diff options
| author |   Naoto Yamaguchi <naoto.yamaguchi@aisin.co.jp> | 2024-01-01 00:34:40 +0900 |
|---|---|---|
| committer |   Jan-Simon Moeller <jsmoeller@linuxfoundation.org> | 2024-01-29 12:01:29 +0000 |
| commit | e4ca3fb47b1fb21f4bcd39a5ee798a227a1fdd73 (patch) | |
| tree | e8f8076a0e43e530d6058353bb3f7d30f221ee92 | |
| parent | 6d6323abe05920c1225f41ae71431c47a4431cc3 (diff) | |
Remove auditd and policy tool in guest
The SELinux policy set at host in boot time, the guest container shall
not overwrite SELinux policy. On the other hand, existing guest
integration install SELinux policy tool in guest.
The auditd has same issue. That shall work in host, shall not work in guest.
This patch fix these issue.
Bug-AGL: SPEC-5039
Change-Id: I3887d4f64d31a833f5e47fd9fb41e8fbbf6efe1e
Signed-off-by: Naoto Yamaguchi <naoto.yamaguchi@aisin.co.jp>
2 files changed, 32 insertions, 0 deletions
diff --git a/meta-agl-ic-container/dynamic-layers/meta-selinux/recipes-security/packagegroups/packagegroup-agl-core-selinux-guest.bb b/meta-agl-ic-container/dynamic-layers/meta-selinux/recipes-security/packagegroups/packagegroup-agl-core-selinux-guest.bb new file mode 100644 index 00000000..d58d9013 --- /dev/null +++ b/meta-agl-ic-container/dynamic-layers/meta-selinux/recipes-security/packagegroups/packagegroup-agl-core-selinux-guest.bb @@ -0,0 +1,24 @@ +SUMMARY = "SELinux packages for container guest" +DESCRIPTION = "SELinux packages required for AGL" +LICENSE = "MIT" + +inherit packagegroup features_check + +REQUIRED_DISTRO_FEATURES = "selinux" + +PACKAGES = " \ + packagegroup-agl-core-selinux-guest \ +" + +# The packagegroup-agl-core-selinux is including auditd. +# But it shall run in host, shall not run in guest. +# This package group remove from host only package from packagegroup-agl-core-selinux + +RDEPENDS:${PN} = " \ + coreutils \ + libsepol \ + libselinux \ + libselinux-bin \ + libsemanage \ + refpolicy \ +" diff --git a/meta-agl-ic-container/recipes-platform/images/guest-image-minimal.bb b/meta-agl-ic-container/recipes-platform/images/guest-image-minimal.bb index ea66f248..8dcdb3fb 100644 --- a/meta-agl-ic-container/recipes-platform/images/guest-image-minimal.bb +++ b/meta-agl-ic-container/recipes-platform/images/guest-image-minimal.bb @@ -8,4 +8,12 @@ IMAGE_INSTALL += " \ packagegroup-agl-container-feature-logging-guest \ " +FEATURE_PACKAGES_selinux:remove = " \ + packagegroup-agl-core-selinux \ + ${@bb.utils.contains('DISTRO_FEATURES', 'agl-devel', 'packagegroup-agl-core-selinux-devel', '', d)} \ +" +FEATURE_PACKAGES_selinux:append = " \ + packagegroup-agl-core-selinux-guest \ +" + NO_RECOMMENDATIONS = "1" |