SELinux requires a config file in /etc/selinux which controls the state
of SELinux on the system.
This config file has two options set in it:
SELINUX which set's the state of selinux on boot.
SELINUXTYPE which should equal the name of the policy. In this case, the
default name is targeted.
This patch adds:
- A choice menu on Config.in that allows the user to select a default
SELinux state.
- A basic config file that will be installed to
target/etc/selinux and will set SELINUX= to the selected state.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Acked-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Thomas:
- rename option to BR2_PACKAGE_REFPOLICY_POLICY_STATE
- qstrip the variable
- drop unused REFPOLICY_NAME variable.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Refpolicy by default will build the highest version supported. This may
cause older kernels to not load the policy.
This patch adds a custom policy version string which is defaulted to 30,
which is the highest supported as of today.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Acked-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Thomas:
- rename option to BR2_PACKAGE_REFPOLICY_POLICY_VERSION
- use qstrip to remove double quotes]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The patch is for adding selinux reference policy (refpolicy).
It is a complete SELinux policy that can be used as the system policy
for a variety of systems and used as the basis for creating other policies.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Acked-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Thomas:
- add entry to DEVELOPERS file
- remove redundant dependencies
- drop unused REFPOLICY_PYINC option
- use SPDX tag for license
- minor formatting fixes.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
