From 2e06f8ae24ec47cd1db9703ce6474bbd9304ef99 Mon Sep 17 00:00:00 2001 From: Paul Spooren Date: Wed, 19 Aug 2020 11:40:27 -1000 Subject: [PATCH] busybox: add selinux variant This commit adds a `selinux` variant which comes with with a number of SELinux applets and also SELinux label support. Signed-off-by: Paul Spooren --- package/utils/busybox/Config.in | 2 +- package/utils/busybox/Makefile | 33 ++++++++++++++++++++++++---- package/utils/busybox/selinux.config | 15 +++++++++++++ 3 files changed, 45 insertions(+), 5 deletions(-) create mode 100644 package/utils/busybox/selinux.config diff --git a/package/utils/busybox/Config.in b/package/utils/busybox/Config.in index 4d87e18278..dcd027e7ee 100644 --- a/package/utils/busybox/Config.in +++ b/package/utils/busybox/Config.in @@ -1,4 +1,4 @@ -if PACKAGE_busybox +if PACKAGE_busybox || PACKAGE_busybox-selinux config BUSYBOX_CUSTOM bool "Customize busybox options" diff --git a/package/utils/busybox/Makefile b/package/utils/busybox/Makefile index baf375eb13..4d098ac4a8 100644 --- a/package/utils/busybox/Makefile +++ b/package/utils/busybox/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2016 OpenWrt.org +# Copyright (C) 2006-2020 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=busybox PKG_VERSION:=1.31.1 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_FLAGS:=essential PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 @@ -39,14 +39,27 @@ BUSYBOX_IF_ENABLED=$(if $(CONFIG_BUSYBOX_$(BUSYBOX_SYM)_$(1)),$(2)) # All files provided by busybox will serve as fallback alternatives by opkg. # There should be no need to enumerate ALTERNATIVES entries here -define Package/busybox +define Package/busybox/Default SECTION:=base CATEGORY:=Base system MAINTAINER:=Felix Fietkau TITLE:=Core utilities for embedded Linux URL:=http://busybox.net/ DEPENDS:=+BUSYBOX_CONFIG_PAM:libpam +BUSYBOX_CONFIG_NTPD:jsonfilter - MENU:=1 +endef + +define Package/busybox + $(call Package/busybox/Default) + CONFLICTS:=busybox-selinux + VARIANT:=default +endef + +define Package/busybox-selinux + $(call Package/busybox/Default) + TITLE += with SELinux support + DEPENDS += +libselinux + VARIANT:=selinux + PROVIDES:=busybox endef define Package/busybox/description @@ -62,6 +75,8 @@ ifdef CONFIG_BUSYBOX_CONFIG_FEATURE_SYSLOG define Package/busybox/conffiles /etc/syslog.conf endef + +Package/busybox-selinux/conffiiles = $(Package/busybox/conffiles) endif # don't create a version string containing the actual timestamp @@ -77,6 +92,10 @@ ifeq ($(CONFIG_USE_GLIBC),y) LDLIBS += $(call BUSYBOX_IF_ENABLED,NSLOOKUP_OPENWRT,resolv) endif +ifeq ($(BUILD_VARIANT),selinux) + LDLIBS += selinux sepol +endif + TARGET_CFLAGS += -flto TARGET_LDFLAGS += -flto=jobserver -fuse-linker-plugin @@ -96,6 +115,9 @@ define Build/Configure touch $(PKG_BUILD_DIR)/.config ifeq ($(DEVICE_TYPE),nas) echo "CONFIG_HDPARM=y" >> $(PKG_BUILD_DIR)/.config +endif +ifeq ($(BUILD_VARIANT),selinux) + cat $(TOPDIR)/$(SOURCE)/selinux.config >> $(PKG_BUILD_DIR)/.config endif grep 'CONFIG_BUSYBOX_$(BUSYBOX_SYM)' $(TOPDIR)/.config | sed -e "s,\\(# \)\\?CONFIG_BUSYBOX_$(BUSYBOX_SYM)_\\(.*\\),\\1CONFIG_\\2,g" >> $(PKG_BUILD_DIR)/.config yes 'n' | $(MAKE) -C $(PKG_BUILD_DIR) $(MAKE_FLAGS) oldconfig @@ -125,4 +147,7 @@ endif -rm -rf $(1)/lib64 endef +Package/busybox-selinux/install = $(Package/busybox/install) + $(eval $(call BuildPackage,busybox)) +$(eval $(call BuildPackage,busybox-selinux)) diff --git a/package/utils/busybox/selinux.config b/package/utils/busybox/selinux.config new file mode 100644 index 0000000000..ef20155814 --- /dev/null +++ b/package/utils/busybox/selinux.config @@ -0,0 +1,15 @@ +CONFIG_SELINUX=y +CONFIG_FEATURE_TAR_SELINUX=y +CONFIG_CHCON=y +CONFIG_GETENFORCE=y +CONFIG_GETSEBOOL=y +CONFIG_LOAD_POLICY=y +CONFIG_MATCHPATHCON=y +CONFIG_RUNCON=y +CONFIG_SELINUXENABLED=y +CONFIG_SESTATUS=y +CONFIG_SETFILES=y +CONFIG_FEATURE_SETFILES_CHECK_OPTION=y +CONFIG_RESTORECON=y +CONFIG_SETSEBOOL=y +CONFIG_SETENFORCE=y