| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
| |
Merge inc file into bb file.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
| |
* Merge inc file into bb file.
* Drop obsolete patches:
libsemanage-define-FD_CLOEXEC-as-necessary.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Merge inc file into bb file.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Merge inc file into bb file.
* Drop obsolete patches:
0001-libselinux-do-not-define-gettid-for-musl.patch
libselinux-define-FD_CLOEXEC-as-necessary.patch
libselinux-make-O_CLOEXEC-optional.patch
libselinux-make-SOCK_CLOEXEC-optional.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Merge inc file into bb file.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Drop selinux_DATE.inc since upstream now uses X.Y version instead of
date for release tag[1]. Move its content to selinux_common.inc.
* Switch to git repo in SRC_URI, then all selinux recipes can use
unified source.
[1] https://github.com/SELinuxProject/selinux/commit/f63ac245f7addf832e8cde3cc4f26607b738994d
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the error below:
gcc: error: unrecognized command line option
‘-fmacro-prefix-map=/path/to/build/libselinux-python/3.0-r0=/usr/src/debug/libselinux-python/3.0-r0’
Without inheriting the config, supposedly a wrong compiler is used.
Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
| |
* Update to latest git rev.
* Drop obsolete and unused patches.
* Rebase patches.
* Add patches to make systemd --user work.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some directories are created by populate-volatile.sh. We need to restore
their security contexts.
Before the patch:
$ ls -dZ /tmp /var/tmp /var/lock /var/run
system_u:object_r:root_t /tmp
system_u:object_r:var_t /var/lock
system_u:object_r:var_t /var/run
system_u:object_r:var_t /var/tmp
After the patch:
$ ls -dZ /tmp /var/tmp /var/lock /var/run
system_u:object_r:tmp_t /tmp
system_u:object_r:var_lock_t /var/lock
system_u:object_r:var_run_t /var/run
system_u:object_r:tmp_t /var/tmp
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
| |
Install auditd which will help the users debug and eliminate the audit
logs on screen.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
| |
Drop backported patch:
0001-lib-arm_table.h-update-arm-syscall-table.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
| |
The audisp-* files should be in audispd-plugins package rather than
auditd package.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove bbappend since parted 3.4 has removed the enable_selinux
configure option[1].
Fixes:
QA Issue: parted: configure was passed unrecognised options: --enable-selinux [unknown-configure-option]
[1] https://git.savannah.gnu.org/cgit/parted.git/commit/?id=059200d50beb259c54469ae65f2d034af48ff849
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
| |
Fix build error when selinux feature is not enabled:
sepolgen-ifgen-attr-helper.c:29:10: fatal error: selinux/selinux.h: No such file or directory
29 | #include <selinux/selinux.h>
| ^~~~~~~~~~~~~~~~~~~
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LOCALEDIR should be set to target path,
e.g. /usr/share/locale not host absolute path.
This prevent to build reproducible package.
LOCALEDIR constructed from:
$(DESTDIR)$(PREFIX)/share/locale
Change PREFIX from ${D} to ${prefix}.
DESTDIR is not set during compilation and
is set to proper value during install.
Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
| |
Remove bbappend since the misc_create_inode.c-label_rootfs.patch has
been merged upstream[1].
[1] https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=7616fd6a599e44c5700c2c3a2e08979c6c5c747e
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Refer to Glibc 2.32, add *_time64 syscalls.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
| |
Refresh patch:
fix-sepolicy-install-path.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
| |
Drop backported patch:
0001-checkpolicy-remove-unused-te_assertions.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
| |
* Drop obsolete patch:
libsemanage-drop-Wno-unused-but-set-variable.patch
* Refresh patch:
libsemanage-allow-to-disable-audit-support.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
| |
Refresh patches:
0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
0001-Makefile-fix-python-modules-install-path-for-multili.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Drop backported and obsolete patches:
0001-Fix-building-against-musl-and-uClibc-libc-libraries.patch
libselinux-drop-Wno-unused-but-set-variable.patch
Add patch to fix build on musl:
0001-libselinux-do-not-define-gettid-for-musl.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
| |
Drop backported patches:
0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch
0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Drop backported patches:
0001-Header-definitions-need-to-be-external-when-building.patch
0001-lib-i386_table.h-add-new-syscall.patch
Add-substitue-functions-for-strndupa-rawmemchr.patch
* Refresh patch:
Fixed-swig-host-contamination-issue.patch
* Update auditd.service.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We encountered a runtime error for auditctl on lib32 image for aarch64:
root@xilinx-zynqmp:~# auditctl -a always,exit -F arch=b32 -S adjtimex -k TEST-time-change
arch elf mapping not found
The root cause is the aarch64 processor support is not enabled for arm
build. Refer to Debian[1] and Fedora[2], actually we can enable
arm/aarch64 processor support unconditionally.
