1 files changed, 59 insertions, 89 deletions
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index 3d2eb89..dffc34a 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -1,5 +1,3 @@
-DEFAULT_ENFORCING ??= "enforcing"
 SECTION = "admin"
 LICENSE = "GPLv2"
@@ -24,91 +22,61 @@ SRC_URI += " \
        file://0004-fc-bash-apply-usr-bin-bash-context-to-bin-bash.bash.patch \
        file://0005-fc-resolv.conf-label-resolv.conf-in-var-run-properly.patch \
        file://0006-fc-login-apply-login-context-to-login.shadow.patch \
-        file://0007-fc-bind-fix-real-path-for-bind.patch \
+        file://0007-fc-hwclock-add-hwclock-alternatives.patch \
-        file://0008-fc-hwclock-add-hwclock-alternatives.patch \
+        file://0008-fc-dmesg-apply-policy-to-dmesg-alternatives.patch \
-        file://0009-fc-dmesg-apply-policy-to-dmesg-alternatives.patch \
+        file://0009-fc-ssh-apply-policy-to-ssh-alternatives.patch \
-        file://0010-fc-ssh-apply-policy-to-ssh-alternatives.patch \
+        file://0010-fc-sysnetwork-apply-policy-to-network-commands-alter.patch \
-        file://0011-fc-sysnetwork-apply-policy-to-ip-alternatives.patch \
+        file://0011-fc-udev-apply-policy-to-udevadm-in-libexec.patch \
-        file://0012-fc-udev-apply-policy-to-udevadm-in-libexec.patch \
+        file://0012-fc-rpm-apply-rpm_exec-policy-to-cpio-binaries.patch \
-        file://0013-fc-rpm-apply-rpm_exec-policy-to-cpio-binaries.patch \
+        file://0013-fc-su-apply-policy-to-su-alternatives.patch \
-        file://0014-fc-su-apply-policy-to-su-alternatives.patch \
+        file://0014-fc-fstools-fix-real-path-for-fstools.patch \
-        file://0015-fc-fstools-fix-real-path-for-fstools.patch \
+        file://0015-fc-init-fix-update-alternatives-for-sysvinit.patch \
-        file://0016-fc-init-fix-update-alternatives-for-sysvinit.patch \
+        file://0016-fc-brctl-apply-policy-to-brctl-alternatives.patch \
-        file://0017-fc-brctl-apply-policy-to-brctl-alternatives.patch \
+        file://0017-fc-corecommands-apply-policy-to-nologin-alternatives.patch \
-        file://0018-fc-corecommands-apply-policy-to-nologin-alternatives.patch \
+        file://0018-fc-locallogin-apply-policy-to-sulogin-alternatives.patch \
-        file://0019-fc-locallogin-apply-policy-to-sulogin-alternatives.patch \
+        file://0019-fc-ntp-apply-policy-to-ntpd-alternatives.patch \
-        file://0020-fc-ntp-apply-policy-to-ntpd-alternatives.patch \
+        file://0020-fc-kerberos-apply-policy-to-kerberos-alternatives.patch \
-        file://0021-fc-kerberos-apply-policy-to-kerberos-alternatives.patch \
+        file://0021-fc-ldap-apply-policy-to-ldap-alternatives.patch \
-        file://0022-fc-ldap-apply-policy-to-ldap-alternatives.patch \
+        file://0022-fc-postgresql-apply-policy-to-postgresql-alternative.patch \
-        file://0023-fc-postgresql-apply-policy-to-postgresql-alternative.patch \
+        file://0023-fc-screen-apply-policy-to-screen-alternatives.patch \
-        file://0024-fc-screen-apply-policy-to-screen-alternatives.patch \
+        file://0024-fc-usermanage-apply-policy-to-usermanage-alternative.patch \
-        file://0025-fc-usermanage-apply-policy-to-usermanage-alternative.patch \
+        file://0025-fc-getty-add-file-context-to-start_getty.patch \
-        file://0026-fc-getty-add-file-context-to-start_getty.patch \
+        file://0026-fc-vlock-apply-policy-to-vlock-alternatives.patch \
