diff options
Diffstat (limited to 'recipes-security/selinux/selinux-sandbox.inc')
-rw-r--r-- | recipes-security/selinux/selinux-sandbox.inc | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/recipes-security/selinux/selinux-sandbox.inc b/recipes-security/selinux/selinux-sandbox.inc new file mode 100644 index 0000000..8616dd7 --- /dev/null +++ b/recipes-security/selinux/selinux-sandbox.inc | |||
@@ -0,0 +1,28 @@ | |||
1 | SUMMARY = "Run cmd under an SELinux sandbox" | ||
2 | DESCRIPTION = "\ | ||
3 | Run application within a tightly confined SELinux domain. The default \ | ||
4 | sandbox domain only allows applications the ability to read and write \ | ||
5 | stdin, stdout and any other file descriptors handed to it." | ||
6 | |||
7 | SECTION = "base" | ||
8 | LICENSE = "GPLv2+" | ||
9 | |||
10 | SRC_URI += "file://sandbox-de-bashify.patch \ | ||
11 | " | ||
12 | |||
13 | DEPENDS += "libcap-ng libselinux" | ||
14 | |||
15 | RDEPENDS_${PN} += "\ | ||
16 | python-math \ | ||
17 | python-shell \ | ||
18 | python-subprocess \ | ||
19 | python-textutils \ | ||
20 | python-unixadmin \ | ||
21 | libselinux-python \ | ||
22 | selinux-python \ | ||
23 | " | ||
24 | |||
25 | FILES_${PN} += "\ | ||
26 | ${datadir}/sandbox/sandboxX.sh \ | ||
27 | ${datadir}/sandbox/start \ | ||
28 | " | ||