diff options
author | Wenzong Fan <wenzong.fan@windriver.com> | 2017-09-04 22:59:46 -0700 |
---|---|---|
committer | Mark Hatle <mark.hatle@windriver.com> | 2017-09-13 19:48:51 -0500 |
commit | d8d6ac6a5de6cc37e61ed48ea3a91c138bc4d213 (patch) | |
tree | 3c6bcc776b80577b20288a49fc177911c4f0c2a9 | |
parent | 9b70823774000acf803f0400b3cc7216e6116c99 (diff) | |
download | meta-selinux-d8d6ac6a5de6cc37e61ed48ea3a91c138bc4d213.tar.gz |
mcstrans: add package 2.7 (20170804)
Move policycoreutils/mcstrans to mcstrans:
* Move and rebase patches:
- mcstrans-de-bashify.patch
- 0001-mcstrans-fix-the-init-script.patch
* Remove useless patch:
- enable-mcstrans.patch
* Cleanup policycoreutils_2.7.bb and policycoreutils.inc.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Update policycoreutils_git.bb
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
-rw-r--r-- | recipes-security/selinux/mcstrans.inc | 49 | ||||
-rw-r--r-- | recipes-security/selinux/mcstrans/0001-mcstrans-fix-the-init-script.patch (renamed from recipes-security/selinux/policycoreutils/0001-mcstrans-fix-the-init-script.patch) | 9 | ||||
-rw-r--r-- | recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch | 26 | ||||
-rw-r--r-- | recipes-security/selinux/mcstrans_2.7.bb | 7 | ||||
-rw-r--r-- | recipes-security/selinux/policycoreutils.inc | 76 | ||||
-rw-r--r-- | recipes-security/selinux/policycoreutils/enable-mcstrans.patch | 17 | ||||
-rw-r--r-- | recipes-security/selinux/policycoreutils/mcstrans-de-bashify.patch | 12 | ||||
-rw-r--r-- | recipes-security/selinux/policycoreutils_2.7.bb | 2 | ||||
-rw-r--r-- | recipes-security/selinux/policycoreutils_git.bb | 2 |
9 files changed, 88 insertions, 112 deletions
diff --git a/recipes-security/selinux/mcstrans.inc b/recipes-security/selinux/mcstrans.inc new file mode 100644 index 0000000..590e6d2 --- /dev/null +++ b/recipes-security/selinux/mcstrans.inc | |||
@@ -0,0 +1,49 @@ | |||
1 | SUMMARY = "Daemon to translate SELinux MCS/MLS sensitivity labels" | ||
2 | DESCRIPTION = "\ | ||
3 | mcstrans provides an translation daemon to translate SELinux categories \ | ||
4 | from internal representations to user defined representation." | ||
5 | |||
6 | SECTION = "base" | ||
7 | LICENSE = "GPLv2+" | ||
8 | |||
9 | SRC_URI += "file://mcstrans-de-bashify.patch \ | ||
10 | file://0001-mcstrans-fix-the-init-script.patch \ | ||
11 | " | ||
12 | |||
13 | inherit systemd update-rc.d | ||
14 | |||
15 | DEPENDS += "libsepol libselinux libcap" | ||
16 | |||
17 | EXTRA_OEMAKE += "SYSTEMDDIR=${D}${systemd_unitdir}" | ||
18 | do_install_append() { | ||
19 | install -d ${D}${sbindir} | ||
20 | install -m 755 utils/untranscon ${D}${sbindir}/ | ||
21 | install -m 755 utils/transcon ${D}${sbindir}/ | ||
22 | |||
23 | if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then | ||
24 | install -d ${D}${sysconfdir}/tmpfiles.d | ||
25 | echo "d ${localstatedir}/run/setrans - - - -" \ | ||
26 | > ${D}${sysconfdir}/tmpfiles.d/setrans.conf | ||
27 | else | ||
28 | install -d ${D}${sysconfdir}/default/volatiles | ||
29 | echo "d root root 0755 /var/run/setrans none" \ | ||
30 | >${D}${sysconfdir}/default/volatiles/volatiles.80_mcstrans | ||
31 | fi | ||
32 | install -d ${D}${datadir}/mcstrans | ||
33 | cp -r share/* ${D}${datadir}/mcstrans/. | ||
34 | } | ||
35 | |||