-        file://0027-fc-init-add-file-context-to-etc-network-if-files.patch \
+        file://0027-fc-add-fcontext-for-init-scripts-and-systemd-service.patch \
-        file://0028-fc-vlock-apply-policy-to-vlock-alternatives.patch \
+        file://0028-file_contexts.subs_dist-set-aliase-for-root-director.patch \
-        file://0029-fc-cron-apply-policy-to-etc-init.d-crond.patch \
+        file://0029-policy-modules-system-logging-add-rules-for-the-syml.patch \
-        file://0030-fc-sysnetwork-update-file-context-for-ifconfig.patch \
+        file://0030-policy-modules-system-logging-add-rules-for-syslogd-.patch \
-        file://0031-file_contexts.subs_dist-set-aliase-for-root-director.patch \
+        file://0031-policy-modules-kernel-files-add-rules-for-the-symlin.patch \
-        file://0032-policy-modules-system-logging-add-rules-for-the-syml.patch \
+        file://0032-policy-modules-system-logging-fix-auditd-startup-fai.patch \
-        file://0033-policy-modules-system-logging-add-rules-for-syslogd-.patch \
+        file://0033-policy-modules-kernel-terminal-don-t-audit-tty_devic.patch \
-        file://0034-policy-modules-kernel-files-add-rules-for-the-symlin.patch \
+        file://0034-policy-modules-system-modutils-allow-mod_t-to-access.patch \
-        file://0035-policy-modules-system-logging-fix-auditd-startup-fai.patch \
+        file://0035-policy-modules-system-getty-allow-getty_t-to-search-.patch \
-        file://0036-policy-modules-kernel-terminal-don-t-audit-tty_devic.patch \
+        file://0036-policy-modules-services-rpcbind-allow-rpcbind_t-to-c.patch \
-        file://0037-policy-modules-system-modutils-allow-mod_t-to-access.patch \
+        file://0037-policy-modules-admin-usermanage-allow-useradd-to-rel.patch \
-        file://0038-policy-modules-services-avahi-allow-avahi_t-to-watch.patch \
+        file://0038-policy-modules-system-systemd-enable-support-for-sys.patch \
-        file://0039-policy-modules-system-getty-allow-getty_t-to-search-.patch \
+        file://0039-policy-modules-system-systemd-fix-systemd-resolved-s.patch \
-        file://0040-policy-modules-services-bluetooth-fix-bluetoothd-sta.patch \
+        file://0040-policy-modules-system-systemd-allow-systemd_-_t-to-g.patch \
-        file://0041-policy-modules-roles-sysadm-allow-sysadm-to-run-rpci.patch \
+        file://0041-policy-modules-system-logging-fix-syslogd-failures-f.patch \
-        file://0042-policy-modules-services-rpc-add-capability-dac_read_.patch \
+        file://0042-policy-modules-system-systemd-systemd-user-fixes.patch \
-        file://0043-policy-modules-services-rpcbind-allow-rpcbind_t-to-c.patch \
+        file://0043-policy-modules-system-sysnetwork-support-priviledge-.patch \
-        file://0044-policy-modules-services-rngd-fix-security-context-fo.patch \
+        file://0044-policy-modules-system-modutils-allow-kmod_t-to-write.patch \
-        file://0045-policy-modules-services-ssh-allow-ssh_keygen_t-to-re.patch \
+        file://0045-policy-modules-system-systemd-allow-systemd_logind_t.patch \
-        file://0046-policy-modules-services-ssh-make-respective-init-scr.patch \
+        file://0046-policy-modules-system-mount-make-mount_t-domain-MLS-.patch \
-        file://0047-policy-modules-kernel-terminal-allow-loging-to-reset.patch \
+        file://0047-policy-modules-roles-sysadm-MLS-sysadm-rw-to-clearan.patch \
