mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-21 22:47:56 +00:00
busybox: add selinux variant
This commit adds a `selinux` variant which comes with with a number of SELinux applets and also SELinux label support. Signed-off-by: Paul Spooren <mail@aparcar.org>
This commit is contained in:
parent
b2f19d3ef7
commit
2e06f8ae24
@ -1,4 +1,4 @@
|
|||||||
if PACKAGE_busybox
|
if PACKAGE_busybox || PACKAGE_busybox-selinux
|
||||||
|
|
||||||
config BUSYBOX_CUSTOM
|
config BUSYBOX_CUSTOM
|
||||||
bool "Customize busybox options"
|
bool "Customize busybox options"
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Copyright (C) 2006-2016 OpenWrt.org
|
# Copyright (C) 2006-2020 OpenWrt.org
|
||||||
#
|
#
|
||||||
# This is free software, licensed under the GNU General Public License v2.
|
# This is free software, licensed under the GNU General Public License v2.
|
||||||
# See /LICENSE for more information.
|
# See /LICENSE for more information.
|
||||||
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
|||||||
|
|
||||||
PKG_NAME:=busybox
|
PKG_NAME:=busybox
|
||||||
PKG_VERSION:=1.31.1
|
PKG_VERSION:=1.31.1
|
||||||
PKG_RELEASE:=2
|
PKG_RELEASE:=3
|
||||||
PKG_FLAGS:=essential
|
PKG_FLAGS:=essential
|
||||||
|
|
||||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
||||||
@ -39,14 +39,27 @@ BUSYBOX_IF_ENABLED=$(if $(CONFIG_BUSYBOX_$(BUSYBOX_SYM)_$(1)),$(2))
|
|||||||
|
|
||||||
# All files provided by busybox will serve as fallback alternatives by opkg.
|
# All files provided by busybox will serve as fallback alternatives by opkg.
|
||||||
# There should be no need to enumerate ALTERNATIVES entries here
|
# There should be no need to enumerate ALTERNATIVES entries here
|
||||||
define Package/busybox
|
define Package/busybox/Default
|
||||||
SECTION:=base
|
SECTION:=base
|
||||||
CATEGORY:=Base system
|
CATEGORY:=Base system
|
||||||
MAINTAINER:=Felix Fietkau <nbd@nbd.name>
|
MAINTAINER:=Felix Fietkau <nbd@nbd.name>
|
||||||
TITLE:=Core utilities for embedded Linux
|
TITLE:=Core utilities for embedded Linux
|
||||||
URL:=http://busybox.net/
|
URL:=http://busybox.net/
|
||||||
DEPENDS:=+BUSYBOX_CONFIG_PAM:libpam +BUSYBOX_CONFIG_NTPD:jsonfilter
|
DEPENDS:=+BUSYBOX_CONFIG_PAM:libpam +BUSYBOX_CONFIG_NTPD:jsonfilter
|
||||||
MENU:=1
|
endef
|
||||||
|
|
||||||
|
define Package/busybox
|
||||||
|
$(call Package/busybox/Default)
|
||||||
|
CONFLICTS:=busybox-selinux
|
||||||
|
VARIANT:=default
|
||||||
|
endef
|
||||||
|
|
||||||
|
define Package/busybox-selinux
|
||||||
|
$(call Package/busybox/Default)
|
||||||
|
TITLE += with SELinux support
|
||||||
|
DEPENDS += +libselinux
|
||||||
|
VARIANT:=selinux
|
||||||
|
PROVIDES:=busybox
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define Package/busybox/description
|
define Package/busybox/description
|
||||||
@ -62,6 +75,8 @@ ifdef CONFIG_BUSYBOX_CONFIG_FEATURE_SYSLOG
