CaROS/meta-selinux
3
0
Fork 0
mirror of git://git.yoctoproject.org/meta-selinux synced 2026-01-01 13:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
876 Commits 28 Branches 0 Tags 2.4 MiB
hardknott
Commit Graph

876 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Armin Kuster
8b94f828a2 secilc: Security fix for CVE-2021-36087 
Source: https://github.com/SELinuxProject/selinux
MR: 111869
Type: Security Fix
Disposition: Backport from bad0a746e9
ChangeID: b282a68f76e509f548fe6ce46349af56d09481c6
Description:

Affects: secilc <= 3.2

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-09-16 20:22:02 -04:00
Armin Kuster
3846a1cc51 libsepol: Security fix CVE-2021-36085 
Source: https://github.com/SELinuxProject/selinux/
MR: 111857
Type: Security Fix
Disposition: Backport from 2d35fcc7e9
ChangeID: e50ae65189351ee618db2b278ba7105a5728e4c4
Description:

Affects: libsepol <= 3.2

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-09-16 20:22:02 -04:00
Armin Kuster
3525f5c3f4 libsepol: Security fix CVE-2021-36084 
Source: https://github.com/SELinuxProject/selinux
MR: 111851
Type: Security Fix
Disposition: Backport from f34d3d30c8
ChangeID: 7fae27568e26ccbb18be3d2a1ce7332d42706f18
Description:

Affects: libsepol < 3.2

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-09-16 20:22:02 -04:00
Joe MacDonald
8ababf1e5b layer.conf: update layercompat for hardknott and create branch 
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-04-25 18:53:25 -04:00
Anibal Limon
5753d15225 conf/layer.conf: Add hardknott support 
Signed-off-by: Aníbal Limón <anibal.limon@linaro.org>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-27 00:40:37 -04:00
Yi Zhao
ac47a5e325 setools: upgrade 4.3.0 -> 4.4.0 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
018714a521 semodule-utils: update to 3.2 
Merge inc file into bb file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
f1cbb574f1 selinux-sandbox: update to 3.2 
Merge inc file into bb file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
ab2fb5fea2 selinux-gui: update to 3.2 
Merge inc file into bb file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
4944de23ac selinux-dbus: update to 3.2 
Merge inc file into bb file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
d34981ff9c selinux-python: update to 3.2 
Merge inc file into bb file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
42fc24c32b restorecond: update to 3.2 
* Merge inc file into bb file.
* Drop obsolete patches:
  policycoreutils-make-O_CLOEXEC-optional.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
45e06de91f mcstrans: update to 3.2 
Merge inc file into bb file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
74bbbc3277 policycoreutils: update to 3.2 
Merge inc file into bb file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
39aa489098 secilc: update to 3.2 
Merge inc file into bb file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
756f4f97a1 checkpolicy: update to 3.2 
Merge inc file into bb file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
bb2473e6d7 libsemanage: update to 3.2 
* Merge inc file into bb file.
* Drop obsolete patches:
  libsemanage-define-FD_CLOEXEC-as-necessary.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
e2895ba199 libselinux-python: update to 3.2 
Merge inc file into bb file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
b78b413a24 libselinux: update to 3.2 
* Merge inc file into bb file.
* Drop obsolete patches:
  0001-libselinux-do-not-define-gettid-for-musl.patch
  libselinux-define-FD_CLOEXEC-as-necessary.patch
  libselinux-make-O_CLOEXEC-optional.patch
  libselinux-make-SOCK_CLOEXEC-optional.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
d10900fc87 libsepol: update to 3.2 
Merge inc file into bb file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
2835042b0f selinux: update inc file to 3.2 
* Drop selinux_DATE.inc since upstream now uses X.Y version instead of
  date for release tag[1]. Move its content to selinux_common.inc.
* Switch to git repo in SRC_URI, then all selinux recipes can use
  unified source.

[1] f63ac245f7

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Anatol Belski
ab7ce3d5f6 libselinux-python: Fix build error due to missing target config 
This fixes the error below:

gcc: error: unrecognized command line option
‘-fmacro-prefix-map=/path/to/build/libselinux-python/3.0-r0=/usr/src/debug/libselinux-python/3.0-r0’

Without inheriting the config, supposedly a wrong compiler is used.

Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-09 08:37:19 -05:00
Yi Zhao
e51f84912d refpolicy: upgrade 20200229+git -> 20210203+git 
* Update to latest git rev.
* Drop obsolete and unused patches.
* Rebase patches.
* Add patches to make systemd --user work.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-03 13:55:58 -05:00
Yi Zhao
f156bc995b initscripts: restore security contexts after running populate-volatile.sh 
Some directories are created by populate-volatile.sh. We need to restore
their security contexts.

Before the patch:
$ ls -dZ /tmp /var/tmp /var/lock /var/run
system_u:object_r:root_t /tmp
system_u:object_r:var_t /var/lock
system_u:object_r:var_t /var/run
system_u:object_r:var_t /var/tmp

After the patch:
$ ls -dZ /tmp /var/tmp /var/lock /var/run
system_u:object_r:tmp_t /tmp
system_u:object_r:var_lock_t /var/lock
system_u:object_r:var_run_t /var/run
system_u:object_r:tmp_t /var/tmp

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-03 13:55:58 -05:00
Yi Zhao
fe5a41ec9b packagegroup-core-selinux: add auditd 
Install auditd which will help the users debug and eliminate the audit
logs on screen.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-03 13:55:58 -05:00
Yi Zhao
bf62d604fb audit: upgrade 3.0 -> 3.0.1 
Drop backported patch:
0001-lib-arm_table.h-update-arm-syscall-table.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-03 13:55:58 -05:00
Yi Zhao
77009a63db audit: move audisp-* to audispd-plugins package 
The audisp-* files should be in audispd-plugins package rather than
auditd package.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-03 13:55:58 -05:00
Yi Zhao
63ad5e2f75 parted: remove bbappend 
Remove bbappend since parted 3.4 has removed the enable_selinux
configure option[1].

