| Message ID | 20260213154238.4093604-2-u.kleine-koenig@baylibre.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-selinux] Enable SELinux support in native packages | expand |
On 2/13/26 23:42, "Uwe Kleine-König wrote: > With SELinux enabled for the target it makes sense to have SELinux > support enabled for the native tools, too. > > Note that for native packages DISTRO_FEATURES is filtered, thus up to now > it never contained "selinux". Append to DISTRO_FEATURES_FILTER_NATIVE to > make "selinux" propagate also to DISTRO_FEATURES for native packages. > --- > Hello, > > I use this on scarthgap, but the patch applies fine to master, too. > > During a debug session it took me quite a while to find out why > > ls -lZ "${IMAGE_ROOTFS} > > at the end of selinux_set_labels() didn't show the labels added by > setfiles. > > Best regards > Uwe > > classes/enable-selinux.bbclass | 2 +- > conf/layer.conf | 4 ++++ > 2 files changed, 5 insertions(+), 1 deletion(-) > > diff --git a/classes/enable-selinux.bbclass b/classes/enable-selinux.bbclass > index 3dc61d6931ff..0c9f52e74cec 100644 > --- a/classes/enable-selinux.bbclass > +++ b/classes/enable-selinux.bbclass > @@ -1,3 +1,3 @@ > inherit selinux > > -PACKAGECONFIG:append = " ${@target_selinux(d, 'selinux')}" > +PACKAGECONFIG:append = " ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}" > diff --git a/conf/layer.conf b/conf/layer.conf > index 4e04e5cc7e6a..ca981db57019 100644 > --- a/conf/layer.conf > +++ b/conf/layer.conf > @@ -25,3 +25,7 @@ LAYERDEPENDS_selinux = " \ > " > > PREFERRED_PROVIDER_virtual/refpolicy ??= "refpolicy-targeted" > + > +# With target support for SELinux it is very helpful during debug when the > +# native tools support SELinux, too. > +DISTRO_FEATURES_FILTER_NATIVE:append = " selinux" Can we add this to the doc (e.g. README) instead of enabling it directly in layer.conf? Since we haven't directly enabled DISTRO_FEATURES = "selinux" in layer.conf either. Thanks, Yi > > base-commit: 536df5a4fbce3c9fd63f51580f43d248a0d1b0ef
On Mon, 2026-03-09 at 20:23 +0800, Yi Zhao via lists.yoctoproject.org wrote: > > On 2/13/26 23:42, "Uwe Kleine-König wrote: > > With SELinux enabled for the target it makes sense to have SELinux > > support enabled for the native tools, too. > > > > Note that for native packages DISTRO_FEATURES is filtered, thus up to now > > it never contained "selinux". Append to DISTRO_FEATURES_FILTER_NATIVE to > > make "selinux" propagate also to DISTRO_FEATURES for native packages. > > --- > > Hello, > > > > I use this on scarthgap, but the patch applies fine to master, too. > > > > During a debug session it took me quite a while to find out why > > > > ls -lZ "${IMAGE_ROOTFS} > > > > at the end of selinux_set_labels() didn't show the labels added by > > setfiles. > > > > Best regards > > Uwe > > > > classes/enable-selinux.bbclass | 2 +- > > conf/layer.conf | 4 ++++ > > 2 files changed, 5 insertions(+), 1 deletion(-) > > > > diff --git a/classes/enable-selinux.bbclass b/classes/enable-selinux.bbclass > > index 3dc61d6931ff..0c9f52e74cec 100644 > > --- a/classes/enable-selinux.bbclass > > +++ b/classes/enable-selinux.bbclass > > @@ -1,3 +1,3 @@ > > inherit selinux > > > > -PACKAGECONFIG:append = " ${@target_selinux(d, 'selinux')}" > > +PACKAGECONFIG:append = " ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}" > > diff --git a/conf/layer.conf b/conf/layer.conf > > index 4e04e5cc7e6a..ca981db57019 100644 > > --- a/conf/layer.conf > > +++ b/conf/layer.conf > > @@ -25,3 +25,7 @@ LAYERDEPENDS_selinux = " \ > > " > > > > PREFERRED_PROVIDER_virtual/refpolicy ??= "refpolicy-targeted" > > + > > +# With target support for SELinux it is very helpful during debug when the > > +# native tools support SELinux, too. > > +DISTRO_FEATURES_FILTER_NATIVE:append = " selinux" > > Can we add this to the doc (e.g. README) instead of enabling it directly > in layer.conf? Since we haven't directly enabled DISTRO_FEATURES = > "selinux" in layer.conf either. I just wanted to add that putting that directly in layer.conf will mean the layer isn't Yocto Project Compatible too. Cheers, Richard
diff --git a/classes/enable-selinux.bbclass b/classes/enable-selinux.bbclass index 3dc61d6931ff..0c9f52e74cec 100644 --- a/classes/enable-selinux.bbclass +++ b/classes/enable-selinux.bbclass @@ -1,3 +1,3 @@ inherit selinux -PACKAGECONFIG:append = " ${@target_selinux(d, 'selinux')}" +PACKAGECONFIG:append = " ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}" diff --git a/conf/layer.conf b/conf/layer.conf index 4e04e5cc7e6a..ca981db57019 100644 --- a/conf/layer.conf +++ b/conf/layer.conf @@ -25,3 +25,7 @@ LAYERDEPENDS_selinux = " \ " PREFERRED_PROVIDER_virtual/refpolicy ??= "refpolicy-targeted" + +# With target support for SELinux it is very helpful during debug when the +# native tools support SELinux, too. +DISTRO_FEATURES_FILTER_NATIVE:append = " selinux"
With SELinux enabled for the target it makes sense to have SELinux support enabled for the native tools, too. Note that for native packages DISTRO_FEATURES is filtered, thus up to now it never contained "selinux". Append to DISTRO_FEATURES_FILTER_NATIVE to make "selinux" propagate also to DISTRO_FEATURES for native packages. --- Hello, I use this on scarthgap, but the patch applies fine to master, too. During a debug session it took me quite a while to find out why ls -lZ "${IMAGE_ROOTFS} at the end of selinux_set_labels() didn't show the labels added by setfiles. Best regards Uwe classes/enable-selinux.bbclass | 2 +- conf/layer.conf | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) base-commit: 536df5a4fbce3c9fd63f51580f43d248a0d1b0ef