CaROS/meta-selinux
3
0
Fork 0
mirror of git://git.yoctoproject.org/meta-selinux synced 2026-01-01 13:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
884 Commits 28 Branches 0 Tags 2.4 MiB
0c417aa70d
Commit Graph

884 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Yi Zhao
0c417aa70d lxc: drop bbappend 
The PACKAGECONFIG[selinux] is enabled in lxc recipe.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-08-29 21:34:22 -04:00
Yi Zhao
0a83fab4d8 augeas: drop bbappend 
The PACKAGECONFIG[selinux] is enabled in augeas recipe.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-08-29 21:34:22 -04:00
Yi Zhao
fe801fd2db logrotate: drop bbappend 
The content of the bbappend is already contained in logrotate recipe.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-08-29 21:34:22 -04:00
Yi Zhao
57b730709e libpcre: drop bbappend 
This bbappend was added long time ago and it is useless now.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-08-29 21:34:22 -04:00
Yi Zhao
cad53c28de libcgroup: drop bbappend 
The content of the bbappend is already contained in libcgroup recipe.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-08-29 21:34:22 -04:00
Yi Zhao
654201e25d meta-selinux: convert to new override syntax 
This is the result of automated script conversion:
poky/scripts/contrib/convert-overrides.py meta-selinux

Converting the metadata to use ":" as the override character instead of "_".

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-08-04 16:18:39 -04:00
Yi Zhao
d5b93baf57 layer.conf: set default refpolicy provider 
Currently there is no default refpolicy provider and the user must
specify it in local.conf. Set the default refpolicy provider to
refpolicy-targeted in case the user doesn't set it.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-08-04 16:18:39 -04:00
Yi Zhao
967ac658f4 refpolicy: update file context for chfn/chsh 
The util-linux has provided chfn and chsh since oe-core commit
804c6b5bd3d398d5ea2a45d6bcc23c76e328ea3f. Update the file context for
them.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-08-04 16:18:39 -04:00
Kai Kang
b7cf3fd557 layer.conf: set LAYERSERIES_COMPAT with honister 
Set LAYERSERIES_COMPAT with honister in layer.conf which aligns with
oe-core.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-06-04 18:58:17 -04:00
Armin Kuster
29e586d1b4 audit: pkg now in meta-oe 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-05-14 09:26:05 -04:00
Armin Kuster
48038b45dc MAINTAINERS: update email address 
Include example send-email

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-05-14 09:25:51 -04:00
Philip Tricca
2b8224580f MAINTAINERS: Remove myself. 
I have been inactive for an extended period.

Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-05-12 08:34:56 -04:00
Anibal Limon
5753d15225 conf/layer.conf: Add hardknott support 
Signed-off-by: Aníbal Limón <anibal.limon@linaro.org>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-27 00:40:37 -04:00
Yi Zhao
ac47a5e325 setools: upgrade 4.3.0 -> 4.4.0 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
018714a521 semodule-utils: update to 3.2 
Merge inc file into bb file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
f1cbb574f1 selinux-sandbox: update to 3.2 
Merge inc file into bb file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
ab2fb5fea2 selinux-gui: update to 3.2 
Merge inc file into bb file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
4944de23ac selinux-dbus: update to 3.2 
Merge inc file into bb file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
d34981ff9c selinux-python: update to 3.2 
Merge inc file into bb file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
42fc24c32b restorecond: update to 3.2 
* Merge inc file into bb file.
* Drop obsolete patches:
  policycoreutils-make-O_CLOEXEC-optional.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
45e06de91f mcstrans: update to 3.2 
Merge inc file into bb file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
74bbbc3277 policycoreutils: update to 3.2 
Merge inc file into bb file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
39aa489098 secilc: update to 3.2 
Merge inc file into bb file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
756f4f97a1 checkpolicy: update to 3.2 
Merge inc file into bb file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
bb2473e6d7 libsemanage: update to 3.2 
* Merge inc file into bb file.
* Drop obsolete patches:
  libsemanage-define-FD_CLOEXEC-as-necessary.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
e2895ba199 libselinux-python: update to 3.2 
Merge inc file into bb file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
b78b413a24 libselinux: update to 3.2 
* Merge inc file into bb file.
* Drop obsolete patches:
  0001-libselinux-do-not-define-gettid-for-musl.patch
  libselinux-define-FD_CLOEXEC-as-necessary.patch
  libselinux-make-O_CLOEXEC-optional.patch
  libselinux-make-SOCK_CLOEXEC-optional.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
d10900fc87 libsepol: update to 3.2 
Merge inc file into bb file.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Yi Zhao
2835042b0f selinux: update inc file to 3.2 
* Drop selinux_DATE.inc since upstream now uses X.Y version instead of
  date for release tag[1]. Move its content to selinux_common.inc.
* Switch to git repo in SRC_URI, then all selinux recipes can use
  unified source.