Fixes:
QA Issue: parted: configure was passed unrecognised options: --enable-selinux [unknown-configure-option]

[1] https://git.savannah.gnu.org/cgit/parted.git/commit/?id=059200d50beb259c54469ae65f2d034af48ff849

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-03 13:55:58 -05:00
Yi Zhao
e013d413c8 selinux-python: depend on libselinux 
Fix build error when selinux feature is not enabled:

sepolgen-ifgen-attr-helper.c:29:10: fatal error: selinux/selinux.h: No such file or directory
   29 | #include <selinux/selinux.h>
      |          ^~~~~~~~~~~~~~~~~~~

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-03 13:55:58 -05:00
Oleksiy Obitotskyy
d81fcc5878 policycoreutils: Improve reproducibility 
LOCALEDIR should be set to target path,
e.g. /usr/share/locale not host absolute path.
This prevent to build reproducible package.

LOCALEDIR constructed from:
$(DESTDIR)$(PREFIX)/share/locale

Change PREFIX from ${D} to ${prefix}.
DESTDIR is not set during compilation and
is set to proper value during install.

Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-03 13:55:43 -05:00
Yi Zhao
435879ef35 e2fsprogs: remove bbappend 
Remove bbappend since the misc_create_inode.c-label_rootfs.patch has
been merged upstream[1].

[1] https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=7616fd6a599e44c5700c2c3a2e08979c6c5c747e

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-02-18 18:33:00 -05:00
Yi Zhao
dc700d01f9 audit:: update arm syscall table 
Refer to Glibc 2.32, add *_time64 syscalls.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-20 15:37:09 -05:00
Yi Zhao
73de14d865 semodule-utils: upgrade to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
d654947288 selinux-gui: upgrade to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
8f558daba9 selinux-sandbox: upgrade to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
9c9e10d6e6 selinux-dbus: upgrade to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
ff6fed2b70 selinux-python: upgrade to 3.1 (20200710) 
Refresh patch:
  fix-sepolicy-install-path.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
31a0e25809 restorecond: upgrade to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
c197571d7c mcstrans: upgrade to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
7d090533b1 policycoreutils: upgrade to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
078dbf49e8 secilc: upgrade to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
f1b5afe753 checkpolicy: upgrade to 3.0 (20191204) 
Drop backported patch:
  0001-checkpolicy-remove-unused-te_assertions.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
eb8c4da63f libsemanage: upgrade to 3.1 (20200710) 
* Drop obsolete patch:
  libsemanage-drop-Wno-unused-but-set-variable.patch

* Refresh patch:
  libsemanage-allow-to-disable-audit-support.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
1bd98fe493 libselinux-python: upgrade to 3.1 (20200710) 
Refresh patches:
  0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
  0001-Makefile-fix-python-modules-install-path-for-multili.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
8600333cf0 libselinux: upgrade to 3.1 (20200710) 
Drop backported and obsolete patches:
  0001-Fix-building-against-musl-and-uClibc-libc-libraries.patch
  libselinux-drop-Wno-unused-but-set-variable.patch

Add patch to fix build on musl:
  0001-libselinux-do-not-define-gettid-for-musl.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
ce1240622d libsepol: upgrade to 3.1 (20200710) 
Drop backported patches:
  0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch
  0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
a15e84fbf5 selinux: upgrade inc files to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
79c529e5ad audit: upgrade 2.8.5 -> 3.0 
* Drop backported patches:
  0001-Header-definitions-need-to-be-external-when-building.patch
  0001-lib-i386_table.h-add-new-syscall.patch
  Add-substitue-functions-for-strndupa-rawmemchr.patch

* Refresh patch:
  Fixed-swig-host-contamination-issue.patch

* Update auditd.service.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
f01787d627 audit: enable arm/aarch64 processor support by default 
We encountered a runtime error for auditctl on lib32 image for aarch64:

root@xilinx-zynqmp:~# auditctl -a always,exit -F arch=b32 -S adjtimex -k TEST-time-change
arch elf mapping not found

The root cause is the aarch64 processor support is not enabled for arm
build. Refer to Debian[1] and Fedora[2], actually we can enable
arm/aarch64 processor support unconditionally.

[1] 8c6b2049ba
[2] https://src.fedoraproject.org/rpms/audit/blob/master/f/audit.spec

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:07 -05:00
Yi Zhao
fb15056ff4 libselinux-python: inherit python3targetconfig 
The python3 target configuration has been split into own class in
oe-core commit 5a118d4e7985fa88f04c3611f8db813f0dafce75.
Inherit it to fix the build error.

Fixes:
selinuxswig_python_wrap.o: file not recognized: File format not recognized
collect2: error: ld returned 1 exit status

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2020-12-15 14:09:23 -05:00