diff mbox series

[meta-selinux,scarthgap] refpolicy: backport build fix

Message ID 20240625143317.1644238-1-ecordonnier@snap.com
State New
Headers show
Series [meta-selinux,scarthgap] refpolicy: backport build fix | expand

Commit Message

Etienne Cordonnier June 25, 2024, 2:33 p.m. UTC 
From: Etienne Cordonnier <ecordonnier@snap.com>

Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
---
 ...-selinuxutil-make-policykit-optional.patch | 36 +++++++++++++++++++
 .../refpolicy/refpolicy_common.inc            |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 recipes-security/refpolicy/refpolicy/0057-selinuxutil-make-policykit-optional.patch

Comments

Yi Zhao June 27, 2024, 1:03 a.m. UTC | #1 
This has been fixed in 
https://git.yoctoproject.org/meta-selinux/commit/?h=scarthgap&id=17c7cd46219e74bf7404dca23b9b9f6380e2d3c0


//Yi

On 6/25/24 22:33, Etienne Cordonnier via lists.yoctoproject.org wrote:
> From: Etienne Cordonnier <ecordonnier@snap.com>
>
> Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
> ---
>   ...-selinuxutil-make-policykit-optional.patch | 36 +++++++++++++++++++
>   .../refpolicy/refpolicy_common.inc            |  1 +
>   2 files changed, 37 insertions(+)
>   create mode 100644 recipes-security/refpolicy/refpolicy/0057-selinuxutil-make-policykit-optional.patch
>
> diff --git a/recipes-security/refpolicy/refpolicy/0057-selinuxutil-make-policykit-optional.patch b/recipes-security/refpolicy/refpolicy/0057-selinuxutil-make-policykit-optional.patch
> new file mode 100644
> index 0000000..62b35d5
> --- /dev/null
> +++ b/recipes-security/refpolicy/refpolicy/0057-selinuxutil-make-policykit-optional.patch
> @@ -0,0 +1,36 @@
> +From 0f997a134adb6c68d871a31ec27d63f02297c588 Mon Sep 17 00:00:00 2001
> +From: Yi Zhao <yi.zhao@windriver.com>
> +Date: Wed, 5 Jun 2024 10:32:34 +0800
> +Subject: [PATCH] selinuxutil: make policykit optional
> +
> +Make policykit optional to avoid a potential build error.
> +
> +Upstream-Status: Backport [https://github.com/SELinuxProject/refpolicy/commit/c6dd4087def22fa0f3e2b62bce5fc531bbf824a0]
> +
> +Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
> +Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
> +---
> + policy/modules/system/selinuxutil.te | 6 ++++--
> + 1 file changed, 4 insertions(+), 2 deletions(-)
> +
> +diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
> +index 57c2e0e01..c65d5e8e6 100644
> +--- a/policy/modules/system/selinuxutil.te
> ++++ b/policy/modules/system/selinuxutil.te
> +@@ -501,12 +501,14 @@ corecmd_exec_bin(selinux_dbus_t)
> + files_read_etc_symlinks(selinux_dbus_t)
> + files_list_usr(selinux_dbus_t)
> +
> +-policykit_dbus_chat(selinux_dbus_t)
> +-
> + miscfiles_read_localization(selinux_dbus_t)
> +
> + seutil_domtrans_semanage(selinux_dbus_t)
> +
> ++optional_policy(`
> ++	policykit_dbus_chat(selinux_dbus_t)
> ++')
> ++
> + ########################################
> + #
> + # semodule local policy
> diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
> index 6ea1fc2..0f5fe1b 100644
> --- a/recipes-security/refpolicy/refpolicy_common.inc
> +++ b/recipes-security/refpolicy/refpolicy_common.inc
> @@ -72,6 +72,7 @@ SRC_URI += " \
>           file://0054-policy-modules-system-setrans-allow-setrans_t-use-fd.patch \
>           file://0055-policy-modules-system-systemd-make-_systemd_t-MLS-tr.patch \
>           file://0056-policy-modules-system-logging-make-syslogd_runtime_t.patch \
> +        file://0057-selinuxutil-make-policykit-optional.patch \
>           "
>   
>   S = "${WORKDIR}/refpolicy"
diff mbox series

Patch

diff --git a/recipes-security/refpolicy/refpolicy/0057-selinuxutil-make-policykit-optional.patch b/recipes-security/refpolicy/refpolicy/0057-selinuxutil-make-policykit-optional.patch
new file mode 100644
index 0000000..62b35d5
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0057-selinuxutil-make-policykit-optional.patch
@@ -0,0 +1,36 @@ 
+From 0f997a134adb6c68d871a31ec27d63f02297c588 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Wed, 5 Jun 2024 10:32:34 +0800
+Subject: [PATCH] selinuxutil: make policykit optional
+
+Make policykit optional to avoid a potential build error.
+
+Upstream-Status: Backport [https://github.com/SELinuxProject/refpolicy/commit/c6dd4087def22fa0f3e2b62bce5fc531bbf824a0]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
+---
+ policy/modules/system/selinuxutil.te | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
+index 57c2e0e01..c65d5e8e6 100644
+--- a/policy/modules/system/selinuxutil.te
++++ b/policy/modules/system/selinuxutil.te
+@@ -501,12 +501,14 @@ corecmd_exec_bin(selinux_dbus_t)
+ files_read_etc_symlinks(selinux_dbus_t)
+ files_list_usr(selinux_dbus_t)
+ 
+-policykit_dbus_chat(selinux_dbus_t)
+-
+ miscfiles_read_localization(selinux_dbus_t)
+ 
+ seutil_domtrans_semanage(selinux_dbus_t)
+ 
++optional_policy(`
++	policykit_dbus_chat(selinux_dbus_t)
++')
++
+ ########################################
+ #
+ # semodule local policy
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index 6ea1fc2..0f5fe1b 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -72,6 +72,7 @@  SRC_URI += " \
         file://0054-policy-modules-system-setrans-allow-setrans_t-use-fd.patch \
         file://0055-policy-modules-system-systemd-make-_systemd_t-MLS-tr.patch \
         file://0056-policy-modules-system-logging-make-syslogd_runtime_t.patch \
+        file://0057-selinuxutil-make-policykit-optional.patch \
         "
 
 S = "${WORKDIR}/refpolicy"