CaROS/meta-selinux
3
0
Fork 0
mirror of git://git.yoctoproject.org/meta-selinux synced 2026-01-01 13:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
844 Commits 28 Branches 0 Tags 2.4 MiB
73de14d865
Commit Graph

844 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Yi Zhao
73de14d865 semodule-utils: upgrade to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
d654947288 selinux-gui: upgrade to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
8f558daba9 selinux-sandbox: upgrade to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
9c9e10d6e6 selinux-dbus: upgrade to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
ff6fed2b70 selinux-python: upgrade to 3.1 (20200710) 
Refresh patch:
  fix-sepolicy-install-path.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
31a0e25809 restorecond: upgrade to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
c197571d7c mcstrans: upgrade to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
7d090533b1 policycoreutils: upgrade to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
078dbf49e8 secilc: upgrade to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
f1b5afe753 checkpolicy: upgrade to 3.0 (20191204) 
Drop backported patch:
  0001-checkpolicy-remove-unused-te_assertions.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
eb8c4da63f libsemanage: upgrade to 3.1 (20200710) 
* Drop obsolete patch:
  libsemanage-drop-Wno-unused-but-set-variable.patch

* Refresh patch:
  libsemanage-allow-to-disable-audit-support.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
1bd98fe493 libselinux-python: upgrade to 3.1 (20200710) 
Refresh patches:
  0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
  0001-Makefile-fix-python-modules-install-path-for-multili.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
8600333cf0 libselinux: upgrade to 3.1 (20200710) 
Drop backported and obsolete patches:
  0001-Fix-building-against-musl-and-uClibc-libc-libraries.patch
  libselinux-drop-Wno-unused-but-set-variable.patch

Add patch to fix build on musl:
  0001-libselinux-do-not-define-gettid-for-musl.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
ce1240622d libsepol: upgrade to 3.1 (20200710) 
Drop backported patches:
  0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch
  0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
a15e84fbf5 selinux: upgrade inc files to 3.1 (20200710) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
79c529e5ad audit: upgrade 2.8.5 -> 3.0 
* Drop backported patches:
  0001-Header-definitions-need-to-be-external-when-building.patch
  0001-lib-i386_table.h-add-new-syscall.patch
  Add-substitue-functions-for-strndupa-rawmemchr.patch

* Refresh patch:
  Fixed-swig-host-contamination-issue.patch

* Update auditd.service.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:08 -05:00
Yi Zhao
f01787d627 audit: enable arm/aarch64 processor support by default 
We encountered a runtime error for auditctl on lib32 image for aarch64:

root@xilinx-zynqmp:~# auditctl -a always,exit -F arch=b32 -S adjtimex -k TEST-time-change
arch elf mapping not found

The root cause is the aarch64 processor support is not enabled for arm
build. Refer to Debian[1] and Fedora[2], actually we can enable
arm/aarch64 processor support unconditionally.

[1] 8c6b2049ba
[2] https://src.fedoraproject.org/rpms/audit/blob/master/f/audit.spec

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2021-01-14 07:12:07 -05:00
Yi Zhao
fb15056ff4 libselinux-python: inherit python3targetconfig 
The python3 target configuration has been split into own class in
oe-core commit 5a118d4e7985fa88f04c3611f8db813f0dafce75.
Inherit it to fix the build error.

Fixes:
selinuxswig_python_wrap.o: file not recognized: File format not recognized
collect2: error: ld returned 1 exit status

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2020-12-15 14:09:23 -05:00
Yi Zhao
5a58e87aa9 setools: fix build with Python 3.9 
The Py_UNICODE_COPY, Py_UNICODE_FILL, PyUnicode_WSTR_LENGTH,
PyUnicode_FromUnicode(), PyUnicode_AsUnicode(), _PyUnicode_AsUnicode,
and PyUnicode_AsUnicodeAndSize() are marked as deprecated in Python 3.9.
(See: https://docs.python.org/3/whatsnew/3.9.html). But the current
python3-cython (0.29.21) hasn't adapt it yet.
Append '-Wno-deprecated-declarations' in CFLAGS as a workaround to fix
the build issue.