|
|||||||
define Package/busybox/conffiles
|
define Package/busybox/conffiles
|
||||||
/etc/syslog.conf
|
/etc/syslog.conf
|
||||||
endef
|
endef
|
||||||
|
|
||||||
|
Package/busybox-selinux/conffiiles = $(Package/busybox/conffiles)
|
||||||
endif
|
endif
|
||||||
|
|
||||||
# don't create a version string containing the actual timestamp
|
# don't create a version string containing the actual timestamp
|
||||||
@ -77,6 +92,10 @@ ifeq ($(CONFIG_USE_GLIBC),y)
|
|||||||
LDLIBS += $(call BUSYBOX_IF_ENABLED,NSLOOKUP_OPENWRT,resolv)
|
LDLIBS += $(call BUSYBOX_IF_ENABLED,NSLOOKUP_OPENWRT,resolv)
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
ifeq ($(BUILD_VARIANT),selinux)
|
||||||
|
LDLIBS += selinux sepol
|
||||||
|
endif
|
||||||
|
|
||||||
TARGET_CFLAGS += -flto
|
TARGET_CFLAGS += -flto
|
||||||
TARGET_LDFLAGS += -flto=jobserver -fuse-linker-plugin
|
TARGET_LDFLAGS += -flto=jobserver -fuse-linker-plugin
|
||||||
|
|
||||||
@ -96,6 +115,9 @@ define Build/Configure
|
|||||||
touch $(PKG_BUILD_DIR)/.config
|
touch $(PKG_BUILD_DIR)/.config
|
||||||
ifeq ($(DEVICE_TYPE),nas)
|
ifeq ($(DEVICE_TYPE),nas)
|
||||||
echo "CONFIG_HDPARM=y" >> $(PKG_BUILD_DIR)/.config
|
echo "CONFIG_HDPARM=y" >> $(PKG_BUILD_DIR)/.config
|
||||||
|
endif
|
||||||
|
ifeq ($(BUILD_VARIANT),selinux)
|
||||||
|
cat $(TOPDIR)/$(SOURCE)/selinux.config >> $(PKG_BUILD_DIR)/.config
|
||||||
endif
|
endif
|
||||||
grep 'CONFIG_BUSYBOX_$(BUSYBOX_SYM)' $(TOPDIR)/.config | sed -e "s,\\(# \)\\?CONFIG_BUSYBOX_$(BUSYBOX_SYM)_\\(.*\\),\\1CONFIG_\\2,g" >> $(PKG_BUILD_DIR)/.config
|
grep 'CONFIG_BUSYBOX_$(BUSYBOX_SYM)' $(TOPDIR)/.config | sed -e "s,\\(# \)\\?CONFIG_BUSYBOX_$(BUSYBOX_SYM)_\\(.*\\),\\1CONFIG_\\2,g" >> $(PKG_BUILD_DIR)/.config
|
||||||
yes 'n' | $(MAKE) -C $(PKG_BUILD_DIR) $(MAKE_FLAGS) oldconfig
|
yes 'n' | $(MAKE) -C $(PKG_BUILD_DIR) $(MAKE_FLAGS) oldconfig
|
||||||
@ -125,4 +147,7 @@ endif
|
|||||||
-rm -rf $(1)/lib64
|
-rm -rf $(1)/lib64
|
||||||
endef
|
endef
|
||||||
|
|
||||||
|
Package/busybox-selinux/install = $(Package/busybox/install)
|
||||||
|
|
||||||
$(eval $(call BuildPackage,busybox))
|
$(eval $(call BuildPackage,busybox))
|
||||||
|
$(eval $(call BuildPackage,busybox-selinux))
|
||||||
|
15
package/utils/busybox/selinux.config
Normal file
15
package/utils/busybox/selinux.config
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
CONFIG_SELINUX=y
|
||||||
|
CONFIG_FEATURE_TAR_SELINUX=y
|
||||||
|
CONFIG_CHCON=y
|
||||||
|
CONFIG_GETENFORCE=y
|
||||||
|
CONFIG_GETSEBOOL=y
|
||||||
|
CONFIG_LOAD_POLICY=y
|
||||||
|
CONFIG_MATCHPATHCON=y
|
||||||
|
CONFIG_RUNCON=y
|
||||||
|
CONFIG_SELINUXENABLED=y
|
||||||
|
CONFIG_SESTATUS=y
|
||||||
|
CONFIG_SETFILES=y
|
||||||
|
CONFIG_FEATURE_SETFILES_CHECK_OPTION=y
|
||||||
|
CONFIG_RESTORECON=y
|
||||||
|
CONFIG_SETSEBOOL=y
|
||||||
|
CONFIG_SETENFORCE=y
|
Loading…
Reference in New Issue
Block a user