The SELinux policy set at host in boot time, the guest container shall
not overwrite SELinux policy. On the other hand, existing guest
integration install SELinux policy tool in guest.
The auditd has same issue. That shall work in host, shall not work in guest.
This patch fix these issue.
Bug-AGL: SPEC-5039
Change-Id: I3887d4f64d31a833f5e47fd9fb41e8fbbf6efe1e
Signed-off-by: Naoto Yamaguchi <naoto.yamaguchi@aisin.co.jp>
--- /dev/null
+SUMMARY = "SELinux packages for container guest"
+DESCRIPTION = "SELinux packages required for AGL"
+LICENSE = "MIT"
+
+inherit packagegroup features_check
+
+REQUIRED_DISTRO_FEATURES = "selinux"
+
+PACKAGES = " \
+ packagegroup-agl-core-selinux-guest \
+"
+
+# The packagegroup-agl-core-selinux is including auditd.
+# But it shall run in host, shall not run in guest.
+# This package group remove from host only package from packagegroup-agl-core-selinux
+
+RDEPENDS:${PN} = " \
+ coreutils \
+ libsepol \
+ libselinux \
+ libselinux-bin \
+ libsemanage \
+ refpolicy \
+"
packagegroup-agl-container-feature-logging-guest \
"
+FEATURE_PACKAGES_selinux:remove = " \
+ packagegroup-agl-core-selinux \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'agl-devel', 'packagegroup-agl-core-selinux-devel', '', d)} \
+"
+FEATURE_PACKAGES_selinux:append = " \
+ packagegroup-agl-core-selinux-guest \
+"
+
NO_RECOMMENDATIONS = "1"
Code Review / AGL / meta-agl-devel.git / commitdiff