@@ -77,10 +77,12 @@ SRC_URI += " \
S = "${UNPACKDIR}/refpolicy"
CONFFILES:${PN} = "${sysconfdir}/selinux/config"
+
+POLICY_CUSTOM_STORE ?= "${localstatedir}/lib/selinux/"
FILES:${PN} += " \
${sysconfdir}/selinux/${POLICY_NAME}/ \
${datadir}/selinux/${POLICY_NAME}/*.pp \
- ${localstatedir}/lib/selinux/${POLICY_NAME}/ \
+ ${POLICY_CUSTOM_STORE}/${POLICY_NAME}/ \
"
FILES:${PN}-dev =+ " \
${datadir}/selinux/${POLICY_NAME}/include/ \
@@ -165,7 +167,7 @@ prepare_policy_store() {
oe_runmake 'DESTDIR=${D}' 'prefix=${D}${prefix}' install
POL_PRIORITY=100
POL_SRC=${D}${datadir}/selinux/${POLICY_NAME}
- POL_STORE=${D}${localstatedir}/lib/selinux/${POLICY_NAME}
+ POL_STORE=${D}${POLICY_CUSTOM_STORE}/${POLICY_NAME}
POL_ACTIVE_MODS=${POL_STORE}/active/modules/${POL_PRIORITY}
# Prepare to create policy store
@@ -207,13 +209,14 @@ args = \$@
[end]
policy-version = 35
+store-root = "${POLICY_CUSTOM_STORE}"
EOF
# Create policy store and build the policy
semodule -p ${D} -s ${POLICY_NAME} -n -B
rm -f ${D}${sysconfdir}/selinux/semanage.conf
# No need to leave final dir created by semanage laying around
- rm -rf ${D}${localstatedir}/lib/selinux/final
+ rm -rf ${D}${POLICY_CUSTOM_STORE}/final
}
install_misc_files() {
@@ -32,6 +32,8 @@ FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR}/* \
FILES:${PN}-dbg += "${PYTHON_SITEPACKAGES_DIR}/.debug/*"
FILES:${PN} += "${libexecdir}"
+POLICY_CUSTOM_STORE ?= "${localstatedir}/lib/selinux/"
+
do_compile:append() {
oe_runmake pywrap \
PYLIBVER='python${PYTHON_BASEVERSION}' \
@@ -46,9 +48,21 @@ do_install:append() {
PYLIBVER='python${PYTHON_BASEVERSION}' \
PYTHONLIBDIR='${PYTHON_SITEPACKAGES_DIR}'
- # Update "policy-version" for semanage.conf
- sed -i 's/^#\s*\(policy-version\s*=\).*$/\1 35/' \
- ${D}/etc/selinux/semanage.conf
+ conf_file="${D}/etc/selinux/semanage.conf"
+
+ if [ -f "${conf_file}" ]; then
+ # Update "policy-version" for semanage.conf
+ sed -i 's/^#\s*\(policy-version\s*=\).*$/\1 35/' \
+ ${D}/etc/selinux/semanage.conf
+
+ # Update "store-root" for semanage.conf
+ if grep -q '^store-root=' "${conf_file}"; then
+ sed -i "s|^store-root=.*$|store-root=${POLICY_CUSTOM_STORE}|" "${conf_file}"
+ else
+ printf 'store-root=%s\n' "${POLICY_CUSTOM_STORE}" >> "${conf_file}"
+ fi
+ fi
+
}
BBCLASSEXTEND = "native"
By default, policy modules(*.pp) are stored in /var directory. Features like: ostree remove files in folders like /var variable data directory while build time. Added support for custom policy store. We can now configure path to custom policy store to variable `POLICY_CUSTOM_STORE`. Signed-off-by: Sasi Kumar Maddineni <quic_sasikuma@quicinc.com> --- .../refpolicy/refpolicy_common.inc | 9 ++++++--- recipes-security/selinux/libsemanage_3.9.bb | 20 ++++++++++++++++--- 2 files changed, 23 insertions(+), 6 deletions(-)