diff options
Diffstat (limited to 'recipes-security/selinux/selinux-sandbox_3.5.bb')
-rw-r--r-- | recipes-security/selinux/selinux-sandbox_3.5.bb | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/recipes-security/selinux/selinux-sandbox_3.5.bb b/recipes-security/selinux/selinux-sandbox_3.5.bb new file mode 100644 index 0000000..2cb55d6 --- /dev/null +++ b/recipes-security/selinux/selinux-sandbox_3.5.bb | |||
@@ -0,0 +1,31 @@ | |||
1 | SUMMARY = "Run cmd under an SELinux sandbox" | ||
2 | DESCRIPTION = "\ | ||
3 | Run application within a tightly confined SELinux domain. The default \ | ||
4 | sandbox domain only allows applications the ability to read and write \ | ||
5 | stdin, stdout and any other file descriptors handed to it." | ||
6 | SECTION = "base" | ||
7 | LICENSE = "GPL-2.0-or-later" | ||
8 | LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=393a5ca445f6965873eca0259a17f833" | ||
9 | |||
10 | require selinux_common.inc | ||
11 | |||
12 | SRC_URI += "file://sandbox-de-bashify.patch \ | ||
13 | " | ||
14 | |||
15 | S = "${WORKDIR}/git/sandbox" | ||
16 | |||
17 | DEPENDS = "libselinux libcap-ng gettext-native" | ||
18 | |||
19 | RDEPENDS:${PN} = "\ | ||
20 | python3-core \ | ||
21 | python3-math \ | ||
22 | python3-shell \ | ||
23 | python3-unixadmin \ | ||
24 | libselinux-python \ | ||
25 | selinux-python \ | ||
26 | " | ||
27 | |||
28 | FILES:${PN} += "\ | ||
29 | ${datadir}/sandbox/sandboxX.sh \ | ||
30 | ${datadir}/sandbox/start \ | ||
31 | " | ||