mirror of
git://git.yoctoproject.org/meta-selinux
synced 2026-01-01 13:58:04 +00:00
979b3caf98
ChangeLog: https://github.com/SELinuxProject/selinux/releases/tag/3.9 * Support static-only builds with DISABLE_SHARED=y * Add restore option to modify user and role portions * setfiles: Add -U option to modify user and role portions * semanage.conf: Add relabel_store config option * semodule: Add [-g PATH |--config=PATH] for an alternate path for the semanage config * libselinux: Fix local literal fcontext definitions priority * libselinux: Fix order for path substitutions * libsepol: Add new 'netif_wildcard' policy capability * checkpolicy: Add support for wildcard netifcon names * libsepol: Allow multiple policycap statements * libsepol: Support genfs_seclabel_wildcard * Replace all links to selinuxproject.org * Bug fixes Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
32 lines
844 B
BlitzBasic
32 lines
844 B
BlitzBasic
SUMMARY = "Run cmd under an SELinux sandbox"
|
|
DESCRIPTION = "\
|
|
Run application within a tightly confined SELinux domain. The default \
|
|
sandbox domain only allows applications the ability to read and write \
|
|
stdin, stdout and any other file descriptors handed to it."
|
|
SECTION = "base"
|
|
LICENSE = "GPL-2.0-or-later"
|
|
LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=393a5ca445f6965873eca0259a17f833"
|
|
|
|
require selinux_common.inc
|
|
|
|
SRC_URI += "file://sandbox-de-bashify.patch;patchdir=.. \
|
|
"
|
|
|
|
S = "${UNPACKDIR}/${BP}/sandbox"
|
|
|
|
DEPENDS = "libselinux libcap-ng gettext-native"
|
|
|
|
RDEPENDS:${PN} = "\
|
|
python3-core \
|
|
python3-math \
|
|
python3-shell \
|
|
python3-unixadmin \
|
|
libselinux-python \
|
|
selinux-python \
|
|
"
|
|
|
|
FILES:${PN} += "\
|
|
${datadir}/sandbox/sandboxX.sh \
|
|
${datadir}/sandbox/start \
|
|
"
|