-        file://0048-policy-modules-system-selinuxutil-allow-semanage_t-t.patch \
+        file://0048-policy-modules-services-rpc-make-nfsd_t-domain-MLS-t.patch \
-        file://0049-policy-modules-system-systemd-enable-support-for-sys.patch \
+        file://0049-policy-modules-admin-dmesg-make-dmesg_t-MLS-trusted-.patch \
-        file://0050-policy-modules-system-systemd-fix-systemd-resolved-s.patch \
+        file://0050-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch \
-        file://0051-policy-modules-system-init-add-capability2-bpf-and-p.patch \
+        file://0051-policy-modules-system-init-make-init_t-MLS-trusted-f.patch \
-        file://0052-policy-modules-system-systemd-allow-systemd_logind_t.patch \
+        file://0052-policy-modules-system-systemd-make-systemd-tmpfiles_.patch \
-        file://0053-policy-modules-system-logging-set-label-devlog_t-to-.patch \
+        file://0053-policy-modules-system-systemd-systemd-make-systemd_-.patch \
-        file://0054-policy-modules-system-systemd-support-systemd-user.patch \
+        file://0054-policy-modules-system-logging-add-the-syslogd_t-to-t.patch \
-        file://0055-policy-modules-system-systemd-allow-systemd-generato.patch \
+        file://0055-policy-modules-system-init-make-init_t-MLS-trusted-f.patch \
-        file://0056-policy-modules-system-systemd-allow-systemd_backligh.patch \
+        file://0056-policy-modules-system-init-all-init_t-to-read-any-le.patch \
-        file://0057-policy-modules-system-logging-fix-systemd-journald-s.patch \
+        file://0057-policy-modules-system-logging-allow-auditd_t-to-writ.patch \
-        file://0058-policy-modules-services-cron-allow-crond_t-to-search.patch \
+        file://0058-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch \
-        file://0059-policy-modules-services-crontab-allow-sysadm_r-to-ru.patch \
+        file://0059-policy-modules-system-setrans-allow-setrans_t-use-fd.patch \
-        file://0060-policy-modules-system-sysnetwork-support-priviledge-.patch \
+        file://0060-policy-modules-system-systemd-make-_systemd_t-MLS-tr.patch \
-        file://0061-policy-modules-services-acpi-allow-acpid-to-watch-th.patch \
+        file://0061-policy-modules-system-logging-make-syslogd_runtime_t.patch \
-        file://0062-policy-modules-system-setrans-allow-setrans-to-acces.patch \
-        file://0063-policy-modules-system-modutils-allow-kmod_t-to-write.patch \
-        file://0064-policy-modules-roles-sysadm-allow-sysadm_t-to-watch-.patch \
-        file://0065-policy-modules-system-selinux-allow-setfiles_t-to-re.patch \
-        file://0066-policy-modules-system-mount-make-mount_t-domain-MLS-.patch \
-        file://0067-policy-modules-roles-sysadm-MLS-sysadm-rw-to-clearan.patch \
-        file://0068-policy-modules-services-rpc-make-nfsd_t-domain-MLS-t.patch \
-        file://0069-policy-modules-admin-dmesg-make-dmesg_t-MLS-trusted-.patch \
-        file://0070-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch \
-        file://0071-policy-modules-system-init-make-init_t-MLS-trusted-f.patch \
-        file://0072-policy-modules-system-systemd-make-systemd-tmpfiles_.patch \
-        file://0073-policy-modules-system-logging-add-the-syslogd_t-to-t.patch \
-        file://0074-policy-modules-system-init-make-init_t-MLS-trusted-f.patch \
-        file://0075-policy-modules-system-init-all-init_t-to-read-any-le.patch \
