CaROS/meta-selinux
3
0
Fork 0
mirror of git://git.yoctoproject.org/meta-selinux synced 2026-01-01 13:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
808 Commits 28 Branches 0 Tags 2.4 MiB
e7be403429
Commit Graph

808 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Yi Zhao
e7be403429 selinux-sandbox: upgrade to 3.0 (20191204) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:16 -04:00
Yi Zhao
70b32c88db selinux-dbus: upgrade to 3.0 (20191204) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:16 -04:00
Yi Zhao
cc47ebe09e selinux-python: upgrade to 3.0 (20191204) 
Refresh fix-sepolicy-install-path.patch.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:16 -04:00
Yi Zhao
b671291f7e restorecond: upgrade to 3.0 (20191204) 
Fix typo in patch.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:16 -04:00
Yi Zhao
d1e44cf90a mcstrans: upgrade to 3.0 (20191204) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:16 -04:00
Yi Zhao
8e76f3a098 policycoreutils: upgrade to 3.0 (20191204) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:16 -04:00
Yi Zhao
b09edecd92 secilc: upgrade to 3.0 (20191204) 
License-Update: fix misspellings

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:16 -04:00
Yi Zhao
c1ed59c931 checkpolicy: upgrade to 3.0 (20191204) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:16 -04:00
Yi Zhao
4ca0557476 libsemanage: upgrade to 3.0 (20191204) 
* Refresh libsemanage-allow-to-disable-audit-support.patch
* Fix typos in patches.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:16 -04:00
Yi Zhao
65086a9972 libselinux-python: upgrade to 3.0 (20191204) 
* Inherit python3native as the libselinux uses python distutils to install
  selinux python bindings now.
* Add a patch to fix python modules install path for multilib.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:16 -04:00
Yi Zhao
a1db7a9925 libselinux: upgrade to 3.0 (20191204) 
* Backport a patch to fix build failure with musl.
* Fix typos in patches.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:15 -04:00
Yi Zhao
1735987a64 libsepol: upgrade to 3.0 (20191204) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:15 -04:00
Yi Zhao
60126271a5 selinux: upgrade inc files to 3.0 (20191204) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:15 -04:00
Yi Zhao
8b3efbf23d setools: upgrade 4.2.2 -> 4.3.0 
Remove __pycache__ directories when do_install.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-15 14:58:15 -04:00
Yi Zhao
9352f8604c bind: install volatiles file with correct name 
Install volatiles file as 04_bind rather than volatiles.04_bind.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-07 09:28:04 -04:00
Yi Zhao
43cb7c2d1b eudev: remove udev-cache and sync the initscript to latest oe-core version 
The udev-cache has been remove in oe-core commit
048f4149b8438c521e8b65a3c96d850a9b4a3e5b. So we can also remove it.

Also sync the initscript to latest oe-core version.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-07 09:28:04 -04:00
Yi Zhao
de13a3ee27 sysklogd: sync the initscript to latest oe-core version 
The sysklogd has been updated to 2.1.1 in oe-core and the klogd was
removed from this version since syslogd performs logging of kernel
messages. So we update the initscript to adapt it.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-07 09:28:04 -04:00
Joe MacDonald
1e2fdbe71e clean up getVar() usage 
83eac4de updated the usage of getVar() in classes/selinux.bbclass to
leave out the default expand parameter. This is consistent with the
usage in the core layers.

Bring all other calls to getVar() in the layer into alignment with this
approach.

Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-03 08:48:01 -04:00
Yi Zhao
b7a4511068 layer.conf: update LAYERSERIES_COMPAT for dunfell 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-03 08:39:07 -04:00
Yi Zhao
83eac4de1a selinux.bbclass: remove True option in getVar() 
The getVar() defaults to expanding by default, thus remove the True
option from all getVar() calls.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-04-03 08:39:07 -04:00
Yi Zhao
03baa60e37 linux-yocto: drop 4.x bbappend 
The linux-yocto 4.x recipes have been dropped in oe-core. We can remove
the bbappend.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-02-26 08:11:16 -05:00
Mingli Yu
6257da999f audit: add clock_settime64 syscall 
On 32bit system,
After upgrade glibc to 2.31
 # strace -o /tmp/test.log date -s 09:16:45
 # tail -f /tmp/test.log
 close(3)                                = 0
 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=114, ...}) = 0
 clock_settime64(CLOCK_REALTIME, {tv_sec=1582103805, tv_nsec=0}) = 0
 fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(0x4, 0x40), ...}) = 0
 ioctl(1, TCGETS, {B115200 opost isig icanon echo ...}) = 0
 write(1, "Wed Feb 19 09:16:45 UTC 2020\n", 29) = 29
 close(1)                                = 0
 close(2)                                = 0
 exit_group(0)                           = ?
 +++ exited with 0 +++

It means the clock_settime64 syscall is used, so
add the syscall.

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-02-19 09:02:01 -05:00
Jeremy Puhlman
dc8c5e90ec findutils: make append generic 
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-01-30 21:46:58 -05:00
Jeremy Puhlman
f32f21de44 python: move appends to a dynamic-layer 
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2020-01-30 21:46:58 -05:00
Yi Zhao
6e18bc43d2 audit: fix host contamination for swig 
The audit build uses swig to generate a python wrapper. But there is a
hardcoded include directory in auditswig.i, which causes header files on
the host to be used when building. This will cause build error on some
old systems. e.g. on CentOS7 with buildtools:
  audit_wrap.c: In function '_wrap_audit_rule_flags_set':
  audit_wrap.c:5018:19: error: dereferencing pointer to incomplete type 'struct audit_rule'
  5018  if (arg1) (arg1)->flags = arg2;
        ^~

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-30 23:10:43 -05:00
Yi Zhao
8ce3dccfda selinux-initsh.inc: install selinux-init.sh and selinux-labeldev.sh when using systemd 
The commit 5fd3c5b71e introduced an issue
that selinux-init.sh and selinux-labeldev.sh are not installed when
using systemd which will cause the selinux-ini.service and
selinux-labeldev.service fail to startup. Move the do_install codes from
selinux-autorelabel to selinux-initsh.inc to make sure install these
scripts when using systemd.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-30 23:10:43 -05:00
Yi Zhao
557d807edd MAINTAINERS: update maintainer 
Add Yi Zhao as the maintainer.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-24 09:30:38 -05:00
Yi Zhao
555cbd0243 refpolicy: switch to python3 
* Switch to python3
* Update policy-version to 31 to match selinux 2.9

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-24 09:24:15 -05:00
Yi Zhao
c966bce553 refpolicy: add UPSTREAM_CHECK_GITTAGREGEX 
Add UPSTREAM_CHECK_GITTAGREGEX to make devtool check-upgrade-status
works.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-24 09:24:15 -05:00
Yi Zhao
26169b168f libsemanage: fix race issue in parallel build 
The install-pywarp target doesn't depend on swigify target because the
semanage.py is not generated by swigify target but pywrap target.
Here is the dependency chain:
  install-pywrap -> pywrap -> $(SWIGSO) -> $(SWIGLOBJ) -> $(SWIGCOUT)
  -> semanage.py

But in the recipe, the swigify target is added explicitly in do_install:
  do_install_append() {
    oe_runmake install-pywrap swigify \
    [snip]
  }

This target will regenerate the semanage.py when do_install. So there
will be a potential race issue in parallel build. The install-pywrap
target is trying to install semanage.py when swigify target is
generating the file. Then an empty semanage.py will be installed. Remove
the target swigify to fix this issue.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-24 09:16:06 -05:00
Yi Zhao
7920e470c6 libselinux-python: fix race issue in parallel build 
The install-pywarp target doesn't depend on swigify target because the
selinux.py is not generated by swigify target but pywrap target.
Here is the dependency chain:
  install-pywrap -> pywrap -> $(SWIGFILES) -> $(SWIGPYOUT) -> $(SWIGCOUT)
  -> selinux.py

But in the recipe, the swigify target is added explicitly in do_install:
  do_install_append() {
    oe_runmake install-pywrap swigify \
    [snip]
  }