[1] f63ac245f7

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-17 09:39:50 -04:00
Anatol Belski
ab7ce3d5f6 libselinux-python: Fix build error due to missing target config 
This fixes the error below:

gcc: error: unrecognized command line option
‘-fmacro-prefix-map=/path/to/build/libselinux-python/3.0-r0=/usr/src/debug/libselinux-python/3.0-r0’

Without inheriting the config, supposedly a wrong compiler is used.

Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-09 08:37:19 -05:00
Yi Zhao
e51f84912d refpolicy: upgrade 20200229+git -> 20210203+git 
* Update to latest git rev.
* Drop obsolete and unused patches.
* Rebase patches.
* Add patches to make systemd --user work.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-03 13:55:58 -05:00
Yi Zhao
f156bc995b initscripts: restore security contexts after running populate-volatile.sh 
Some directories are created by populate-volatile.sh. We need to restore
their security contexts.

Before the patch:
$ ls -dZ /tmp /var/tmp /var/lock /var/run
system_u:object_r:root_t /tmp
system_u:object_r:var_t /var/lock
system_u:object_r:var_t /var/run
system_u:object_r:var_t /var/tmp

After the patch:
$ ls -dZ /tmp /var/tmp /var/lock /var/run
system_u:object_r:tmp_t /tmp
system_u:object_r:var_lock_t /var/lock
system_u:object_r:var_run_t /var/run
system_u:object_r:tmp_t /var/tmp

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-03 13:55:58 -05:00
Yi Zhao
fe5a41ec9b packagegroup-core-selinux: add auditd 
Install auditd which will help the users debug and eliminate the audit
logs on screen.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-03 13:55:58 -05:00
Yi Zhao
bf62d604fb audit: upgrade 3.0 -> 3.0.1 
Drop backported patch:
0001-lib-arm_table.h-update-arm-syscall-table.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-03 13:55:58 -05:00
Yi Zhao
77009a63db audit: move audisp-* to audispd-plugins package 
The audisp-* files should be in audispd-plugins package rather than
auditd package.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-03 13:55:58 -05:00
Yi Zhao
63ad5e2f75 parted: remove bbappend 
Remove bbappend since parted 3.4 has removed the enable_selinux
configure option[1].

Fixes:
QA Issue: parted: configure was passed unrecognised options: --enable-selinux [unknown-configure-option]

[1] https://git.savannah.gnu.org/cgit/parted.git/commit/?id=059200d50beb259c54469ae65f2d034af48ff849

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-03 13:55:58 -05:00
Yi Zhao
e013d413c8 selinux-python: depend on libselinux 
Fix build error when selinux feature is not enabled:

sepolgen-ifgen-attr-helper.c:29:10: fatal error: selinux/selinux.h: No such file or directory
   29 | #include <selinux/selinux.h>
      |          ^~~~~~~~~~~~~~~~~~~

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-03 13:55:58 -05:00
Oleksiy Obitotskyy
d81fcc5878 policycoreutils: Improve reproducibility 
LOCALEDIR should be set to target path,
e.g. /usr/share/locale not host absolute path.
This prevent to build reproducible package.

LOCALEDIR constructed from:
$(DESTDIR)$(PREFIX)/share/locale

Change PREFIX from ${D} to ${prefix}.
DESTDIR is not set during compilation and
is set to proper value during install.

Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-03-03 13:55:43 -05:00
Yi Zhao
435879ef35 e2fsprogs: remove bbappend 
Remove bbappend since the misc_create_inode.c-label_rootfs.patch has
been merged upstream[1].

[1] https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=7616fd6a599e44c5700c2c3a2e08979c6c5c747e

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-02-18 18:33:00 -05:00
Yi Zhao
dc700d01f9 audit:: update arm syscall table 
Refer to Glibc 2.32, add *_time64 syscalls.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-20 15:37:09 -05:00
Yi Zhao
73de14d865 semodule-utils: upgrade to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
d654947288 selinux-gui: upgrade to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
8f558daba9 selinux-sandbox: upgrade to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
9c9e10d6e6 selinux-dbus: upgrade to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
ff6fed2b70 selinux-python: upgrade to 3.1 (20200710) 
Refresh patch:
  fix-sepolicy-install-path.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
31a0e25809 restorecond: upgrade to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
c197571d7c mcstrans: upgrade to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
7d090533b1 policycoreutils: upgrade to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
078dbf49e8 secilc: upgrade to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
f1b5afe753 checkpolicy: upgrade to 3.0 (20191204) 
Drop backported patch:
  0001-checkpolicy-remove-unused-te_assertions.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00