diff options
Diffstat (limited to 'recipes-security/selinux/selinux-sandbox_3.6.bb')
| -rw-r--r-- | recipes-security/selinux/selinux-sandbox_3.6.bb | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/recipes-security/selinux/selinux-sandbox_3.6.bb b/recipes-security/selinux/selinux-sandbox_3.6.bb new file mode 100644 index 0000000..2cb55d6 --- /dev/null +++ b/recipes-security/selinux/selinux-sandbox_3.6.bb | |||
| @@ -0,0 +1,31 @@ | |||
| 1 | SUMMARY = "Run cmd under an SELinux sandbox" | ||
| 2 | DESCRIPTION = "\ | ||
| 3 | Run application within a tightly confined SELinux domain. The default \ | ||
| 4 | sandbox domain only allows applications the ability to read and write \ | ||
| 5 | stdin, stdout and any other file descriptors handed to it." | ||
| 6 | SECTION = "base" | ||
| 7 | LICENSE = "GPL-2.0-or-later" | ||
| 8 | LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=393a5ca445f6965873eca0259a17f833" | ||
| 9 | |||
| 10 | require selinux_common.inc | ||
| 11 | |||
| 12 | SRC_URI += "file://sandbox-de-bashify.patch \ | ||
| 13 | " | ||
| 14 | |||
| 15 | S = "${WORKDIR}/git/sandbox" | ||
| 16 | |||
| 17 | DEPENDS = "libselinux libcap-ng gettext-native" | ||
| 18 | |||
| 19 | RDEPENDS:${PN} = "\ | ||
| 20 | python3-core \ | ||
| 21 | python3-math \ | ||
| 22 | python3-shell \ | ||
| 23 | python3-unixadmin \ | ||
| 24 | libselinux-python \ | ||
| 25 | selinux-python \ | ||
| 26 | " | ||
| 27 | |||
| 28 | FILES:${PN} += "\ | ||
| 29 | ${datadir}/sandbox/sandboxX.sh \ | ||
| 30 | ${datadir}/sandbox/start \ | ||
| 31 | " | ||