This target will regenerate the selinux.py when do_install. So there
will be a potential race issue in parallel build. The install-pywrap
target is trying to install selinux.py when swigify target is generating
the file. Then an empty selinux.py will be installed. Remove the target
swigify to fix this issue.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-24 09:16:06 -05:00
Yi Zhao
823653623f python-ipy: remove recipe 
The python-ipy had been moved to meta-python.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-24 09:16:06 -05:00
Yi Zhao
6edbe15c3d audit: switch to python3 
* Switch to python3

* Drop patches:
  audit-python-configure.patch
  audit-python.patch
  fix-swig-host-contamination.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-19 11:17:00 -05:00
Yi Zhao
88b9ab90c8 setools: upgrade 4.1.1 -> 4.2.2 
* Switch to python3

* Drop patches:
  Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch
  setools4-fix-cross-compiling-errors-for-powerpc-mips.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-19 11:17:00 -05:00
Yi Zhao
61389a1984 semodule-utils: uprev to 2.9 (20190315) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-19 11:09:21 -05:00
Yi Zhao
6d849e1739 selinux-gui: uprev to 2.9 (20190315) 
* Switch to python3

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-19 11:09:21 -05:00
Yi Zhao
2930ad9990 selinux-sandbox: uprev to 2.9 (20190315) 
* Switch to python3
* Rebase patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-19 11:09:21 -05:00
Yi Zhao
d5ba537789 selinux-dbus: uprev to 2.9 (20190315) 
* Switch to python3

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-19 11:09:21 -05:00
Yi Zhao
751d5a3f2a selinux-python: uprev to 2.9 (20190315) 
* Switch to python3

* Drop patches:
  fix-TypeError-for-seobject.py.patch
  process-ValueError-for-sepolicy-seobject.patch

* Rebase patches

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-19 11:09:21 -05:00
Yi Zhao
72a6a1f88b restorecond: uprev to 2.9 (20190315) 
* Rebase patches

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-19 11:09:21 -05:00
Yi Zhao
f6ae2e82ed mcstrans: uprev to 2.9 (20190315) 
* Rebase patches

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-19 11:09:21 -05:00
Yi Zhao
62ee1a51c2 policycoreutils: uprev to 2.9 (20190315) 
* Switch to python3

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-19 11:09:21 -05:00
Yi Zhao
d4c8197e1e secilc: uprev to 2.9 (20190315) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-19 11:09:21 -05:00
Yi Zhao
0962560c51 checkpolicy: uprev to 2.9 (20190315) 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-19 11:09:21 -05:00
Yi Zhao
41f8c2e5ba libsemanage: uprev to 2.9 (20190315) 
* Switch to python3

* Drop patches:
  libsemanage-fix-path-nologin.patch
  0001-src-Makefile-fix-includedir-in-libselinux.pc.patch

* Rebase patches

* Update policy version to 31

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-19 11:09:21 -05:00
Yi Zhao
7bb1507928 libselinux-python: add recipe 
After switch to python3, There is a loop dependency error with
libselinux-python package when build libselinux. Split the original
libselinux recipe into  libselinux and libselinux-python.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-19 11:09:21 -05:00
Yi Zhao
5e3643b618 libselinux: uprev to 2.9 (20190315) 
* Switch to python3

* Drop patches:
  0001-libselinux-Do-not-define-gettid-if-glibc-2.30-is-use.patch
  0001-src-Makefile-fix-includedir-in-libselinux.pc.patch

* Split into libselinux recipe and libselinux-python recipe to fix the
  loop dependency error.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-19 11:09:21 -05:00
Yi Zhao
5fbf7227c9 libsepol: uprev to 2.9 (20190315) 
* Drop patch 0001-src-Makefile-fix-includedir-in-libsepol.pc.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-19 11:09:21 -05:00
Yi Zhao
a4196eb862 selinux: uprev inc files to 2.9 (20190315) 
* Update SRC_URI
* Add UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-19 11:09:21 -05:00
Yi Zhao
7d8eb0fd5b python-ipy: upgrade to 1.00 and add python3 version 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 2019-12-19 11:09:20 -05:00