36 | SYSTEMD_SERVICE_mcstrans = "mcstrans.service" | ||
37 | INITSCRIPT_PACKAGES = "mcstrans" | ||
38 | INITSCRIPT_NAME_mcstrans = "mcstrans" | ||
39 | INITSCRIPT_PARAMS_mcstrans = "defaults" | ||
40 | |||
41 | pkg_postinst_mcstrans () { | ||
42 | if [ -z "$D" ]; then | ||
43 | if command -v systemd-tmpfiles >/dev/null; then | ||
44 | systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/setrans.conf | ||
45 | elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then | ||
46 | ${sysconfdir}/init.d/populate-volatile.sh update | ||
47 | fi | ||
48 | fi | ||
49 | } | ||
diff --git a/recipes-security/selinux/policycoreutils/0001-mcstrans-fix-the-init-script.patch b/recipes-security/selinux/mcstrans/0001-mcstrans-fix-the-init-script.patch index 39be80a..5f7163d 100644 --- a/recipes-security/selinux/policycoreutils/0001-mcstrans-fix-the-init-script.patch +++ b/recipes-security/selinux/mcstrans/0001-mcstrans-fix-the-init-script.patch | |||
@@ -5,14 +5,15 @@ Upstream-Status: Inappropriate [embedded specific] | |||
5 | replace daemon with start-stop-daemon, due to not daemon functions | 5 | replace daemon with start-stop-daemon, due to not daemon functions |
6 | 6 | ||
7 | Signed-off-by: Roy Li <rongqing.li@windriver.com> | 7 | Signed-off-by: Roy Li <rongqing.li@windriver.com> |
8 | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> | ||
8 | --- | 9 | --- |
9 | mcstrans/src/mcstrans.init | 2 +- | 10 | src/mcstrans.init | 2 +- |
10 | 1 file changed, 1 insertion(+), 1 deletion(-) | 11 | 1 file changed, 1 insertion(+), 1 deletion(-) |
11 | 12 | ||
12 | diff --git a/mcstrans/src/mcstrans.init b/mcstrans/src/mcstrans.init | 13 | diff --git a/src/mcstrans.init b/src/mcstrans.init |
13 | index 2804ec0..c660290 100644 | 14 | index 2804ec0..c660290 100644 |
14 | --- a/mcstrans/src/mcstrans.init | 15 | --- a/src/mcstrans.init |
15 | +++ b/mcstrans/src/mcstrans.init | 16 | +++ b/src/mcstrans.init |
16 | @@ -51,7 +51,7 @@ start(){ | 17 | @@ -51,7 +51,7 @@ start(){ |
17 | fi | 18 | fi |
18 | 19 | ||
diff --git a/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch b/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch new file mode 100644 index 0000000..805d7e5 --- /dev/null +++ b/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch | |||
@@ -0,0 +1,26 @@ | |||
1 | commit 54875dcb50f5e40fc86d6fe98dde244bfe4751af | ||
2 | Author: Joe MacDonald <joe_macdonald@mentor.com> | ||
3 | Date: Fri Aug 7 15:16:45 2015 -0400 | ||
4 | |||
5 | mcstrans: remove dependency on bash in initscript | ||
6 | |||
7 | There were no apparent bashisms in mcstrans.init, so remove the dependency | ||
8 | on bash. | ||
9 | |||
10 | Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> | ||
11 | |||
12 | Upstream-Status: Pending | ||
13 | |||
14 | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> | ||
15 | --- | ||
16 | src/mcstrans.init | 2 +- | ||
17 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
18 | |||
19 | --- a/src/mcstrans.init | ||
20 | +++ b/src/mcstrans.init | ||
21 | @@ -1,4 +1,4 @@ | ||
22 | -#!/bin/bash | ||
23 | +#!/bin/sh | ||
24 | # | ||
25 | # mcstransd This starts and stops mcstransd | ||
26 | # | ||
diff --git a/recipes-security/selinux/mcstrans_2.7.bb b/recipes-security/selinux/mcstrans_2.7.bb new file mode 100644 index 0000000..2d5bbfd --- /dev/null +++ b/recipes-security/selinux/mcstrans_2.7.bb | |||
