[OpenWrt-Devel] [PATCH 1/7] package/utils/busybox: add optional selinux support
Daniel Golle
daniel at makrotopia.org
Sat Jan 4 08:25:02 EST 2020
Hi Thomas,
On Sat, Jan 04, 2020 at 02:15:38PM +0100, Thomas Petazzoni wrote:
> Hello,
>
> On Sat, 4 Jan 2020 15:06:38 +0200
> Daniel Golle <daniel at makrotopia.org> wrote:
>
> > > @@ -76,6 +76,9 @@ LDLIBS += $(call BUSYBOX_IF_ENABLED,PAM,pam pam_misc pthread)
> > > ifeq ($(CONFIG_USE_GLIBC),y)
> > > LDLIBS += $(call BUSYBOX_IF_ENABLED,NSLOOKUP_OPENWRT,resolv)
> > > endif
> > > +ifeq ($(CONFIG_BUSYBOX_CONFIG_SELINUX),y)
> > > + LDLIBS += selinux sepol
> > > +endif
> >
> > also here, it would be better to have a build-variant of busybox with
> > has selinux enabled instead of a buildroot compile option.
>
> Thanks for your feedback. Could you give some initial hints on what you
> mean by "build-variant", or at least point at some existing examples ?
See package/utils/px5g/Makefile, in that case px5g is build two times,
once with built-in crypto and once with libmbedtls linked. The result
are two binary packages 'px5g'(-standalone) and 'px5g-mbedtls'.
Doing the same for SELinux-enabled busybox and procd will potentially
allow building SELinux-enabled images using the ImageBuilder (as
opposed to building them entirely from source).
And similar to how we do for seccomp-policies (see
package/network/services/umdns/Makefile) we could ship SELinux policies
with packages or as add-on packages like in other distributions (given
we will add support for that in the build system as well as in opkg).
Cheers
Daniel
>
> Thanks a lot,
>
> Thomas
> --
> Thomas Petazzoni, CTO, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list