[1] https://salsa.debian.org/debian/audit/-/commit/8c6b2049bafb52712ca981e73d5b79d5bd97e08e
[2] https://src.fedoraproject.org/rpms/audit/blob/master/f/audit.spec
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The python3 target configuration has been split into own class in
oe-core commit 5a118d4e7985fa88f04c3611f8db813f0dafce75.
Inherit it to fix the build error.
Fixes:
selinuxswig_python_wrap.o: file not recognized: File format not recognized
collect2: error: ld returned 1 exit status
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Py_UNICODE_COPY, Py_UNICODE_FILL, PyUnicode_WSTR_LENGTH,
PyUnicode_FromUnicode(), PyUnicode_AsUnicode(), _PyUnicode_AsUnicode,
and PyUnicode_AsUnicodeAndSize() are marked as deprecated in Python 3.9.
(See: https://docs.python.org/3/whatsnew/3.9.html). But the current
python3-cython (0.29.21) hasn't adapt it yet.
Append '-Wno-deprecated-declarations' in CFLAGS as a workaround to fix
the build issue.
Fixes:
In file included from
/build/tmp-glibc/work/corei7-64-wrs-linux/setools/4.3.0-r0/recipe-sysroot/usr/include/python3.9/unicodeobject.h:1026,
from /build/tmp-glibc/work/corei7-64-wrs-linux/setools/4.3.0-r0/recipe-sysroot/usr/include/python3.9/Python.h:97,
from setools/policyrep.c:49:
/build/tmp-glibc/work/corei7-64-wrs-linux/setools/4.3.0-r0/recipe-sysroot/usr/include/python3.9/cpython/unicodeobject.h:446:26:
note: declared here
446 | static inline Py_ssize_t _PyUnicode_get_wstr_length(PyObject *op) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
setools/policyrep.c:97302:3: error: 'PyUnicode_AsUnicode' is deprecated [-Werror=deprecated-declarations]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Aníbal Limón <anibal.limon@linaro.org>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
| |
The ifconfig was moved from sbin to bin with oe-core commit:
c9caff40ff61c08e24a84922f8d7c8e9cdf8883e. Update the file context for
it.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
| |
The selinux-init/autorelabel/labeldev services have a constraint of
Before=sysinit.arget. So it is better to install them to sysinit.target
rather than multi-user.target.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
| |
Fixes:
${PN}_RDEPENDS -> RDEPENDS_${PN}
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
The netstat-selinux-support.patch has been merged upstream. So drop it.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
dhcp has been removed, thus removing its bbappend file.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
| |
Enable using setools for analyzing the built SELinux policy
during the build.
Signed-off-by: Oleksii Miroshko <miroshko@gmail.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
| |
* Drop obsolete and unused patches.
* Rebase patches.
* Add patches to make systemd and sysvinit can work with all policy types.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
| |
We don't need to set security context for /dev/log after syslogd daemon
startup because it is already set by udev. We just need to set the
correct security context for symbolic link /var/log before syslogd
startup.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default /var/log is a symbolic link of /var/volatile/log. But
restorecon does not follow symbolic links then we will encounter the
following error when set /var/log/audit directory:
$ /sbin/restorecon -F /var/log/audit
/sbin/restorecon: SELinux: Could not get canonical path for /var/log/audit restorecon: Permission denied.
Use readlink to find the real path before set security context.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
| |
There is no need to maintain two versions of repolicy. Drop this version
and only keep the git version.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport a patch to remove unused te_assertions to fix the
build failure on fedora 32.
Fixes:
| /build/tmp-glibc/hosttools/ld: policy_define.o:(.bss+0x28): multiple definition of `te_assertions'/build/tmp-glibc/hosttools/ld: policy_define.o:(.bss+0x28): multiple definition of `te_assertions'; y.tab.o:(.bss+0x18): first defined here
| collect2: error: ld returned 1 exit status
| make: *** [Makefile:33: checkpolicy] Error 1
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport 2 patches to fix the build errors on Fedora 32.
Fixes:
[snip]
../cil/src/cil_verify.lo:(.bss+0x4f0): multiple definition of `CIL_KEY_CONS_T3';
../cil/src/cil_verify.lo:(.bss+0x4f8): multiple definition of `CIL_KEY_CONS_T2';
../cil/src/cil_verify.lo:(.bss+0x500): multiple definition of `CIL_KEY_CONS_T1';
../cil/src/cil_verify.lo:(.bss+0x508): multiple definition of `cil_mem_error_handler';
[snip]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|