-        file://0076-policy-modules-system-logging-allow-auditd_t-to-writ.patch \
-        file://0077-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch \
-        file://0078-policy-modules-system-systemd-make-systemd-logind-do.patch \
-        file://0079-policy-modules-system-systemd-systemd-user-sessions-.patch \
-        file://0080-policy-modules-system-systemd-systemd-make-systemd_-.patch \
-        file://0081-policy-modules-services-ntp-make-nptd_t-MLS-trusted-.patch \
-        file://0082-policy-modules-system-setrans-allow-setrans_t-use-fd.patch \
-        file://0083-policy-modules-services-acpi-make-acpid_t-domain-MLS.patch \
-        file://0084-policy-modules-services-avahi-make-avahi_t-MLS-trust.patch \
-        file://0085-policy-modules-services-bluetooth-make-bluetooth_t-d.patch \
-        file://0086-policy-modules-system-sysnetwork-make-dhcpc_t-domain.patch \
-        file://0087-policy-modules-services-inetd-make-inetd_t-domain-ML.patch \
-        file://0088-policy-modules-services-bind-make-named_t-domain-MLS.patch \
-        file://0089-policy-modules-services-rpc-make-rpcd_t-MLS-trusted-.patch \
-        file://0090-policy-modules-system-systemd-make-_systemd_t-MLS-tr.patch \
-        file://0091-fc-usermanage-update-file-context-for-chfn-chsh.patch \
        "
 S = "${WORKDIR}/refpolicy"
@@ -138,8 +106,10 @@ inherit python3native
 PARALLEL_MAKE = ""
+DEFAULT_ENFORCING ??= "enforcing"
 POLICY_NAME ?= "${POLICY_TYPE}"
-POLICY_DISTRO ?= "redhat"
+POLICY_DISTRO ?= "debian"
 POLICY_UBAC ?= "n"
 POLICY_UNK_PERMS ?= "allow"
 POLICY_DIRECT_INITRC ?= "y"
@@ -238,7 +208,7 @@ path = ${STAGING_DIR_NATIVE}${sbindir_native}/sefcontext_compile
 args = \$@
 [end]
-policy-version = 31
+policy-version = 33
 EOF
        # Create policy store and build the policy

diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc index 3d2eb89..dffc34a 100644 --- a/recipes-security/refpolicy/refpolicy_common.inc +++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -1,5 +1,3 @@
1	DEFAULT_ENFORCING ??= "enforcing"
2
3	SECTION = "admin"	1	SECTION = "admin"
4	LICENSE = "GPLv2"	2	LICENSE = "GPLv2"
5		3
@@ -24,91 +22,61 @@ SRC_URI += " \
24	file://0004-fc-bash-apply-usr-bin-bash-context-to-bin-bash.bash.patch \	22	file://0004-fc-bash-apply-usr-bin-bash-context-to-bin-bash.bash.patch \
25	file://0005-fc-resolv.conf-label-resolv.conf-in-var-run-properly.patch \	23	file://0005-fc-resolv.conf-label-resolv.conf-in-var-run-properly.patch \
26	file://0006-fc-login-apply-login-context-to-login.shadow.patch \	24	file://0006-fc-login-apply-login-context-to-login.shadow.patch \
27	file://0007-fc-bind-fix-real-path-for-bind.patch \	25	file://0007-fc-hwclock-add-hwclock-alternatives.patch \
28	file://0008-fc-hwclock-add-hwclock-alternatives.patch \	26	file://0008-fc-dmesg-apply-policy-to-dmesg-alternatives.patch \
29	file://0009-fc-dmesg-apply-policy-to-dmesg-alternatives.patch \	27	file://0009-fc-ssh-apply-policy-to-ssh-alternatives.patch \
30	file://0010-fc-ssh-apply-policy-to-ssh-alternatives.patch \	28	file://0010-fc-sysnetwork-apply-policy-to-network-commands-alter.patch \
31	file://0011-fc-sysnetwork-apply-policy-to-ip-alternatives.patch \	29	file://0011-fc-udev-apply-policy-to-udevadm-in-libexec.patch \
32	file://0012-fc-udev-apply-policy-to-udevadm-in-libexec.patch \	30	file://0012-fc-rpm-apply-rpm_exec-policy-to-cpio-binaries.patch \