@@ -0,0 +1,7 @@ | |||
1 | include selinux_20170804.inc | ||
2 | include ${BPN}.inc | ||
3 | |||
4 | LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" | ||
5 | |||
6 | SRC_URI[md5sum] = "edba0f72fdf7fdd1ad0a2c6d102e8cfa" | ||
7 | SRC_URI[sha256sum] = "cdca003282d160b50ad695ab5b013c05ca21387a419b2f89288534184d16e1e2" | ||
diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc index fe01004..e8f6e5f 100644 --- a/recipes-security/selinux/policycoreutils.inc +++ b/recipes-security/selinux/policycoreutils.inc | |||
@@ -10,7 +10,6 @@ LICENSE = "GPLv2+" | |||
10 | SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ | 10 | SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ |
11 | file://policycoreutils-fixfiles-de-bashify.patch \ | 11 | file://policycoreutils-fixfiles-de-bashify.patch \ |
12 | file://policycoreutils-sandbox-de-bashify.patch \ | 12 | file://policycoreutils-sandbox-de-bashify.patch \ |
13 | file://mcstrans-de-bashify.patch \ | ||
14 | " | 13 | " |
15 | 14 | ||
16 | PAM_SRC_URI = "file://pam.d/newrole \ | 15 | PAM_SRC_URI = "file://pam.d/newrole \ |
@@ -21,9 +20,7 @@ DEPENDS += "libsepol libselinux libsemanage libcap gettext-native" | |||
21 | EXTRA_DEPENDS = "libcap-ng libcgroup setools" | 20 | EXTRA_DEPENDS = "libcap-ng libcgroup setools" |
22 | DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}" | 21 | DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}" |
23 | 22 | ||
24 | inherit selinux systemd pythonnative update-rc.d | 23 | inherit selinux pythonnative |
25 | |||
26 | PROVIDES += "mcstrans" | ||
27 | 24 | ||
28 | DEPENDS += "${@target_selinux(d, 'libpam audit')}" | 25 | DEPENDS += "${@target_selinux(d, 'libpam audit')}" |
29 | 26 | ||
@@ -144,31 +141,8 @@ PACKAGES =+ "\ | |||
144 | ${PN}-sestatus \ | 141 | ${PN}-sestatus \ |
145 | ${PN}-setfiles \ | 142 | ${PN}-setfiles \ |
146 | ${PN}-setsebool \ | 143 | ${PN}-setsebool \ |
147 | mcstrans \ | ||
148 | mcstrans-doc \ | ||
149 | system-config-selinux \ | 144 | system-config-selinux \ |
150 | " | 145 | " |
151 | PKGV_mcstrans = "0.3.2" | ||
152 | PKGV_mcstrans-doc = "0.3.2" | ||
153 | SUMMARY_mcstrans = "Daemon to translate SELinux MCS/MLS sensitivity labels" | ||
154 | DESCRIPTION_mcstrans = "\ | ||
155 | Security-enhanced Linux is a feature of the Linux kernel and a number \ | ||
156 | of utilities with enhanced security functionality designed to add \ | ||
157 | mandatory access controls to Linux. The Security-enhanced Linux \ | ||
158 | kernel contains new architectural components originally developed to \ | ||
159 | improve the security of the Flask operating system. These \ | ||
160 | architectural components provide general support for the enforcement \ | ||
161 | of many kinds of mandatory access control policies, including those \ | ||
162 | based on the concepts of Type EnforcementĀ®, Role-based Access \ | ||
163 | Control, and Multi-level Security. \ | ||
164 | \ | ||
165 | mcstrans provides an translation daemon to translate SELinux categories \ | ||
166 | from internal representations to user defined representation. \ | ||
167 | " | ||
168 | SUMMARY_mcstrans-doc = "${SUMMARY_mcstrans} man pages and examples" | ||
169 | DESCRIPTION_mcstrans-doc = "${DESCRIPTION_mcstrans} \ | ||
170 | This package contains man pages and examples. \ | ||
171 | " | ||
172 | FILES_${PN}-audit2allow = "\ | 146 | FILES_${PN}-audit2allow = "\ |
173 | ${bindir}/audit2allow \ | 147 | ${bindir}/audit2allow \ |
174 | ${bindir}/audit2why \ | 148 | ${bindir}/audit2why \ |
@@ -240,22 +214,6 @@ FILES_${PN}-setsebool += "\ | |||
240 | ${sbindir}/setsebool \ | 214 | ${sbindir}/setsebool \ |
241 | ${datadir}/bash-completion/completions/setsebool \ | 215 | ${datadir}/bash-completion/completions/setsebool \ |
242 | " | 216 | " |
243 | FILES_mcstrans = "\ | ||
244 | ${base_sbindir}/mcstransd \ | ||
245 | ${sbindir}/untranscon \ | ||
246 | ${sbindir}/transcon \ | ||
247 | ${sysconfdir}/init.d/mcstrans \ | ||
248 | ${systemd_unitdir}/system/mcstrans.service \ | ||
249 | ${sysconfdir}/default/volatiles/volatiles.80_mcstrans \ | ||
250 | ${sysconfdir}/tmpfiles.d/setrans.conf \ | ||
251 | " | ||
252 | |||
253 | FILES_mcstrans-doc = "\ | ||
254 | /usr/share/man/man8/mcstransd.8 \ | ||
255 | /usr/share/man/man8/mcs.8 \ | ||
256 | /usr/share/man/man8/setrans.conf.8 \ | ||
257 | ${datadir}/mcstrans \ | ||
258 | " | ||
259 | 217 | ||
260 | FILES_system-config-selinux = " \ | 218 | FILES_system-config-selinux = " \ |
261 | ${bindir}/sepolgen \ | 219 | ${bindir}/sepolgen \ |
@@ -304,23 +262,6 @@ do_install_prepend() { | |||
304 | export SEMODULE_PATH=${sbindir} SYSTEMDDIR=${D}/${systemd_unitdir} | 262 | export SEMODULE_PATH=${sbindir} SYSTEMDDIR=${D}/${systemd_unitdir} |
305 | } | 263 | } |
306 | 264 | ||
307 | do_install_append_class-target() { | ||
308 | install -m 755 mcstrans/utils/untranscon ${D}${sbindir}/ | ||
309 | install -m 755 mcstrans/utils/transcon ${D}${sbindir}/ | ||
310 | |||
311 | if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then | ||
312 | install -d ${D}${sysconfdir}/tmpfiles.d | ||
313 | echo "d ${localstatedir}/run/setrans - - - -" \ | ||
314 | > ${D}${sysconfdir}/tmpfiles.d/setrans.conf | ||
315 | else | ||
316 | install -d ${D}${sysconfdir}/default/volatiles | ||
317 | echo "d root root 0755 /var/run/setrans none" \ | ||
318 | >${D}${sysconfdir}/default/volatiles/volatiles.80_mcstrans | ||
319 | fi | ||
320 | install -d ${D}${datadir}/mcstrans | ||
321 | cp -r mcstrans/share/* ${D}${datadir}/mcstrans/. | ||
322 | } | ||
323 | |||
324 | do_install_virtclass-native() { | 265 | do_install_virtclass-native() { |
325 | for PCU_CMD in ${PCU_NATIVE_CMDS} ; do | 266 | for PCU_CMD in ${PCU_NATIVE_CMDS} ; do |
326 | oe_runmake -C $PCU_CMD install \ | 267 | oe_runmake -C $PCU_CMD install \ |
@@ -342,18 +283,3 @@ do_install_append_class-target() { | |||
342 | # $ semanage permissive [OPTS] | 283 | # $ semanage permissive [OPTS] |
343 | install -d ${D}${localstatedir}/lib/selinux | 284 | install -d ${D}${localstatedir}/lib/selinux |
344 | } | 285 | } |
345 | |||
346 | SYSTEMD_SERVICE_mcstrans = "mcstrans.service" | ||
347 | INITSCRIPT_PACKAGES = "mcstrans" | ||
348 | INITSCRIPT_NAME_mcstrans = "mcstrans" | ||
349 | INITSCRIPT_PARAMS_mcstrans = "defaults" | ||
350 | |||
351 | pkg_postinst_mcstrans () { | ||
352 | if [ -z "$D" ]; then | ||
353 | if command -v systemd-tmpfiles >/dev/null; then | ||
354 | systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/setrans.conf | ||
355 | elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then | ||
