diff options
author | Paul Spooren <mail@aparcar.org> | 2020-08-19 11:40:27 -1000 |
---|---|---|
committer | Daniel Golle <daniel@makrotopia.org> | 2020-08-23 23:37:08 +0100 |
commit | 2e06f8ae24ec47cd1db9703ce6474bbd9304ef99 (patch) | |
tree | 8d8efbfd1eb84b42fc3c9782c72b0f07bfa12c13 /package/utils | |
parent | b2f19d3ef707c60c46a75a1fe2c38365474a5921 (diff) | |
download | upstream-2e06f8ae24ec47cd1db9703ce6474bbd9304ef99.tar.gz upstream-2e06f8ae24ec47cd1db9703ce6474bbd9304ef99.tar.bz2 upstream-2e06f8ae24ec47cd1db9703ce6474bbd9304ef99.zip |
busybox: add selinux variant
This commit adds a `selinux` variant which comes with with a number of
SELinux applets and also SELinux label support.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Diffstat (limited to 'package/utils')
-rw-r--r-- | package/utils/busybox/Config.in | 2 | ||||
-rw-r--r-- | package/utils/busybox/Makefile | 33 | ||||
-rw-r--r-- | package/utils/busybox/selinux.config | 15 |
3 files changed, 45 insertions, 5 deletions
diff --git a/package/utils/busybox/Config.in b/package/utils/busybox/Config.in index 4d87e18278..dcd027e7ee 100644 --- a/package/utils/busybox/Config.in +++ b/package/utils/busybox/Config.in @@ -1,4 +1,4 @@ -if PACKAGE_busybox +if PACKAGE_busybox || PACKAGE_busybox-selinux config BUSYBOX_CUSTOM bool "Customize busybox options" diff --git a/package/utils/busybox/Makefile b/package/utils/busybox/Makefile index baf375eb13..4d098ac4a8 100644 --- a/package/utils/busybox/Makefile +++ b/package/utils/busybox/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2016 OpenWrt.org +# Copyright (C) 2006-2020 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=busybox PKG_VERSION:=1.31.1 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_FLAGS:=essential PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 @@ -39,14 +39,27 @@ BUSYBOX_IF_ENABLED=$(if $(CONFIG_BUSYBOX_$(BUSYBOX_SYM)_$(1)),$(2)) # All files provided by busybox will serve as fallback alternatives by opkg. # There should be no need to enumerate ALTERNATIVES entries here -define Package/busybox +define Package/busybox/Default SECTION:=base CATEGORY:=Base system MAINTAINER:=Felix Fietkau <nbd@nbd.name> TITLE:=Core utilities for embedded Linux URL:=http://busybox.net/ DEPENDS:=+BUSYBOX_CONFIG_PAM:libpam +BUSYBOX_CONFIG_NTPD:jsonfilter - MENU:=1 +endef + +define Package/busybox + $(call Package/busybox/Default) + CONFLICTS:=busybox-selinux + VARIANT:=default +endef + +define Package/busybox-selinux + $(call Package/busybox/Default) + TITLE += with SELinux support + DEPENDS += +libselinux + VARIANT:=selinux + PROVIDES:=busybox endef define Package/busybox/description @@ -62,6 +75,8 @@ ifdef CONFIG_BUSYBOX_CONFIG_FEATURE_SYSLOG define Package/busybox/conffiles /etc/syslog.conf endef + +Package/busybox-selinux/conffiiles = $(Package/busybox/conffiles) endif # don't create a version string containing the actual timestamp @@ -77,6 +92,10 @@ ifeq ($(CONFIG_USE_GLIBC),y) LDLIBS += $(call BUSYBOX_IF_ENABLED,NSLOOKUP_OPENWRT,resolv) endif +ifeq ($(BUILD_VARIANT),selinux) + LDLIBS += selinux sepol +endif + TARGET_CFLAGS += -flto TARGET_LDFLAGS += -flto=jobserver -fuse-linker-plugin @@ -97,6 +116,9 @@ define Build/Configure ifeq ($(DEVICE_TYPE),nas) echo "CONFIG_HDPARM=y" >> $(PKG_BUILD_DIR)/.config endif +ifeq ($(BUILD_VARIANT),selinux) + cat $(TOPDIR)/$(SOURCE)/selinux.config >> $(PKG_BUILD_DIR)/.config +endif grep 'CONFIG_BUSYBOX_$(BUSYBOX_SYM)' $(TOPDIR)/.config | sed -e "s,\\(# \)\\?CONFIG_BUSYBOX_$(BUSYBOX_SYM)_\\(.*\\),\\1CONFIG_\\2,g" >> $(PKG_BUILD_DIR)/.config yes 'n' | $(MAKE) -C $(PKG_BUILD_DIR) $(MAKE_FLAGS) oldconfig endef @@ -125,4 +147,7 @@ endif -rm -rf $(1)/lib64 endef +Package/busybox-selinux/install = $(Package/busybox/install) + $(eval $(call BuildPackage,busybox)) +$(eval $(call BuildPackage,busybox-selinux)) diff --git a/package/utils/busybox/selinux.config b/package/utils/busybox/selinux.config new file mode 100644 index 0000000000..ef20155814 --- /dev/null +++ b/package/utils/busybox/selinux.config @@ -0,0 +1,15 @@ +CONFIG_SELINUX=y +CONFIG_FEATURE_TAR_SELINUX=y +CONFIG_CHCON=y +CONFIG_GETENFORCE=y +CONFIG_GETSEBOOL=y +CONFIG_LOAD_POLICY=y +CONFIG_MATCHPATHCON=y +CONFIG_RUNCON=y +CONFIG_SELINUXENABLED=y +CONFIG_SESTATUS=y +CONFIG_SETFILES=y +CONFIG_FEATURE_SETFILES_CHECK_OPTION=y +CONFIG_RESTORECON=y +CONFIG_SETSEBOOL=y +CONFIG_SETENFORCE=y |