summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta-agl-ic-container/dynamic-layers/meta-selinux/recipes-security/packagegroups/packagegroup-agl-core-selinux-guest.bb24
-rw-r--r--meta-agl-ic-container/recipes-platform/images/guest-image-minimal.bb8
2 files changed, 32 insertions, 0 deletions
diff --git a/meta-agl-ic-container/dynamic-layers/meta-selinux/recipes-security/packagegroups/packagegroup-agl-core-selinux-guest.bb b/meta-agl-ic-container/dynamic-layers/meta-selinux/recipes-security/packagegroups/packagegroup-agl-core-selinux-guest.bb
new file mode 100644
index 00000000..d58d9013
--- /dev/null
+++ b/meta-agl-ic-container/dynamic-layers/meta-selinux/recipes-security/packagegroups/packagegroup-agl-core-selinux-guest.bb
@@ -0,0 +1,24 @@
+SUMMARY = "SELinux packages for container guest"
+DESCRIPTION = "SELinux packages required for AGL"
+LICENSE = "MIT"
+
+inherit packagegroup features_check
+
+REQUIRED_DISTRO_FEATURES = "selinux"
+
+PACKAGES = " \
+ packagegroup-agl-core-selinux-guest \
+"
+
+# The packagegroup-agl-core-selinux is including auditd.
+# But it shall run in host, shall not run in guest.
+# This package group remove from host only package from packagegroup-agl-core-selinux
+
+RDEPENDS:${PN} = " \
+ coreutils \
+ libsepol \
+ libselinux \
+ libselinux-bin \
+ libsemanage \
+ refpolicy \
+"
diff --git a/meta-agl-ic-container/recipes-platform/images/guest-image-minimal.bb b/meta-agl-ic-container/recipes-platform/images/guest-image-minimal.bb
index ea66f248..8dcdb3fb 100644
--- a/meta-agl-ic-container/recipes-platform/images/guest-image-minimal.bb
+++ b/meta-agl-ic-container/recipes-platform/images/guest-image-minimal.bb
@@ -8,4 +8,12 @@ IMAGE_INSTALL += " \
packagegroup-agl-container-feature-logging-guest \
"
+FEATURE_PACKAGES_selinux:remove = " \
+ packagegroup-agl-core-selinux \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'agl-devel', 'packagegroup-agl-core-selinux-devel', '', d)} \
+"
+FEATURE_PACKAGES_selinux:append = " \
+ packagegroup-agl-core-selinux-guest \
+"
+
NO_RECOMMENDATIONS = "1"