2 files changed, 32 insertions, 0 deletions

diff --git a/meta-agl-ic-container/dynamic-layers/meta-selinux/recipes-security/packagegroups/packagegroup-agl-core-selinux-guest.bb b/meta-agl-ic-container/dynamic-layers/meta-selinux/recipes-security/packagegroups/packagegroup-agl-core-selinux-guest.bb
new file mode 100644
index 00000000..d58d9013
--- /dev/null
+++ b/meta-agl-ic-container/dynamic-layers/meta-selinux/recipes-security/packagegroups/packagegroup-agl-core-selinux-guest.bb
@@ -0,0 +1,24 @@
+SUMMARY = "SELinux packages for container guest"
+DESCRIPTION = "SELinux packages required for AGL"
+LICENSE = "MIT"
+
+inherit packagegroup features_check
+
+REQUIRED_DISTRO_FEATURES = "selinux"
+
+PACKAGES = " \
+    packagegroup-agl-core-selinux-guest \
+"
+
+# The packagegroup-agl-core-selinux is including auditd.
+# But it shall run in host, shall not run in guest.
+# This package group remove from host only package from packagegroup-agl-core-selinux
+
+RDEPENDS:${PN} = " \
+    coreutils \
+    libsepol \
+    libselinux \
+    libselinux-bin \
+    libsemanage \
+    refpolicy \
+"
diff --git a/meta-agl-ic-container/recipes-platform/images/guest-image-minimal.bb b/meta-agl-ic-container/recipes-platform/images/guest-image-minimal.bb
index ea66f248..8dcdb3fb 100644
--- a/meta-agl-ic-container/recipes-platform/images/guest-image-minimal.bb
+++ b/meta-agl-ic-container/recipes-platform/images/guest-image-minimal.bb
@@ -8,4 +8,12 @@ IMAGE_INSTALL += " \
     packagegroup-agl-container-feature-logging-guest \
 "
 
+FEATURE_PACKAGES_selinux:remove = " \
+    packagegroup-agl-core-selinux \
+    ${@bb.utils.contains('DISTRO_FEATURES', 'agl-devel', 'packagegroup-agl-core-selinux-devel', '', d)} \
+"
+FEATURE_PACKAGES_selinux:append = " \
+    packagegroup-agl-core-selinux-guest \
+"
+
 NO_RECOMMENDATIONS = "1"