33	file://0013-fc-rpm-apply-rpm_exec-policy-to-cpio-binaries.patch \	31	file://0013-fc-su-apply-policy-to-su-alternatives.patch \
34	file://0014-fc-su-apply-policy-to-su-alternatives.patch \	32	file://0014-fc-fstools-fix-real-path-for-fstools.patch \
35	file://0015-fc-fstools-fix-real-path-for-fstools.patch \	33	file://0015-fc-init-fix-update-alternatives-for-sysvinit.patch \
36	file://0016-fc-init-fix-update-alternatives-for-sysvinit.patch \	34	file://0016-fc-brctl-apply-policy-to-brctl-alternatives.patch \
37	file://0017-fc-brctl-apply-policy-to-brctl-alternatives.patch \	35	file://0017-fc-corecommands-apply-policy-to-nologin-alternatives.patch \
38	file://0018-fc-corecommands-apply-policy-to-nologin-alternatives.patch \	36	file://0018-fc-locallogin-apply-policy-to-sulogin-alternatives.patch \
39	file://0019-fc-locallogin-apply-policy-to-sulogin-alternatives.patch \	37	file://0019-fc-ntp-apply-policy-to-ntpd-alternatives.patch \
40	file://0020-fc-ntp-apply-policy-to-ntpd-alternatives.patch \	38	file://0020-fc-kerberos-apply-policy-to-kerberos-alternatives.patch \
41	file://0021-fc-kerberos-apply-policy-to-kerberos-alternatives.patch \	39	file://0021-fc-ldap-apply-policy-to-ldap-alternatives.patch \
42	file://0022-fc-ldap-apply-policy-to-ldap-alternatives.patch \	40	file://0022-fc-postgresql-apply-policy-to-postgresql-alternative.patch \
43	file://0023-fc-postgresql-apply-policy-to-postgresql-alternative.patch \	41	file://0023-fc-screen-apply-policy-to-screen-alternatives.patch \
44	file://0024-fc-screen-apply-policy-to-screen-alternatives.patch \	42	file://0024-fc-usermanage-apply-policy-to-usermanage-alternative.patch \
45	file://0025-fc-usermanage-apply-policy-to-usermanage-alternative.patch \	43	file://0025-fc-getty-add-file-context-to-start_getty.patch \
46	file://0026-fc-getty-add-file-context-to-start_getty.patch \	44	file://0026-fc-vlock-apply-policy-to-vlock-alternatives.patch \
47	file://0027-fc-init-add-file-context-to-etc-network-if-files.patch \	45	file://0027-fc-add-fcontext-for-init-scripts-and-systemd-service.patch \
48	file://0028-fc-vlock-apply-policy-to-vlock-alternatives.patch \	46	file://0028-file_contexts.subs_dist-set-aliase-for-root-director.patch \
49	file://0029-fc-cron-apply-policy-to-etc-init.d-crond.patch \	47	file://0029-policy-modules-system-logging-add-rules-for-the-syml.patch \
50	file://0030-fc-sysnetwork-update-file-context-for-ifconfig.patch \	48	file://0030-policy-modules-system-logging-add-rules-for-syslogd-.patch \
51	file://0031-file_contexts.subs_dist-set-aliase-for-root-director.patch \	49	file://0031-policy-modules-kernel-files-add-rules-for-the-symlin.patch \
52	file://0032-policy-modules-system-logging-add-rules-for-the-syml.patch \	50	file://0032-policy-modules-system-logging-fix-auditd-startup-fai.patch \
53	file://0033-policy-modules-system-logging-add-rules-for-syslogd-.patch \	51	file://0033-policy-modules-kernel-terminal-don-t-audit-tty_devic.patch \
54	file://0034-policy-modules-kernel-files-add-rules-for-the-symlin.patch \	52	file://0034-policy-modules-system-modutils-allow-mod_t-to-access.patch \
55	file://0035-policy-modules-system-logging-fix-auditd-startup-fai.patch \	53	file://0035-policy-modules-system-getty-allow-getty_t-to-search-.patch \
56	file://0036-policy-modules-kernel-terminal-don-t-audit-tty_devic.patch \	54	file://0036-policy-modules-services-rpcbind-allow-rpcbind_t-to-c.patch \
