diff options
author | Wenzong Fan <wenzong.fan@windriver.com> | 2017-09-04 22:59:48 -0700 |
---|---|---|
committer | Mark Hatle <mark.hatle@windriver.com> | 2017-09-13 19:48:51 -0500 |
commit | a5b5f5b328fa7f059fbfe8480bd107379bfe8d21 (patch) | |
tree | 8d841decf254e399fcd55a6156bc41e85b09d0eb | |
parent | 9a07ac84248c97ea7adebebbf11d28bf9872b77f (diff) | |
download | meta-selinux-a5b5f5b328fa7f059fbfe8480bd107379bfe8d21.tar.gz |
selinux-sandbox: add package 2.7 (20170804)
Move policycoreutils/sandbox to sandbox:
* Move and rebase patch:
- policycoreutils-sandbox-de-bashify.patch
* Cleanup policycoreutils.inc
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
-rw-r--r-- | recipes-security/selinux/policycoreutils.inc | 17 | ||||
-rw-r--r-- | recipes-security/selinux/selinux-sandbox.inc | 28 | ||||
-rw-r--r-- | recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch (renamed from recipes-security/selinux/policycoreutils/policycoreutils-sandbox-de-bashify.patch) | 13 | ||||
-rw-r--r-- | recipes-security/selinux/selinux-sandbox_2.7.bb | 7 |
4 files changed, 42 insertions, 23 deletions
diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc index e8f6e5f..9e45e0c 100644 --- a/recipes-security/selinux/policycoreutils.inc +++ b/recipes-security/selinux/policycoreutils.inc | |||
@@ -9,7 +9,6 @@ LICENSE = "GPLv2+" | |||
9 | 9 | ||
10 | SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ | 10 | SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ |
11 | file://policycoreutils-fixfiles-de-bashify.patch \ | 11 | file://policycoreutils-fixfiles-de-bashify.patch \ |
12 | file://policycoreutils-sandbox-de-bashify.patch \ | ||
13 | " | 12 | " |
14 | 13 | ||
15 | PAM_SRC_URI = "file://pam.d/newrole \ | 14 | PAM_SRC_URI = "file://pam.d/newrole \ |
@@ -64,15 +63,6 @@ RDEPENDS_${BPN}-python += "\ | |||
64 | libsemanage-python \ | 63 | libsemanage-python \ |
65 | " | 64 | " |
66 | RDEPENDS_${BPN}-runinit += "libselinux" | 65 | RDEPENDS_${BPN}-runinit += "libselinux" |
67 | RDEPENDS_${BPN}-sandbox += "\ | ||
68 | python-math \ | ||
69 | python-shell \ | ||
70 | python-subprocess \ | ||
71 | python-textutils \ | ||
72 | python-unixadmin \ | ||
73 | libselinux-python \ | ||
74 | ${BPN}-python \ | ||
75 | " | ||
76 | RDEPENDS_${BPN}-secon += "libselinux" | 66 | RDEPENDS_${BPN}-secon += "libselinux" |
77 | RDEPENDS_${BPN}-semanage = "\ | 67 | RDEPENDS_${BPN}-semanage = "\ |
78 | python-core \ | 68 | python-core \ |
@@ -128,7 +118,6 @@ PACKAGES =+ "\ | |||
128 | ${PN}-newrole \ | 118 | ${PN}-newrole \ |
129 | ${PN}-python \ | 119 | ${PN}-python \ |
130 | ${PN}-runinit \ | 120 | ${PN}-runinit \ |
131 | ${PN}-sandbox \ | ||
132 | ${PN}-secon \ | 121 | ${PN}-secon \ |
133 | ${PN}-semanage \ | 122 | ${PN}-semanage \ |
134 | ${PN}-semodule \ | 123 | ${PN}-semodule \ |
@@ -171,12 +160,6 @@ FILES_${PN}-runinit += "\ | |||
171 | ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${sysconfdir}/pam.d/run_init', '', d)} \ | 160 | ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${sysconfdir}/pam.d/run_init', '', d)} \ |
172 | " | 161 | " |
173 | FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolicy/.debug/* ${prefix}/libexec/selinux/hll/.debug" | 162 | FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolicy/.debug/* ${prefix}/libexec/selinux/hll/.debug" |
174 | FILES_${PN}-sandbox += "\ | ||
175 | ${datadir}/sandbox/* \ | ||
176 | ${bindir}/sandbox \ | ||
177 | ${sbindir}/seunshare \ | ||
178 | ${sysconfdir}/sysconfig/sandbox \ | ||
179 | " | ||
180 | FILES_${PN}-secon += "${bindir}/secon" | 163 | FILES_${PN}-secon += "${bindir}/secon" |
181 | FILES_${PN}-semanage = "\ | 164 | FILES_${PN}-semanage = "\ |
