diff options
author | Wenzong Fan <wenzong.fan@windriver.com> | 2017-09-04 22:59:53 -0700 |
---|---|---|
committer | Mark Hatle <mark.hatle@windriver.com> | 2017-09-13 19:48:51 -0500 |
commit | 493b567483ac2258b890fd16262695e9697dac4b (patch) | |
tree | d9d8d308a64ea218974801d1d2fccedc6d8d899c | |
parent | a1f9832b797ead41b8415f760727ad987b3470a8 (diff) | |
download | meta-selinux-493b567483ac2258b890fd16262695e9697dac4b.tar.gz |
policycoreutils: fixes for 2.7 uprev
Remove setools from DEPENDS/RDEPENDS, it was required by sepolicy,
sepolgen, semanage which have been moved to python/*.
Rebase patch:
- policycoreutils-fixfiles-de-bashify.patch
Drop useless patch:
- policycoreutils-loadpolicy-symlink.patch
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Update policycoreutils_git.bb
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
4 files changed, 27 insertions, 37 deletions
diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc index 5e03ba0..fc181f7 100644 --- a/recipes-security/selinux/policycoreutils.inc +++ b/recipes-security/selinux/policycoreutils.inc | |||
@@ -16,7 +16,7 @@ PAM_SRC_URI = "file://pam.d/newrole \ | |||
16 | " | 16 | " |
17 | 17 | ||
18 | DEPENDS += "libsepol libselinux libsemanage libcap gettext-native" | 18 | DEPENDS += "libsepol libselinux libsemanage libcap gettext-native" |
19 | EXTRA_DEPENDS = "libcap-ng libcgroup setools" | 19 | EXTRA_DEPENDS = "libcap-ng libcgroup" |
20 | DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}" | 20 | DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}" |
21 | 21 | ||
22 | inherit selinux pythonnative | 22 | inherit selinux pythonnative |
@@ -60,7 +60,7 @@ RDEPENDS_${BPN}-setsebool += "\ | |||
60 | libselinux \ | 60 | libselinux \ |
61 | libsemanage \ | 61 | libsemanage \ |
62 | " | 62 | " |
63 | RDEPENDS_${BPN} += "setools setools-libs selinux-python" | 63 | RDEPENDS_${BPN} += "selinux-python" |
64 | 64 | ||
65 | WARN_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${WARN_QA}', d)}" | 65 | WARN_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${WARN_QA}', d)}" |
66 | ERROR_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${ERROR_QA}', d)}" | 66 | ERROR_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${ERROR_QA}', d)}" |
diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch b/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch index 44d7525..0144de7 100644 --- a/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch +++ b/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch | |||
@@ -13,12 +13,13 @@ so we'll try that instead. | |||
13 | Upstream-Status: Pending | 13 | Upstream-Status: Pending |
14 | 14 | ||
15 | Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> | 15 | Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> |
16 | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> | ||
16 | --- | 17 | --- |
17 | scripts/fixfiles | 26 +++++++++++++++----------- | 18 | scripts/fixfiles | 23 ++++++++++++++--------- |
18 | 1 file changed, 15 insertions(+), 11 deletions(-) | 19 | 1 file changed, 14 insertions(+), 9 deletions(-) |
19 | 20 | ||
20 | diff --git a/scripts/fixfiles b/scripts/fixfiles | 21 | diff --git a/scripts/fixfiles b/scripts/fixfiles |
21 | index 5c29eb9..10a5078 100755 | 22 | index 1aa330f..a10837d 100755 |
22 | --- a/scripts/fixfiles | 23 | --- a/scripts/fixfiles |
23 | +++ b/scripts/fixfiles | 24 | +++ b/scripts/fixfiles |
24 | @@ -1,4 +1,4 @@ | 25 | @@ -1,4 +1,4 @@ |
@@ -27,29 +28,39 @@ index 5c29eb9..10a5078 100755 | |||
27 | # fixfiles | 28 | # fixfiles |
28 | # | 29 | # |
29 | # Script to restore labels on a SELinux box | 30 | # Script to restore labels on a SELinux box |
30 | @@ -25,7 +25,7 @@ | 31 | @@ -27,7 +27,7 @@ set -o nounset |
31 | # number if the current kernel version is greater than 2.6.30, a negative | 32 | # number if the current kernel version is greater than 2.6.30, a negative |
32 | # number if the current is less than 2.6.30 and 0 if they are the same. | 33 | # number if the current is less than 2.6.30 and 0 if they are the same. |
33 | # | 34 | # |
34 | -function useseclabel { | 35 | -function useseclabel { |
35 | +useseclabel() { | 36 | +useseclabel { |
36 | VER=`uname -r` | 37 | VER=`uname -r` |
37 | SUP=2.6.30 | 38 | SUP=2.6.30 |
38 | expr '(' "$VER" : '\([^.]*\)' ')' '-' '(' "$SUP" : '\([^.]*\)' ')' '|' \ | 39 | expr '(' "$VER" : '\([^.]*\)' ')' '-' '(' "$SUP" : '\([^.]*\)' ')' '|' \ |
39 | @@ -91,9 +91,9 @@ exclude_dirs_from_relabelling() { | 40 | @@ -93,9 +93,10 @@ exclude_dirs_from_relabelling() { |
40 | # skip not absolute path | 41 | # skip not absolute path |
41 | # skip not directory | 42 | # skip not directory |
42 | [ -z "${i}" ] && continue | 43 | [ -z "${i}" ] && continue |
43 | - [[ "${i}" =~ "^[[:blank:]]*#" ]] && continue | 44 | - [[ "${i}" =~ ^[[:blank:]]*# ]] && continue |
44 | - [[ ! "${i}" =~ ^/.* ]] && continue | 45 | - [[ ! "${i}" =~ ^/.* ]] && continue |
45 | - [[ ! -d "${i}" ]] && continue | 46 | - [[ ! -d "${i}" ]] && continue |
46 | + echo "${i}" | egrep -q '^[[:space:]]*#' && continue | 47 | + echo "${i}" | egrep -q '^[[:space:]]*#' && continue |
47 | + echo "${i}" | egrep -v '^/.*' && continue | 48 | + echo "${i}" | egrep -v '^/.*' && continue |
48 | + [ ! -d "${i}" ] && continue | 49 | + [ ! -d "${i}" ] && continue |
50 | + | ||
49 | exclude_from_relabelling="$exclude_from_relabelling -e $i" | 51 | exclude_from_relabelling="$exclude_from_relabelling -e $i" |
50 | logit "skipping the directory $i" | ||
51 | done < /etc/selinux/fixfiles_exclude_dirs | 52 | done < /etc/selinux/fixfiles_exclude_dirs |
52 | @@ -205,8 +205,12 @@ fi | 53 | fi |
54 | @@ -138,7 +139,7 @@ fi | ||
55 | # Log directories excluded from relabelling by configuration file | ||
56 | # | ||
57 | LogExcluded() { | ||
58 | -for i in ${EXCLUDEDIRS//-e / }; do | ||
59 | +for i in `echo ${EXCLUDEDIRS} | sed -e 's/-e / /g'`; do | ||
60 | echo "skipping the directory $i" | ||
61 | done | ||
62 | } | ||
63 | @@ -201,8 +202,12 @@ fi | ||
53 | } | 64 | } |
54 | 65 | ||
55 | rpmlist() { | 66 | rpmlist() { |
@@ -64,29 +75,15 @@ index 5c29eb9..10a5078 100755 | |||
64 | } | 75 | } |
65 | 76 | ||
66 | # | 77 | # |
67 | @@ -233,10 +237,10 @@ if [ -n "${exclude_dirs}" ] | 78 | @@ -276,7 +281,7 @@ relabel() { |
68 | then | 79 | exit 1 |
69 | TEMPFCFILE=`mktemp ${FC}.XXXXXXXXXX` | ||
70 | test -z "$TEMPFCFILE" && exit | ||
71 | - /bin/cp -p ${FC} ${TEMPFCFILE} &>/dev/null || exit | ||
72 | - tmpdirs=${tempdirs//-e/} | ||
73 | - for p in ${tmpdirs} | ||
74 | + /bin/cp -p ${FC} ${TEMPFCFILE} >/dev/null 2>&1 || exit | ||
75 | + for p in ${tempdirs} | ||
76 | do | ||
77 | + [ ${p} = "-e" ] && continue | ||
78 | p="${p%/}" | ||
79 | p1="${p}(/.*)? -- <<none>>" | ||
80 | echo "${p1}" >> $TEMPFCFILE | ||
81 | @@ -288,7 +292,7 @@ relabel() { | ||
82 | restore Relabel | ||
83 | fi | 80 | fi |
84 | 81 | ||
85 | - if [ $fullFlag == 1 ]; then | 82 | - if [ $fullFlag == 1 ]; then |
86 | + if [ $fullFlag = 1 ]; then | 83 | + if [ $fullFlag = 1 ]; then |
87 | fullrelabel | 84 | fullrelabel |
85 | return | ||
88 | fi | 86 | fi |
89 | |||
90 | -- | 87 | -- |
91 | 1.9.1 | 88 | 2.13.0 |
92 | 89 | ||
diff --git a/recipes-security/selinux/policycoreutils_2.7.bb b/recipes-security/selinux/policycoreutils_2.7.bb index aa4870d..78bf031 100644 --- a/recipes-security/selinux/policycoreutils_2.7.bb +++ b/recipes-security/selinux/policycoreutils_2.7.bb | |||
@@ -6,6 +6,3 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" | |||
6 | SRC_URI[md5sum] = "65311b66ae01f7b7ad7c2ea7401b68ed" | 6 | SRC_URI[md5sum] = "65311b66ae01f7b7ad7c2ea7401b68ed" |
7 | SRC_URI[sha256sum] = "0a1b8a4a323b854981c6755ff025fe98a0f1cff307f109abb260f0490f13e4f4" | 7 | SRC_URI[sha256sum] = "0a1b8a4a323b854981c6755ff025fe98a0f1cff307f109abb260f0490f13e4f4" |
8 | 8 | ||
9 | SRC_URI += "\ | ||
10 | file://policycoreutils-loadpolicy-symlink.patch \ | ||
11 | " | ||
diff --git a/recipes-security/selinux/policycoreutils_git.bb b/recipes-security/selinux/policycoreutils_git.bb index 98a3fa7..6d1d23a 100644 --- a/recipes-security/selinux/policycoreutils_git.bb +++ b/recipes-security/selinux/policycoreutils_git.bb | |||
@@ -4,7 +4,3 @@ include selinux_git.inc | |||
4 | include ${BPN}.inc | 4 | include ${BPN}.inc |
5 | 5 | ||
6 | LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" | 6 | LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" |
7 | |||
8 | SRC_URI += "\ | ||
9 | file://policycoreutils-loadpolicy-symlink.patch \ | ||
10 | " | ||