57	file://0037-policy-modules-system-modutils-allow-mod_t-to-access.patch \	55	file://0037-policy-modules-admin-usermanage-allow-useradd-to-rel.patch \
58	file://0038-policy-modules-services-avahi-allow-avahi_t-to-watch.patch \	56	file://0038-policy-modules-system-systemd-enable-support-for-sys.patch \
59	file://0039-policy-modules-system-getty-allow-getty_t-to-search-.patch \	57	file://0039-policy-modules-system-systemd-fix-systemd-resolved-s.patch \
60	file://0040-policy-modules-services-bluetooth-fix-bluetoothd-sta.patch \	58	file://0040-policy-modules-system-systemd-allow-systemd_-_t-to-g.patch \
61	file://0041-policy-modules-roles-sysadm-allow-sysadm-to-run-rpci.patch \	59	file://0041-policy-modules-system-logging-fix-syslogd-failures-f.patch \
62	file://0042-policy-modules-services-rpc-add-capability-dac_read_.patch \	60	file://0042-policy-modules-system-systemd-systemd-user-fixes.patch \
63	file://0043-policy-modules-services-rpcbind-allow-rpcbind_t-to-c.patch \	61	file://0043-policy-modules-system-sysnetwork-support-priviledge-.patch \
64	file://0044-policy-modules-services-rngd-fix-security-context-fo.patch \	62	file://0044-policy-modules-system-modutils-allow-kmod_t-to-write.patch \
65	file://0045-policy-modules-services-ssh-allow-ssh_keygen_t-to-re.patch \	63	file://0045-policy-modules-system-systemd-allow-systemd_logind_t.patch \
66	file://0046-policy-modules-services-ssh-make-respective-init-scr.patch \	64	file://0046-policy-modules-system-mount-make-mount_t-domain-MLS-.patch \
67	file://0047-policy-modules-kernel-terminal-allow-loging-to-reset.patch \	65	file://0047-policy-modules-roles-sysadm-MLS-sysadm-rw-to-clearan.patch \
68	file://0048-policy-modules-system-selinuxutil-allow-semanage_t-t.patch \	66	file://0048-policy-modules-services-rpc-make-nfsd_t-domain-MLS-t.patch \
69	file://0049-policy-modules-system-systemd-enable-support-for-sys.patch \	67	file://0049-policy-modules-admin-dmesg-make-dmesg_t-MLS-trusted-.patch \
70	file://0050-policy-modules-system-systemd-fix-systemd-resolved-s.patch \	68	file://0050-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch \
71	file://0051-policy-modules-system-init-add-capability2-bpf-and-p.patch \	69	file://0051-policy-modules-system-init-make-init_t-MLS-trusted-f.patch \
72	file://0052-policy-modules-system-systemd-allow-systemd_logind_t.patch \	70	file://0052-policy-modules-system-systemd-make-systemd-tmpfiles_.patch \
73	file://0053-policy-modules-system-logging-set-label-devlog_t-to-.patch \	71	file://0053-policy-modules-system-systemd-systemd-make-systemd_-.patch \
74	file://0054-policy-modules-system-systemd-support-systemd-user.patch \	72	file://0054-policy-modules-system-logging-add-the-syslogd_t-to-t.patch \
75	file://0055-policy-modules-system-systemd-allow-systemd-generato.patch \	73	file://0055-policy-modules-system-init-make-init_t-MLS-trusted-f.patch \
76	file://0056-policy-modules-system-systemd-allow-systemd_backligh.patch \	74	file://0056-policy-modules-system-init-all-init_t-to-read-any-le.patch \
77	file://0057-policy-modules-system-logging-fix-systemd-journald-s.patch \	75	file://0057-policy-modules-system-logging-allow-auditd_t-to-writ.patch \
78	file://0058-policy-modules-services-cron-allow-crond_t-to-search.patch \	76	file://0058-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch \
79	file://0059-policy-modules-services-crontab-allow-sysadm_r-to-ru.patch \	77	file://0059-policy-modules-system-setrans-allow-setrans_t-use-fd.patch \