356 | ${sysconfdir}/init.d/populate-volatile.sh update | ||
357 | fi | ||
358 | fi | ||
359 | } | ||
diff --git a/recipes-security/selinux/policycoreutils/enable-mcstrans.patch b/recipes-security/selinux/policycoreutils/enable-mcstrans.patch deleted file mode 100644 index e923903..0000000 --- a/recipes-security/selinux/policycoreutils/enable-mcstrans.patch +++ /dev/null | |||
@@ -1,17 +0,0 @@ | |||
1 | Add the "mcstrans" subdir so it gets built too. | ||
2 | |||
3 | Upstream-Status: Inappropriate [embedded specific] | ||
4 | |||
5 | Signed-off-by: Roy Li <rongqing.li@windriver.com> | ||
6 | diff --git a/Makefile b/Makefile | ||
7 | index 83ebd45..3ae784f 100644 | ||
8 | --- a/Makefile | ||
9 | +++ b/Makefile | ||
10 | @@ -1,5 +1,7 @@ | ||
11 | SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui | ||
12 | |||
13 | +SUBDIRS += mcstrans | ||
14 | + | ||
15 | INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) | ||
16 | |||
17 | ifeq (${INOTIFYH}, /usr/include/sys/inotify.h) | ||
diff --git a/recipes-security/selinux/policycoreutils/mcstrans-de-bashify.patch b/recipes-security/selinux/policycoreutils/mcstrans-de-bashify.patch deleted file mode 100644 index 86141a2..0000000 --- a/recipes-security/selinux/policycoreutils/mcstrans-de-bashify.patch +++ /dev/null | |||
@@ -1,12 +0,0 @@ | |||
1 | --- | ||
2 | mcstrans/src/mcstrans.init | 2 +- | ||
3 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
4 | |||
5 | --- a/mcstrans/src/mcstrans.init | ||
6 | +++ b/mcstrans/src/mcstrans.init | ||
7 | @@ -1,4 +1,4 @@ | ||
8 | -#!/bin/bash | ||
9 | +#!/bin/sh | ||
10 | # | ||
11 | # mcstransd This starts and stops mcstransd | ||
12 | # | ||
diff --git a/recipes-security/selinux/policycoreutils_2.7.bb b/recipes-security/selinux/policycoreutils_2.7.bb index 50f15d0..d407ac3 100644 --- a/recipes-security/selinux/policycoreutils_2.7.bb +++ b/recipes-security/selinux/policycoreutils_2.7.bb | |||
@@ -12,6 +12,4 @@ SRC_URI += "\ | |||
12 | file://policycoreutils-loadpolicy-symlink.patch \ | 12 | file://policycoreutils-loadpolicy-symlink.patch \ |
13 | file://policycoreutils-process-ValueError-for-sepolicy-seobject.patch \ | 13 | file://policycoreutils-process-ValueError-for-sepolicy-seobject.patch \ |
14 | file://policycoreutils-fix-TypeError-for-seobject.py.patch \ | 14 | file://policycoreutils-fix-TypeError-for-seobject.py.patch \ |
15 | file://0001-mcstrans-fix-the-init-script.patch \ | ||
16 | file://enable-mcstrans.patch \ | ||
17 | " | 15 | " |
diff --git a/recipes-security/selinux/policycoreutils_git.bb b/recipes-security/selinux/policycoreutils_git.bb index 5be8728..1f72805 100644 --- a/recipes-security/selinux/policycoreutils_git.bb +++ b/recipes-security/selinux/policycoreutils_git.bb | |||
@@ -11,6 +11,4 @@ SRC_URI += "\ | |||
11 | file://policycoreutils-loadpolicy-symlink.patch \ | 11 | file://policycoreutils-loadpolicy-symlink.patch \ |
12 | file://policycoreutils-process-ValueError-for-sepolicy-seobject.patch \ | 12 | file://policycoreutils-process-ValueError-for-sepolicy-seobject.patch \ |
13 | file://policycoreutils-fix-TypeError-for-seobject.py.patch \ | 13 | file://policycoreutils-fix-TypeError-for-seobject.py.patch \ |
14 | file://0001-mcstrans-fix-the-init-script.patch \ | ||
15 | file://enable-mcstrans.patch \ | ||
16 | " | 14 | " |