182 | ${sbindir}/semanage \ | 165 | ${sbindir}/semanage \ |
diff --git a/recipes-security/selinux/selinux-sandbox.inc b/recipes-security/selinux/selinux-sandbox.inc new file mode 100644 index 0000000..8616dd7 --- /dev/null +++ b/recipes-security/selinux/selinux-sandbox.inc | |||
@@ -0,0 +1,28 @@ | |||
1 | SUMMARY = "Run cmd under an SELinux sandbox" | ||
2 | DESCRIPTION = "\ | ||
3 | Run application within a tightly confined SELinux domain. The default \ | ||
4 | sandbox domain only allows applications the ability to read and write \ | ||
5 | stdin, stdout and any other file descriptors handed to it." | ||
6 | |||
7 | SECTION = "base" | ||
8 | LICENSE = "GPLv2+" | ||
9 | |||
10 | SRC_URI += "file://sandbox-de-bashify.patch \ | ||
11 | " | ||
12 | |||
13 | DEPENDS += "libcap-ng libselinux" | ||
14 | |||
15 | RDEPENDS_${PN} += "\ | ||
16 | python-math \ | ||
17 | python-shell \ | ||
18 | python-subprocess \ | ||
19 | python-textutils \ | ||
20 | python-unixadmin \ | ||
21 | libselinux-python \ | ||
22 | selinux-python \ | ||
23 | " | ||
24 | |||
25 | FILES_${PN} += "\ | ||
26 | ${datadir}/sandbox/sandboxX.sh \ | ||
27 | ${datadir}/sandbox/start \ | ||
28 | " | ||
diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-sandbox-de-bashify.patch b/recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch index c078ef6..18cef4b 100644 --- a/recipes-security/selinux/policycoreutils/policycoreutils-sandbox-de-bashify.patch +++ b/recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch | |||
@@ -9,25 +9,26 @@ sandboxX script, so point them at /bin/sh instead. | |||
9 | Upstream-Status: Pending | 9 | Upstream-Status: Pending |
10 | 10 | ||
11 | Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> | 11 | Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> |
12 | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> | ||
12 | --- | 13 | --- |
13 | sandbox/sandbox.init | 2 +- | 14 | sandbox/sandbox.init | 2 +- |
14 | sandbox/sandboxX.sh | 2 +- | 15 | sandbox/sandboxX.sh | 2 +- |
15 | 2 files changed, 2 insertions(+), 2 deletions(-) | 16 | 2 files changed, 2 insertions(+), 2 deletions(-) |
16 | 17 | ||
17 | diff --git a/sandbox/sandbox.init b/sandbox/sandbox.init | 18 | diff --git a/sandbox.init b/sandbox.init |
18 | index b3979bf..1893dc8 100644 | 19 | index b3979bf..1893dc8 100644 |
19 | --- a/sandbox/sandbox.init | 20 | --- a/sandbox.init |
20 | +++ b/sandbox/sandbox.init | 21 | +++ b/sandbox.init |
21 | @@ -1,4 +1,4 @@ | 22 | @@ -1,4 +1,4 @@ |
22 | -#!/bin/bash | 23 | -#!/bin/bash |
23 | +#!/bin/sh | 24 | +#!/bin/sh |
24 | ## BEGIN INIT INFO | 25 | ## BEGIN INIT INFO |
25 | # Provides: sandbox | 26 | # Provides: sandbox |
26 | # Default-Start: 3 4 5 | 27 | # Default-Start: 3 4 5 |
27 | diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh | 28 | diff --git a/sandboxX.sh b/sandboxX.sh |
28 | index eaa500d..8755d75 100644 | 29 | index eaa500d..8755d75 100644 |
29 | --- a/sandbox/sandboxX.sh | 30 | --- a/sandboxX.sh |
30 | +++ b/sandbox/sandboxX.sh | 31 | +++ b/sandboxX.sh |
31 | @@ -1,4 +1,4 @@ | 32 | @@ -1,4 +1,4 @@ |
32 | -#!/bin/bash | 33 | -#!/bin/bash |
33 | +#!/bin/sh | 34 | +#!/bin/sh |
diff --git a/recipes-security/selinux/selinux-sandbox_2.7.bb b/recipes-security/selinux/selinux-sandbox_2.7.bb new file mode 100644 index 0000000..1307ce7 --- /dev/null +++ b/recipes-security/selinux/selinux-sandbox_2.7.bb | |||
@@ -0,0 +1,7 @@ | |||
1 | include selinux_20170804.inc | ||
2 | include ${BPN}.inc | ||
3 | |||
4 | LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" | ||
5 | |||
6 | SRC_URI[md5sum] = "7360e9dc7b1757b7f82face655982bfa" | ||
7 | SRC_URI[sha256sum] = "9490620380ab6d428a92869002a51ada0343ca35fa2a6905595745902a64c541" | ||