Skip to content

refpolicy-targeted: enable PipeWire system-service mode for Qualcomm#383

Open
rchiluka29 wants to merge 1 commit into
qualcomm-linux:mainfrom
rchiluka29:pipewire/system-service
Open

refpolicy-targeted: enable PipeWire system-service mode for Qualcomm#383
rchiluka29 wants to merge 1 commit into
qualcomm-linux:mainfrom
rchiluka29:pipewire/system-service

Conversation

@rchiluka29

Copy link
Copy Markdown

The upstream PipeWire SELinux policy has been merged into refpolicy (SELinuxProject/refpolicy#1109).
Set POLICY_CUSTOM_BUILDOPT to pipewire_system_service so that PipeWire runs as a system-wide daemon on Qualcomm embedded targets.

@@ -0,0 +1 @@
POLICY_CUSTOM_BUILDOPT:qcom = "pipewire_system_service"

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change :qcom to :qcom-distro.

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done. Changed :qcom to :qcom-distro

@rchiluka29 rchiluka29 force-pushed the pipewire/system-service branch from acb6fea to 1d17bbf Compare July 2, 2026 15:25
@@ -0,0 +1 @@
POLICY_CUSTOM_BUILDOPT:qcom-distro = "pipewire_system_service"

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, should it be :append:qcom-distro? If so, don't forget the leading whitespace

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, this can be done for future proofing.
Changed accordingly.

@rchiluka29 rchiluka29 force-pushed the pipewire/system-service branch from 1d17bbf to 66514f2 Compare July 3, 2026 08:53
@ricardosalveti

Copy link
Copy Markdown
Contributor
2026-07-03 16:02:28 - ERROR    - ERROR: refpolicy-targeted-2.20260616+git-r0 do_compile: oe_runmake failed
2026-07-03 16:02:28 - ERROR    - ERROR: refpolicy-targeted-2.20260616+git-r0 do_compile: Execution of '/work/build/tmp/work/glymur_crd-qcom-linux/refpolicy-targeted/2.20260616+git/temp/run.do_compile.80922' failed with exit code 1
2026-07-03 16:02:28 - ERROR    - ERROR: Logfile of failure stored in: /work/build/tmp/work/glymur_crd-qcom-linux/refpolicy-targeted/2.20260616+git/temp/log.do_compile.80922
2026-07-03 16:02:28 - INFO     - Log data follows:
2026-07-03 16:02:28 - INFO     - | DEBUG: Executing shell function do_compile
2026-07-03 16:02:28 - INFO     - | NOTE: make -j 16 NAME=targeted TYPE=mcs DISTRO=debian UBAC=n UNK_PERMS=allow DIRECT_INITRC=y SYSTEMD=y MONOLITHIC=n CUSTOM_BUILDOPT= pipewire_system_service QUIET=y MLS_SENS=0 MLS_CATS=1024 MCS_CATS=1024 tc_usrsbindir=/work/build/tmp/work/glymur_crd-qcom-linux/refpolicy-targeted/2.20260616+git/recipe-sysroot-native/usr/sbin tc_sbindir=/work/build/tmp/work/glymur_crd-qcom-linux/refpolicy-targeted/2.20260616+git/recipe-sysroot-native/sbin tc_usrbindir=/work/build/tmp/work/glymur_crd-qcom-linux/refpolicy-targeted/2.20260616+git/recipe-sysroot-native/usr/bin OUTPUT_POLICY=35 CC=gcc  CFLAGS=-isystem/work/build/tmp/work/glymur_crd-qcom-linux/refpolicy-targeted/2.20260616+git/recipe-sysroot-native/usr/include -O2 -pipe PYTHON=/work/build/tmp/work/glymur_crd-qcom-linux/refpolicy-targeted/2.20260616+git/recipe-sysroot-native/usr/bin/python3-native/python3 conf
2026-07-03 16:02:28 - INFO     - | make: *** No rule to make target 'pipewire_system_service'.  Stop.

The upstream PipeWire SELinux policy has been merged into refpolicy
(SELinuxProject/refpolicy#1109).
Set POLICY_CUSTOM_BUILDOPT to pipewire_system_service so that PipeWire
runs as a system-wide daemon on Qualcomm embedded targets.

Signed-off-by: Chiluka Rohith <rchiluka@qti.qualcomm.com>
@rchiluka29

Copy link
Copy Markdown
Author

Reverted to direct assignment. The :append approach causes a leading space in POLICY_CUSTOM_BUILDOPT which breaks the make command CUSTOM_BUILDOPT= pipewire_system_service gets split into an empty variable and a make target, causing No rule to make target 'pipewire_system_service'.

Direct assignment avoids this since POLICY_CUSTOM_BUILDOPT ?= "" is a weak default that gets cleanly replaced. Validated locally for CUSTOM_BUILDOPT=pipewire_system_service (no leading space) is passed correctly to make.

@lumag

Copy link
Copy Markdown
Contributor

Please sort it out in meta-selinux. We can't be using assignments in bbappends since other appends might also need to extend the variable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants