summaryrefslogtreecommitdiffstats
path: root/recipes-security/refpolicy/refpolicy_common.inc
diff options
context:
space:
mode:
Diffstat (limited to 'recipes-security/refpolicy/refpolicy_common.inc')
-rw-r--r--recipes-security/refpolicy/refpolicy_common.inc118
1 files changed, 82 insertions, 36 deletions
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index 1d9ca93..46cbfa3 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -18,41 +18,87 @@ SRC_URI += "file://customizable_types \
18# refpolicy should provide a version of these and place them in your own 18# refpolicy should provide a version of these and place them in your own
19# refpolicy-${PV} directory. 19# refpolicy-${PV} directory.
20SRC_URI += " \ 20SRC_URI += " \
21 file://0001-fc-subs-volatile-alias-common-var-volatile-paths.patch \ 21 file://0001-fc-subs-volatile-alias-common-var-volatile-paths.patch \
22 file://0002-fc-subs-busybox-set-aliases-for-bin-sbin-and-usr.patch \ 22 file://0002-fc-subs-busybox-set-aliases-for-bin-sbin-and-usr.patch \
23 file://0003-fc-sysklogd-apply-policy-to-sysklogd-symlink.patch \ 23 file://0003-fc-hostname-apply-policy-to-common-yocto-hostname-al.patch \
24 file://0004-fc-hostname-apply-policy-to-common-yocto-hostname-al.patch \ 24 file://0004-fc-bash-apply-usr-bin-bash-context-to-bin-bash.bash.patch \
25 file://0005-fc-bash-apply-usr-bin-bash-context-to-bin-bash.bash.patch \ 25 file://0005-fc-resolv.conf-label-resolv.conf-in-var-run-properly.patch \
26 file://0006-fc-resolv.conf-label-resolv.conf-in-var-run-properly.patch \ 26 file://0006-fc-login-apply-login-context-to-login.shadow.patch \
27 file://0007-fc-login-apply-login-context-to-login.shadow.patch \ 27 file://0007-fc-bind-fix-real-path-for-bind.patch \
28 file://0008-fc-bind-fix-real-path-for-bind.patch \ 28 file://0008-fc-hwclock-add-hwclock-alternatives.patch \
29 file://0009-fc-hwclock-add-hwclock-alternatives.patch \ 29 file://0009-fc-dmesg-apply-policy-to-dmesg-alternatives.patch \
30 file://0010-fc-dmesg-apply-policy-to-dmesg-alternatives.patch \ 30 file://0010-fc-ssh-apply-policy-to-ssh-alternatives.patch \
31 file://0011-fc-ssh-apply-policy-to-ssh-alternatives.patch \ 31 file://0011-fc-sysnetwork-apply-policy-to-ip-alternatives.patch \
32 file://0012-fc-sysnetwork-apply-policy-to-ip-alternatives.patch \ 32 file://0012-fc-udev-apply-policy-to-udevadm-in-libexec.patch \
33 file://0013-fc-udev-apply-policy-to-udevadm-in-libexec.patch \ 33 file://0013-fc-rpm-apply-rpm_exec-policy-to-cpio-binaries.patch \
34 file://0014-fc-rpm-apply-rpm_exec-policy-to-cpio-binaries.patch \ 34 file://0014-fc-su-apply-policy-to-su-alternatives.patch \
35 file://0015-fc-su-apply-policy-to-su-alternatives.patch \ 35 file://0015-fc-fstools-fix-real-path-for-fstools.patch \
36 file://0016-fc-fstools-fix-real-path-for-fstools.patch \ 36 file://0016-fc-init-fix-update-alternatives-for-sysvinit.patch \
37 file://0017-policy-module-logging-Add-the-syslogd_t-to-trusted-o.patch \ 37 file://0017-fc-brctl-apply-policy-to-brctl-alternatives.patch \
38 file://0018-policy-module-logging-add-rules-for-the-symlink-of-v.patch \ 38 file://0018-fc-corecommands-apply-policy-to-nologin-alternatives.patch \
39 file://0019-policy-module-logging-add-rules-for-syslogd-symlink-.patch \ 39 file://0019-fc-locallogin-apply-policy-to-sulogin-alternatives.patch \
40 file://0020-policy-module-logging-add-domain-rules-for-the-subdi.patch \ 40 file://0020-fc-ntp-apply-policy-to-ntpd-alternatives.patch \
41 file://0021-policy-module-files-add-rules-for-the-symlink-of-tmp.patch \ 41 file://0021-fc-kerberos-apply-policy-to-kerberos-alternatives.patch \
42 file://0022-policy-module-terminals-add-rules-for-bsdpty_device_.patch \ 42 file://0022-fc-ldap-apply-policy-to-ldap-alternatives.patch \
43 file://0023-policy-module-terminals-don-t-audit-tty_device_t-in-.patch \ 43 file://0023-fc-postgresql-apply-policy-to-postgresql-alternative.patch \
44 file://0024-policy-module-rpc-allow-nfsd-to-exec-shell-commands.patch \ 44 file://0024-fc-screen-apply-policy-to-screen-alternatives.patch \
45 file://0025-policy-module-rpc-fix-policy-for-nfsserver-to-mount-.patch \ 45 file://0025-fc-usermanage-apply-policy-to-usermanage-alternative.patch \
46 file://0026-policy-module-sysfs-fix-for-new-SELINUXMNT-in-sys.patch \ 46 file://0026-fc-getty-add-file-context-to-start_getty.patch \
47 file://0027-policy-module-rpc-allow-sysadm-to-run-rpcinfo.patch \ 47 file://0027-fc-init-add-file-context-to-etc-network-if-files.patch \
48 file://0028-policy-module-userdomain-fix-selinux-utils-to-manage.patch \ 48 file://0028-fc-vlock-apply-policy-to-vlock-alternatives.patch \
49 file://0029-policy-module-selinuxutil-fix-setfiles-statvfs-to-ge.patch \ 49 file://0029-fc-cron-apply-policy-to-etc-init.d-crond.patch \
50 file://0030-policy-module-admin-fix-dmesg-to-use-dev-kmsg-as-def.patch \ 50 file://0030-file_contexts.subs_dist-set-aliase-for-root-director.patch \
51 file://0031-policy-module-ftp-add-ftpd_t-to-mls_file_write_all_l.patch \ 51 file://0031-policy-modules-system-logging-add-rules-for-the-syml.patch \
52 file://0032-policy-module-init-update-for-systemd-related-allow-.patch \ 52 file://0032-policy-modules-system-logging-add-rules-for-syslogd-.patch \
53 file://0033-refpolicy-minimum-make-sysadmin-module-optional.patch \ 53 file://0033-policy-modules-system-logging-add-domain-rules-for-t.patch \
54 file://0034-policy-module-apache-add-rules-for-the-symlink-of-va.patch \ 54 file://0034-policy-modules-kernel-files-add-rules-for-the-symlin.patch \
55 " 55 file://0035-policy-modules-kernel-terminal-add-rules-for-bsdpty_.patch \
56 file://0036-policy-modules-kernel-terminal-don-t-audit-tty_devic.patch \
57 file://0037-policy-modules-services-avahi-allow-avahi_t-to-watch.patch \
58 file://0038-policy-modules-system-getty-allow-getty_t-watch-gett.patch \
59 file://0039-policy-modules-services-bluetooth-allow-bluetooth_t-.patch \
60 file://0040-policy-modules-roles-sysadm-allow-sysadm-to-run-rpci.patch \
61 file://0041-policy-modules-services-rpc-add-capability-dac_read_.patch \
62 file://0042-policy-modules-services-rpcbind-allow-rpcbind_t-to-c.patch \
63 file://0043-policy-modules-services-rngd-fix-security-context-fo.patch \
64 file://0044-policy-modules-system-authlogin-allow-chkpwd_t-to-ma.patch \
65 file://0045-policy-modules-system-udev-allow-udevadm_t-to-search.patch \
66 file://0046-policy-modules-udev-do-not-audit-udevadm_t-to-read-w.patch \
67 file://0047-policy-modules-services-rdisc-allow-rdisc_t-to-searc.patch \
68 file://0048-policy-modules-system-logging-fix-auditd-startup-fai.patch \
69 file://0049-policy-modules-services-ssh-make-respective-init-scr.patch \
70 file://0050-policy-modules-kernel-terminal-allow-loging-to-reset.patch \
71 file://0051-policy-modules-system-selinuxutil-allow-semanage_t-t.patch \
72 file://0052-policy-modules-system-sysnetwork-allow-ifconfig_t-to.patch \
73 file://0053-policy-modules-services-ntp-allow-ntpd_t-to-watch-sy.patch \
74 file://0054-policy-modules-system-systemd-enable-support-for-sys.patch \
75 file://0055-policy-modules-system-logging-fix-systemd-journald-s.patch \
76 file://0056-policy-modules-roles-sysadm-allow-sysadm_t-to-watch-.patch \
77 file://0057-policy-modules-system-systemd-add-capability-mknod-f.patch \
78 file://0058-policy-modules-system-systemd-systemd-gpt-auto-gener.patch \
79 file://0059-policy-modules-services-rpc-fix-policy-for-nfsserver.patch \
80 file://0060-policy-modules-services-rpc-make-rpcd_t-MLS-trusted-.patch \
81 file://0061-policy-modules-roles-sysadm-MLS-sysadm-rw-to-clearan.patch \
82 file://0062-policy-modules-system-mount-make-mount_t-domain-MLS-.patch \
83 file://0063-policy-modules-system-setrans-allow-setrans-to-acces.patch \
84 file://0064-policy-modules-admin-dmesg-make-dmesg_t-MLS-trusted-.patch \
85 file://0065-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch \
86 file://0066-policy-modules-system-init-make-init_t-MLS-trusted-f.patch \
87 file://0067-policy-modules-system-systemd-make-systemd-tmpfiles_.patch \
88 file://0068-policy-modules-system-logging-add-the-syslogd_t-to-t.patch \
89 file://0069-policy-modules-system-init-make-init_t-MLS-trusted-f.patch \
90 file://0070-policy-modules-system-init-all-init_t-to-read-any-le.patch \
91 file://0071-policy-modules-system-logging-allow-auditd_t-to-writ.patch \
92 file://0072-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch \
93 file://0073-policy-modules-system-systemd-make-systemd-logind-do.patch \
94 file://0074-policy-modules-system-systemd-systemd-user-sessions-.patch \
95 file://0075-policy-modules-system-systemd-systemd-networkd-make-.patch \
96 file://0076-policy-modules-system-systemd-systemd-resolved-make-.patch \
97 file://0077-policy-modules-system-systemd-make-systemd-modules_t.patch \
98 file://0078-policy-modules-system-systemd-systemd-gpt-auto-gener.patch \
99 file://0079-policy-modules-services-ntp-make-nptd_t-MLS-trusted-.patch \
100 file://0080-policy-modules-services-avahi-make-avahi_t-MLS-trust.patch \
101 "
56 102
57S = "${WORKDIR}/refpolicy" 103S = "${WORKDIR}/refpolicy"
58 104
@@ -85,7 +131,7 @@ POLICY_NAME ?= "${POLICY_TYPE}"
85POLICY_DISTRO ?= "redhat" 131POLICY_DISTRO ?= "redhat"
86POLICY_UBAC ?= "n" 132POLICY_UBAC ?= "n"
87POLICY_UNK_PERMS ?= "allow" 133POLICY_UNK_PERMS ?= "allow"
88POLICY_DIRECT_INITRC ?= "n" 134POLICY_DIRECT_INITRC ?= "y"
89POLICY_SYSTEMD ?= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'y', 'n', d)}" 135POLICY_SYSTEMD ?= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'y', 'n', d)}"
90POLICY_MONOLITHIC ?= "n" 136POLICY_MONOLITHIC ?= "n"
91POLICY_CUSTOM_BUILDOPT ?= "" 137POLICY_CUSTOM_BUILDOPT ?= ""
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-09 16:41:28 +0000