Fixes:
In file included from
/build/tmp-glibc/work/corei7-64-wrs-linux/setools/4.3.0-r0/recipe-sysroot/usr/include/python3.9/unicodeobject.h:1026,
    from /build/tmp-glibc/work/corei7-64-wrs-linux/setools/4.3.0-r0/recipe-sysroot/usr/include/python3.9/Python.h:97,
    from setools/policyrep.c:49:
/build/tmp-glibc/work/corei7-64-wrs-linux/setools/4.3.0-r0/recipe-sysroot/usr/include/python3.9/cpython/unicodeobject.h:446:26:
note: declared here
  446 | static inline Py_ssize_t _PyUnicode_get_wstr_length(PyObject *op) {
      |                          ^~~~~~~~~~~~~~~~~~~~~~~~~~
setools/policyrep.c:97302:3: error: 'PyUnicode_AsUnicode' is deprecated [-Werror=deprecated-declarations]

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2020-11-12 14:01:07 -05:00
Anibal Limon
be95d6f88c conf/layer.conf: Bump to gatesgarth 
Signed-off-by: Aníbal Limón <anibal.limon@linaro.org>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2020-10-24 19:39:07 -04:00
Yi Zhao
6e1100d29a refpolicy: update file context for ifconfig 
The ifconfig was moved from sbin to bin with oe-core commit:
c9caff40ff61c08e24a84922f8d7c8e9cdf8883e. Update the file context for
it.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2020-09-23 14:34:46 -04:00
Yi Zhao
4e7a501cb6 selinux-*.service: install to sysinit.target 
The selinux-init/autorelabel/labeldev services have a constraint of
Before=sysinit.arget. So it is better to install them to sysinit.target
rather than multi-user.target.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2020-09-23 14:34:46 -04:00
Yi Zhao
c10f86479f selinux-*.bb: fix typos 
Fixes:
${PN}_RDEPENDS -> RDEPENDS_${PN}

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2020-09-23 14:34:46 -04:00
Yi Zhao
547d9be873 net-tools: drop patch 
The netstat-selinux-support.patch has been merged upstream. So drop it.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2020-09-23 14:34:46 -04:00
Chen Qi
affabe52d9 dhcp: remove bbappend file 
dhcp has been removed, thus removing its bbappend file.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2020-09-18 18:44:05 -04:00
Alex Kiernan
a604e350e7 audit: Backport gcc10 fix for common default 
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2020-09-18 18:40:10 -04:00
Oleksii Miroshko
500578b2c2 setools: Add native support 
Enable using setools for analyzing the built SELinux policy
during the build.

Signed-off-by: Oleksii Miroshko <miroshko@gmail.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2020-09-18 18:40:10 -04:00
Yi Zhao
15fed8756a refpolicy: update to 20200229+git 
* Drop obsolete and unused patches.
* Rebase patches.
* Add patches to make systemd and sysvinit can work with all policy types.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2020-07-14 18:56:06 -04:00
Yi Zhao
7d3b1347ae sysklogd: set correct security context for /var/log in initscript 
We don't need to set security context for /dev/log after syslogd daemon
startup because it is already set by udev. We just need to set the
correct security context for symbolic link /var/log before syslogd
startup.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2020-07-14 18:56:06 -04:00
Yi Zhao
8b79480663 audit: set correct security context for /var/log/audit 
By default /var/log is a symbolic link of /var/volatile/log. But
restorecon does not follow symbolic links then we will encounter the
following error when set /var/log/audit directory:

$ /sbin/restorecon -F /var/log/audit
/sbin/restorecon: SELinux: Could not get canonical path for /var/log/audit restorecon: Permission denied.

