[Buildroot] [PATCH v7 09/22] linux-pam: selinux support

Clayton Shotwell clayton.shotwell at rockwellcollins.com
Fri Jul 10 19:13:38 UTC 2015 

Samuel,

Thanks,
Clayton

Clayton Shotwell
Senior Software Engineer, Rockwell Collins
clayton.shotwell at rockwellcollins.com


On Sat, Jun 20, 2015 at 12:08 PM, Samuel Martin <s.martin49 at gmail.com> wrote:
> Hi Clayton,
>
> On Tue, Jun 2, 2015 at 3:28 PM, Clayton Shotwell
> <clayton.shotwell at rockwellcollins.com> wrote:
> [...]
>> +# Use the host-pam pam_conv1 app to create the pam.d files
>> +define LINUX_PAM_CONFIG_FILE_TARGET_INSTALL
>> +       ( \
>> +               if [ -d $(TARGET_DIR)/etc/pam.d/ ]; then \
>> +                       mv $(TARGET_DIR)/etc/pam.d/ $(TARGET_DIR)/etc/pam.d.orig/; \
>> +               fi; \
>> +               cd $(TARGET_DIR)/etc/ && \
>> +               cat $(@D)/conf/pam.conf | $(HOST_DIR)/usr/bin/pam_conv1; \
>> +               if [ -d pam.d.orig ]; then \
>> +                       cp -a pam.d/* pam.d.orig/; \
>> +                       rm -rf pam.d/; \
>> +                       mv pam.d.orig/ pam.d/; \
>> +               fi; \
>> +       )
>> +       $(INSTALL) -D -m 0644 package/linux-pam/system-auth.pamd $(TARGET_DIR)/etc/pam.d/system-auth
>> +endef
> Funny, I think the sub-shell is not needed here.
> Also, in the former if-block, paths are absolute (via
> $(TARGET_DIR)/...), whereas in the latter, they are relative to where
> the cd command goes...
> It could be rewrite like this:
>
> define LINUX_PAM_CONFIG_FILE_TARGET_INSTALL
>     if [ -d $(TARGET_DIR)/etc/pam.d/ ]; then \
>         mv $(TARGET_DIR)/etc/pam.d/ $(TARGET_DIR)/etc/pam.d.orig/; \
>     fi
>     cd $(TARGET_DIR)/etc/ && \
>         cat $(@D)/conf/pam.conf | $(HOST_DIR)/usr/bin/pam_conv1
>     if [ -d $(TARGET_DIR)/etc/pam.d.orig ]; then \
>         cp -a $(TARGET_DIR)/etc/pam.d/* $(TARGET_DIR)/etc/pam.d.orig/; \
>         rm -rf $(TARGET_DIR)/etc/pam.d/; \
>         mv $(TARGET_DIR)/etc/pam.d.orig/ $(TARGET_DIR)/etc/pam.d/; \
>     fi
>     $(INSTALL) -D -m 0644 package/linux-pam/system-auth.pamd
> $(TARGET_DIR)/etc/pam.d/system-auth
> endef
>
>> +
>> +LINUX_PAM_POST_INSTALL_TARGET_HOOKS += LINUX_PAM_CONFIG_FILE_TARGET_INSTALL
>>  LINUX_PAM_POST_INSTALL_TARGET_HOOKS += LINUX_PAM_INSTALL_CONFIG
>>
>> +HOST_LINUX_PAM_DEPENDENCIES = host-flex host-pkgconf
>> +
>> +HOST_LINUX_PAM_CONF_OPTS = --disable-rpath \
>> +               --enable-read-both-confs \
>> +               --disable-regenerate-docu \
>> +               --disable-isadir \
>> +               --disable-nis \
>> +               --enable-securedir=/lib/security \
>> +               --disable-prelude \
>> +               --disable-cracklib \
>> +               --disable-lckpwdf \
>> +               --enable-db=no \
> Why using --enable-db=no and not --disable-db, the target *_CONF_OPTS
> uses --disable-db
>
>> +               --disable-selinux \
>> +               --disable-audit \
>> +
> [...]
>
> [1] http://git.buildroot.net/buildroot/tree/package/linux-pam/linux-pam.mk#n15
>
> Regards,
>
> --
> Samuel

More information about the buildroot mailing list