way out without this
patch. If there is something I can address for you in this topic, feel free
to ask.

Best regards.

José.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildroot.org/pipermail/buildroot/attachments/20210922/18ab88dc/attachment.html>


More information about the buildroot mailing list