summaryrefslogtreecommitdiffstats
path: root/meta-netboot/conf
diff options
context:
space:
mode:
authorScott Murray <scott.murray@konsulko.com>2022-07-25 14:49:13 -0400
committerJan-Simon Moeller <jsmoeller@linuxfoundation.org>2022-07-27 12:31:58 +0000
commita3678d3e929900078cbaec5a279b902bd7cc9244 (patch)
treee9b9ab9d7210df07e00d049029f32d21c2ec7771 /meta-netboot/conf
parent2ea9cbefb8e0923f2f58e7e8022f3e134977a87a (diff)
meta-netboot: Add SELinux support
Changes: - Add logic to init.sh to handle autorelabeling the root filesystem if it is tagged as requiring it. In practice this should only be required when booting images built on hosts that have xattr support, or if relabeling is manually triggered on subsequent boots. There was a stated goal of avoiding the reboot from the later userspace handling of autorelabeling in CI, so this hook aims to enable that for the non-xattr build host corner case. - Add a resolv-conf-relabel recipe that installs a systemd unit to relabel /etc/resolv.conf when netbooting. This is required because the file always gets modified inside init.sh, and it does not seem worthwhile to always do the extra policy load required to relabel it in the initramfs. This may need to be revisited if it proves difficult to handle denials in early booting when netbooting. - Add the required extra packages for relabeling to IMAGE_INSTALL. Bug-AGL: SPEC-4332 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: I26b27c1cea68a029264352bd206c160cac3d451e Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27791 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Diffstat (limited to 'meta-netboot/conf')
-rw-r--r--meta-netboot/conf/include/agl-netboot.inc5
1 files changed, 4 insertions, 1 deletions
diff --git a/meta-netboot/conf/include/agl-netboot.inc b/meta-netboot/conf/include/agl-netboot.inc
index 555629537..2c1307e81 100644
--- a/meta-netboot/conf/include/agl-netboot.inc
+++ b/meta-netboot/conf/include/agl-netboot.inc
@@ -1,3 +1,6 @@
INHERIT += "netboot"
-IMAGE_INSTALL:append:netboot = " curl"
+IMAGE_INSTALL:append:netboot = " \
+ curl \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'resolv-conf-relabel policycoreutils-loadpolicy', '', d)} \
+"
/* Name.Builtin.Pseudo */ .highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #336699 } /* Name.Variable.Class */ .highlight .vg { color: #dd7700 } /* Name.Variable.Global */ .highlight .vi { color: #3333bb } /* Name.Variable.Instance */ .highlight .vm { color: #336699 } /* Name.Variable.Magic */ .highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */
From 8caaf802a8b42e9bb1d74fc335a571882c75d73e Mon Sep 17 00:00:00 2001
From: Holger Behrens <holger.behrens@windriver.com>
Date: Tue, 3 Feb 2015 09:52:52 +0100
Subject: [meta-ivi-demo][PATCH 1/2] protocol: update 3rd party ivi-application
 protocol

Signed-off-by: Holger Behrens <holger.behrens@windriver.com>
---
 src/3rdparty/protocol/ivi-application.xml | 31 +++----------------------------
 1 file changed, 3 insertions(+), 28 deletions(-)

diff --git a/src/3rdparty/protocol/ivi-application.xml b/src/3rdparty/protocol/ivi-application.xml
index 833fd38..b06ae6c 100644
--- a/src/3rdparty/protocol/ivi-application.xml
+++ b/src/3rdparty/protocol/ivi-application.xml
@@ -42,34 +42,9 @@
             <arg name="visibility" type="int"/>
         </event>
 
-        <enum name="warning_code">
-            <description summary="possible warning codes returned by ivi compositor">
-                These define all possible warning codes returned by ivi compositor on server-side warnings.
-                invalid_wl_surface:
-                    - wl_surface already has a another role.
-		    - wl_surface is destroyed before the ivi_surface is destroyed.
-                ivi_id_in_use: ivi_id is already assigned by another application.
-            </description>
-            <entry name="invalid_wl_surface" value="1" summary="wl_surface is invalid"/>
-            <entry name="ivi_id_in_use" value="2" summary="ivi_id is in use and can not be shared"/>
-        </enum>
-
-        <event name="warning">
-            <description summary="server-side warning detected">
-                The ivi compositor encountered warning while processing a request by this
-                application. The warning is defined by argument warning_code and optional
-                warning_text. If the warning is detected, client shall destroy the ivi_surface
-                object.
-
-		When a warning event is sent, the compositor turns the ivi_surface object inert.
-		The ivi_surface will not deliver further events, all requests on it are ignored
-		except 'destroy', and the association to the ivi_id is removed. The client
-		should destroy the ivi_surface object. If an inert ivi_surface object is used as
-		an argument to any other object's request, that request will [produce a fatal
-		error / produce a warning / be ignored].
-            </description>
-            <arg name="warning_code" type="int"/>
-            <arg name="warning_text" type="string" allow-null="true"/>
+        <event name="configure">
+            <arg name="width" type="int"/>
+            <arg name="height" type="int"/>
         </event>
 
     </interface>
-- 
2.2.1