1 SUMMARY = "SELinux packages"
2 DESCRIPTION = "SELinux packages required for AGL"
5 inherit packagegroup features_check
7 REQUIRED_DISTRO_FEATURES = "selinux"
10 packagegroup-agl-core-selinux \
11 packagegroup-agl-core-selinux-devel \
15 # meta-selinux's packagegroup-core-selinux includes a lot of
16 # policy development tools with its inclusion of the layer's
17 # packagegroup-selinux-policycoreutils, which is not really
18 # desirable for a production image. Create our own base
19 # packagegroup and an accompanying devel packagegroup that
20 # agl-devel can trigger pulling in.
23 # - It seems likely we will always want auditd, so include
24 # it in the base packagegroup.
25 # - selinux-autorelabel seems required to handle both the
26 # edge case of builds done on non-xattr capable filesystems,
27 # and to allow driving relabeling after potential package
28 # installation during runtime.
29 # - packagegroup-selinux-policycoreutils includes a lot of
30 # things that seem not useful in a lot of systems (e.g.
31 # the gtk dependent selinux-gui), so for now the devel
32 # packagegroup aims to include a more minimal set of tools
33 # aimed at enabling checkpolicy and audit2allow use.
34 # - Some thought needs to go into whether the relabeling
35 # fixup packages should be handled separately, as they
36 # ideally should not go into images using read-only or
37 # stateless rootfs, but those are image features so we
38 # cannot check for them here.
42 packagegroup-selinux-minimal \
45 systemd-selinux-relabel \
48 RDEPENDS:${PN}-devel = " \
52 policycoreutils-loadpolicy \
53 policycoreutils-setsebool \
55 semodule-utils-semodule-package \
56 selinux-python-audit2allow \