busybox: add selinux variant

This commit adds a `selinux` variant which comes with with a number of
SELinux applets and also SELinux label support.

Signed-off-by: Paul Spooren <mail@aparcar.org>
This commit is contained in:
Paul Spooren 2020-08-19 11:40:27 -10:00 committed by Daniel Golle
parent b2f19d3ef7
commit 2e06f8ae24
3 changed files with 45 additions and 5 deletions

View File

@ -1,4 +1,4 @@
if PACKAGE_busybox if PACKAGE_busybox || PACKAGE_busybox-selinux
config BUSYBOX_CUSTOM config BUSYBOX_CUSTOM
bool "Customize busybox options" bool "Customize busybox options"

View File

@ -1,5 +1,5 @@
# #
# Copyright (C) 2006-2016 OpenWrt.org # Copyright (C) 2006-2020 OpenWrt.org
# #
# This is free software, licensed under the GNU General Public License v2. # This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information. # See /LICENSE for more information.
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=busybox PKG_NAME:=busybox
PKG_VERSION:=1.31.1 PKG_VERSION:=1.31.1
PKG_RELEASE:=2 PKG_RELEASE:=3
PKG_FLAGS:=essential PKG_FLAGS:=essential
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
@ -39,14 +39,27 @@ BUSYBOX_IF_ENABLED=$(if $(CONFIG_BUSYBOX_$(BUSYBOX_SYM)_$(1)),$(2))
# All files provided by busybox will serve as fallback alternatives by opkg. # All files provided by busybox will serve as fallback alternatives by opkg.
# There should be no need to enumerate ALTERNATIVES entries here # There should be no need to enumerate ALTERNATIVES entries here
define Package/busybox define Package/busybox/Default
SECTION:=base SECTION:=base
CATEGORY:=Base system CATEGORY:=Base system
MAINTAINER:=Felix Fietkau <nbd@nbd.name> MAINTAINER:=Felix Fietkau <nbd@nbd.name>
TITLE:=Core utilities for embedded Linux TITLE:=Core utilities for embedded Linux
URL:=http://busybox.net/ URL:=http://busybox.net/
DEPENDS:=+BUSYBOX_CONFIG_PAM:libpam +BUSYBOX_CONFIG_NTPD:jsonfilter DEPENDS:=+BUSYBOX_CONFIG_PAM:libpam +BUSYBOX_CONFIG_NTPD:jsonfilter
MENU:=1 endef
define Package/busybox
$(call Package/busybox/Default)
CONFLICTS:=busybox-selinux
VARIANT:=default
endef
define Package/busybox-selinux
$(call Package/busybox/Default)
TITLE += with SELinux support
DEPENDS += +libselinux
VARIANT:=selinux
PROVIDES:=busybox
endef endef
define Package/busybox/description define Package/busybox/description
@ -62,6 +75,8 @@ ifdef CONFIG_BUSYBOX_CONFIG_FEATURE_SYSLOG
define Package/busybox/conffiles define Package/busybox/conffiles
/etc/syslog.conf /etc/syslog.conf
endef endef
Package/busybox-selinux/conffiiles = $(Package/busybox/conffiles)
endif endif
# don't create a version string containing the actual timestamp # don't create a version string containing the actual timestamp
@ -77,6 +92,10 @@ ifeq ($(CONFIG_USE_GLIBC),y)
LDLIBS += $(call BUSYBOX_IF_ENABLED,NSLOOKUP_OPENWRT,resolv) LDLIBS += $(call BUSYBOX_IF_ENABLED,NSLOOKUP_OPENWRT,resolv)
endif endif
ifeq ($(BUILD_VARIANT),selinux)
LDLIBS += selinux sepol
endif
TARGET_CFLAGS += -flto TARGET_CFLAGS += -flto
TARGET_LDFLAGS += -flto=jobserver -fuse-linker-plugin TARGET_LDFLAGS += -flto=jobserver -fuse-linker-plugin
@ -96,6 +115,9 @@ define Build/Configure
touch $(PKG_BUILD_DIR)/.config touch $(PKG_BUILD_DIR)/.config
ifeq ($(DEVICE_TYPE),nas) ifeq ($(DEVICE_TYPE),nas)
echo "CONFIG_HDPARM=y" >> $(PKG_BUILD_DIR)/.config echo "CONFIG_HDPARM=y" >> $(PKG_BUILD_DIR)/.config
endif
ifeq ($(BUILD_VARIANT),selinux)
cat $(TOPDIR)/$(SOURCE)/selinux.config >> $(PKG_BUILD_DIR)/.config
endif endif
grep 'CONFIG_BUSYBOX_$(BUSYBOX_SYM)' $(TOPDIR)/.config | sed -e "s,\\(# \)\\?CONFIG_BUSYBOX_$(BUSYBOX_SYM)_\\(.*\\),\\1CONFIG_\\2,g" >> $(PKG_BUILD_DIR)/.config grep 'CONFIG_BUSYBOX_$(BUSYBOX_SYM)' $(TOPDIR)/.config | sed -e "s,\\(# \)\\?CONFIG_BUSYBOX_$(BUSYBOX_SYM)_\\(.*\\),\\1CONFIG_\\2,g" >> $(PKG_BUILD_DIR)/.config
yes 'n' | $(MAKE) -C $(PKG_BUILD_DIR) $(MAKE_FLAGS) oldconfig yes 'n' | $(MAKE) -C $(PKG_BUILD_DIR) $(MAKE_FLAGS) oldconfig
@ -125,4 +147,7 @@ endif
-rm -rf $(1)/lib64 -rm -rf $(1)/lib64
endef endef
Package/busybox-selinux/install = $(Package/busybox/install)
$(eval $(call BuildPackage,busybox)) $(eval $(call BuildPackage,busybox))
$(eval $(call BuildPackage,busybox-selinux))

View File

@ -0,0 +1,15 @@
CONFIG_SELINUX=y
CONFIG_FEATURE_TAR_SELINUX=y
CONFIG_CHCON=y
CONFIG_GETENFORCE=y
CONFIG_GETSEBOOL=y
CONFIG_LOAD_POLICY=y
CONFIG_MATCHPATHCON=y
CONFIG_RUNCON=y
CONFIG_SELINUXENABLED=y
CONFIG_SESTATUS=y
CONFIG_SETFILES=y
CONFIG_FEATURE_SETFILES_CHECK_OPTION=y
CONFIG_RESTORECON=y
CONFIG_SETSEBOOL=y
CONFIG_SETENFORCE=y