Use readlink to find the real path before set security context.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2020-07-14 18:56:06 -04:00
Yi Zhao
9e986d7d79 refpolicy: remove version 2.20190201 
There is no need to maintain two versions of repolicy. Drop this version
and only keep the git version.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2020-07-14 18:56:06 -04:00
Mingli Yu
7af62c91d7 checkpolicy: remove unused te_assertions 
Backport a patch to remove unused te_assertions to fix the
build failure on fedora 32.

Fixes:
 | /build/tmp-glibc/hosttools/ld: policy_define.o:(.bss+0x28): multiple definition of `te_assertions'/build/tmp-glibc/hosttools/ld: policy_define.o:(.bss+0x28): multiple definition of `te_assertions'; y.tab.o:(.bss+0x18): first defined here
 | collect2: error: ld returned 1 exit status
 | make: *** [Makefile:33: checkpolicy] Error 1

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2020-07-13 19:04:46 -04:00
Yi Zhao
db2135de10 libsepol: fix build errors on Fedora 32 
Backport 2 patches to fix the build errors on Fedora 32.

Fixes:
[snip]
../cil/src/cil_verify.lo:(.bss+0x4f0): multiple definition of `CIL_KEY_CONS_T3';
../cil/src/cil_verify.lo:(.bss+0x4f8): multiple definition of `CIL_KEY_CONS_T2';
../cil/src/cil_verify.lo:(.bss+0x500): multiple definition of `CIL_KEY_CONS_T1';
../cil/src/cil_verify.lo:(.bss+0x508): multiple definition of `cil_mem_error_handler';
[snip]

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2020-06-15 08:04:04 -04:00
Changqing Li
f677a09992 libselinux-python: Fix one invalid link 
when host arch and target arch are different, the extension
suffix of host is different with target one, so there will
be a invalid link.  Fix by update the way to create the link.

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
 2020-04-30 10:46:24 -04:00
Yi Zhao
c014a0763a semodule-utils: upgrade to 3.0 (20191204) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:16 -04:00
Yi Zhao
7ee74198d2 selinux-gui: upgrade to 3.0 (20191204) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:16 -04:00
Yi Zhao
e7be403429 selinux-sandbox: upgrade to 3.0 (20191204) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:16 -04:00
Yi Zhao
70b32c88db selinux-dbus: upgrade to 3.0 (20191204) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:16 -04:00
Yi Zhao
cc47ebe09e selinux-python: upgrade to 3.0 (20191204) 
Refresh fix-sepolicy-install-path.patch.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:16 -04:00
Yi Zhao
b671291f7e restorecond: upgrade to 3.0 (20191204) 
Fix typo in patch.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:16 -04:00
Yi Zhao
d1e44cf90a mcstrans: upgrade to 3.0 (20191204) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:16 -04:00
Yi Zhao
8e76f3a098 policycoreutils: upgrade to 3.0 (20191204) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:16 -04:00
Yi Zhao
b09edecd92 secilc: upgrade to 3.0 (20191204) 
License-Update: fix misspellings

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:16 -04:00
Yi Zhao
c1ed59c931 checkpolicy: upgrade to 3.0 (20191204) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:16 -04:00
Yi Zhao
4ca0557476 libsemanage: upgrade to 3.0 (20191204) 
* Refresh libsemanage-allow-to-disable-audit-support.patch
* Fix typos in patches.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:16 -04:00
Yi Zhao
65086a9972 libselinux-python: upgrade to 3.0 (20191204) 
* Inherit python3native as the libselinux uses python distutils to install
  selinux python bindings now.
* Add a patch to fix python modules install path for multilib.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:16 -04:00
Yi Zhao
a1db7a9925 libselinux: upgrade to 3.0 (20191204) 
* Backport a patch to fix build failure with musl.
* Fix typos in patches.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:15 -04:00
Yi Zhao
1735987a64 libsepol: upgrade to 3.0 (20191204) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:15 -04:00
Yi Zhao
60126271a5 selinux: upgrade inc files to 3.0 (20191204) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:15 -04:00
Yi Zhao
8b3efbf23d setools: upgrade 4.2.2 -> 4.3.0 
Remove __pycache__ directories when do_install.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:15 -04:00