80	file://0060-policy-modules-system-sysnetwork-support-priviledge-.patch \	78	file://0060-policy-modules-system-systemd-make-_systemd_t-MLS-tr.patch \
81	file://0061-policy-modules-services-acpi-allow-acpid-to-watch-th.patch \	79	file://0061-policy-modules-system-logging-make-syslogd_runtime_t.patch \
82	file://0062-policy-modules-system-setrans-allow-setrans-to-acces.patch \
83	file://0063-policy-modules-system-modutils-allow-kmod_t-to-write.patch \
84	file://0064-policy-modules-roles-sysadm-allow-sysadm_t-to-watch-.patch \
85	file://0065-policy-modules-system-selinux-allow-setfiles_t-to-re.patch \
86	file://0066-policy-modules-system-mount-make-mount_t-domain-MLS-.patch \
87	file://0067-policy-modules-roles-sysadm-MLS-sysadm-rw-to-clearan.patch \
88	file://0068-policy-modules-services-rpc-make-nfsd_t-domain-MLS-t.patch \
89	file://0069-policy-modules-admin-dmesg-make-dmesg_t-MLS-trusted-.patch \
90	file://0070-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch \
91	file://0071-policy-modules-system-init-make-init_t-MLS-trusted-f.patch \
92	file://0072-policy-modules-system-systemd-make-systemd-tmpfiles_.patch \
93	file://0073-policy-modules-system-logging-add-the-syslogd_t-to-t.patch \
94	file://0074-policy-modules-system-init-make-init_t-MLS-trusted-f.patch \
95	file://0075-policy-modules-system-init-all-init_t-to-read-any-le.patch \
96	file://0076-policy-modules-system-logging-allow-auditd_t-to-writ.patch \
97	file://0077-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch \
98	file://0078-policy-modules-system-systemd-make-systemd-logind-do.patch \
99	file://0079-policy-modules-system-systemd-systemd-user-sessions-.patch \
100	file://0080-policy-modules-system-systemd-systemd-make-systemd_-.patch \
101	file://0081-policy-modules-services-ntp-make-nptd_t-MLS-trusted-.patch \
102	file://0082-policy-modules-system-setrans-allow-setrans_t-use-fd.patch \
103	file://0083-policy-modules-services-acpi-make-acpid_t-domain-MLS.patch \
104	file://0084-policy-modules-services-avahi-make-avahi_t-MLS-trust.patch \
105	file://0085-policy-modules-services-bluetooth-make-bluetooth_t-d.patch \
106	file://0086-policy-modules-system-sysnetwork-make-dhcpc_t-domain.patch \
107	file://0087-policy-modules-services-inetd-make-inetd_t-domain-ML.patch \
108	file://0088-policy-modules-services-bind-make-named_t-domain-MLS.patch \
109	file://0089-policy-modules-services-rpc-make-rpcd_t-MLS-trusted-.patch \
110	file://0090-policy-modules-system-systemd-make-_systemd_t-MLS-tr.patch \
111	file://0091-fc-usermanage-update-file-context-for-chfn-chsh.patch \
112	"	80	"
113		81
114	S = "${WORKDIR}/refpolicy"	82	S = "${WORKDIR}/refpolicy"
@@ -138,8 +106,10 @@ inherit python3native
138		106
139	PARALLEL_MAKE = ""	107	PARALLEL_MAKE = ""
140		108
		109	DEFAULT_ENFORCING ??= "enforcing"
		110
141	POLICY_NAME ?= "${POLICY_TYPE}"	111	POLICY_NAME ?= "${POLICY_TYPE}"
142	POLICY_DISTRO ?= "redhat"	112	POLICY_DISTRO ?= "debian"
143	POLICY_UBAC ?= "n"	113	POLICY_UBAC ?= "n"
144	POLICY_UNK_PERMS ?= "allow"	114	POLICY_UNK_PERMS ?= "allow"
145	POLICY_DIRECT_INITRC ?= "y"	115	POLICY_DIRECT_INITRC ?= "y"
@@ -238,7 +208,7 @@ path = ${STAGING_DIR_NATIVE}${sbindir_native}/sefcontext_compile
238	args = \$@	208	args = \$@
239	[end]	209	[end]
240		210
241	policy-version = 31	211	policy-version = 33
242	EOF	212	EOF
243		213
244	# Create policy store and build the policy	214	# Create policy store and build the policy