| Message ID | 20251017042953.3323046-1-quic_sasikuma@quicinc.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-selinux] refpolicy_common: use selinux tools from recipe-sysroot-native | expand |
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc index 27aac44..1234370 100644 --- a/recipes-security/refpolicy/refpolicy_common.inc +++ b/recipes-security/refpolicy/refpolicy_common.inc @@ -130,6 +130,8 @@ EXTRA_OEMAKE = "NAME=${POLICY_NAME} \ MLS_CATS=${POLICY_MLS_CATS} \ MCS_CATS=${POLICY_MCS_CATS}" +EXTRA_OEMAKE += "tc_usrsbindir=${STAGING_SBINDIR_NATIVE}" +EXTRA_OEMAKE += "tc_sbindir=${STAGING_DIR_NATIVE}${base_sbindir_native}" EXTRA_OEMAKE += "tc_usrbindir=${STAGING_BINDIR_NATIVE}" EXTRA_OEMAKE += "OUTPUT_POLICY=`${STAGING_BINDIR_NATIVE}/checkpolicy -V | cut -d' ' -f1`" EXTRA_OEMAKE += "CC='${BUILD_CC}' CFLAGS='${BUILD_CFLAGS}' PYTHON='${PYTHON}'"
The following code snippet from refpolicy shows that the host machine's /sbin, /usr/bin, /usr/sbin paths were configured to use selinux tools, instead from yocto build recipe-sysroot paths. refpolicy/Makefile:47:BINDIR ?= /usr/bin refpolicy/Makefile:48:SBINDIR ?= /usr/sbin refpolicy/Makefile:63:tc_usrbindir := $(BINDIR) refpolicy/Makefile:64:tc_usrsbindir := $(SBINDIR) refpolicy/Makefile:65:tc_sbindir := /sbin Fix: Configured 'tc_usrsbindir' and 'tc_sbindir' with yocto build recipe-sysroot paths. 'tc_usrbindir' already configured as per recipe-sysroot paths. Signed-off-by: Sasi Kumar Maddineni <quic_sasikuma@quicinc.com> --- recipes-security/refpolicy/refpolicy_common.inc | 2 ++ 1 file changed, 2 insertions(+)