Commit bf362e4a8bb9fef3d16b81dea7b39a057e293ee4 in poky updates net-tools,
take this opportunity to convert this to a wildcard, since the bbappend
still seems to apply.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Patches added by this bbappend make us depend on the attr
package.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
We require these headers for some constants that define the xattr
namespaces.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The SRC_URI used for the last SELinux userspace upgrade was the
wrong one. We were using the URI generated by GitHub when tags are
added to a repo. These are not the SELinux release tarballs.
The SELinux project generates and releases tarballs for each tool
and posts them to their GitHub wiki 'Releases' page:
https://github.com/SELinuxProject/selinux/wiki/Releases. This patch
fixes this URI, fixes the SELINUX_RELEASE variable that didn't get
updated during the last upgrade, removes the workaround for the 'S'
variable and fixes up the SRC_URI hashes.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Backport a patch from debian to fix errors as:
ustr-main.h:1062: multiple definition of `ustrp_setf_owner'
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
There isn't lib/machinetabs.h any more, there isn't data structures like
"static const char machine_strings", either.
This fixed a do_patch error when arm.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* Port changes from meta-oe:
commit bce4dba5546480c8e43c6442959ac7d0a4ef32f6
Author: Li xin <lixin.fnst@cn.fujitsu.com>
Date: Thu Jul 23 15:29:31 2015 +0800
libcap-ng: upgrade 0.7.4 -> 0.7.7
Update python.patch,since the contents has been changed.
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Remove patch CVE-2014-3215.patch that included by 0.7.7
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* update SRC_URI checksums
* remove PKG-INFO that is not in 0.83
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The selinux.py will be installed as selinux/__init__.py, just make sure
it has been generated completely while starting "make install-pywrap".
This fixes below errors that caused by an empty "selinux/__init__.py"
on target:
$ /usr/sbin/semanage -h
Traceback (most recent call last):
File "/usr/sbin/semanage", line 30, in <module>
import seobject
File "/usr/lib64/python2.7/site-packages/seobject.py", line 27, in <module>
import sepolicy
File "/usr/lib64/python2.7/site-packages/sepolicy/__init__.py", line 226, in <module>
def get_file_equiv_modified(fc_path = selinux.selinux_file_context_path()):
AttributeError: 'module' object has no attribute 'selinux_file_context_path'
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Make DEFAULT_POLICY and DEFAULT_ENFORCING configurations more flexible.
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
README updated with the supported refpolicy version
details and information of refpolicy building from
git repository.
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
A simple forward-port of refpolicy-minimum to use the
refpolicy from git repository.
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
A simple forward-port of refpolicy-standard to use the
refpolicy from git repository.
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
A simple forward-port of refpolicy-mls to use the
refpolicy from git repository.
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
A simple forward-port of refpolicy-mcs to use the
refpolicy from git repository.
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
A simple forward-port of refpolicy-targeted to use the
refpolicy from git repository.
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
During forward-port of these patches from refpolicy 20140311,
requires rebase with the refpolicy git repos head master
code base,in order to resolve the patch conflicts.
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
A straight update from refpolicy 2.20140311 to refpolicy git
repository for the core policy variants and forward-porting
of policy patches as appropriate.
This approach is useful for building refpolicy & refpolicy-contrib
directly from the git repos, rather than release tarballs.
It helps to check the refpolicy based on source commits by just
updating the git repo rev. as appropriate in refpolicy_git.inc
ref: https://github.com/TresysTechnology/refpolicy/wiki
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
A simple forward-port of refpolicy-minimum to use the 20141203
base refpolicy.
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
A simple forward-port of refpolicy-standard to use the 20141203
base refpolicy.
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
A simple forward-port of refpolicy-mls to use the 20141203
base refpolicy.
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
A simple forward-port of refpolicy-mcs to use the 20141203
base refpolicy.
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
A simple forward-port of refpolicy-targeted to use the 20141203
base refpolicy.
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
During forward-port of these patches from refpolicy 2014120311,
requires rebase with the refpolicy 20141203 code base,
in order to resolve the patch conflicts.
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
A straight update from refpolicy 2.20140311 to 2.20141203 for the core
policy variants and forward-porting of policy patches as appropriate.
ref: https://github.com/TresysTechnology/refpolicy/wiki
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
README updated with the list of supported linux-yocto
versions and details to use it while preparing selinux
enabled images.
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The default kernel is now v4.1. So we need the selinux support
for kernel v4.1, inorder to get selinux enabled images out of box.
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The sepolgen.conf should be installed with devel package to correct
the default value of SELINUX_DEVEL_PATH, Makefile will be searched from
that path while building policies on target.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
This dir is required for running command:
$ semanage permissive [OPTS]
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Restore contexts for /etc/{resolv.conf, adjtime}, they are created
dynamically and the incorrect contexts maybe prevent some programs
from valid accessing.
/etc/resolv.conf: etc_t:SystemHigh -> etc_t:SystemLow
/etc/adjtime: etc_t:SystemHigh -> adjtime_t:SystemLow
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
1) Remove audit-for-cross-compiling.patch and disable-ldap.patch
since it it not needed anymore.
2) Modify audit-python-configure.patch audit-python.patch
fix-swig-host-contamination.patch,since configure.ac and
Makefile.am has been changed in 2.4.3
3) Warning Fix:
-WARNING: QA Issue: audit: configure was passed unrecognised options: --without-ldap [unknown-configure-option]
-WARNING: QA Issue: audit: Files/directories were installed but not shipped in any package
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
This change bases on the factors during bootup:
a. the default type for /run is var_run_t;
b. the type for /run will be changed to tmpfs_t after tmpfs mounted;
c. the type for /run will be fixed after populate-volatile.sh run.
udev service is started in b->c period, fix the type for /run from
udev init script to remove:
avc: denied { write } for pid=294 comm="mdadm" \
name="/" dev="tmpfs" ino=10581 \
scontext=system_u:system_r:mdadm_t:s0-s15:c0.c1023 \
tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
mcstransd is a daemon to translate SELinux MCS/MLS sensitivity labels,
policycoreutils includes mcstransd whose version is newer than that
from http://mcstrans.sourcearchive.com/
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
use wildcard for version: adopting libpam upgrade from 1.1.6 to 1.2.1,
cleanup older recipe and remove patch sepermit-add-DESTDIR-prefix.patch
since the changes already available with latest source.
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
The default kernel is now v3.19. So we need the selinux support
for kernel v3.19, inorder to get selinux enabled images out of box.
Signed-off-by: Shrikant Bobade <Shrikant_Bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Fix the warning reporing that ${S} directory does not exist by pointing
S to ${WORKDIR}.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Move the 'enforcing' setting to the DEFAULT_ENFORCING variable to allow
one to override that setting in a bbappend file.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
perf can make use of libaudit if it is present. So let's build perf with
audit if we are building a SELinux-enabled distribution.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
