summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* checkpolicy: upgrade 3.4 -> 3.5Yi Zhao2023-03-271-1/+1
| | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libsemanage: upgrade 3.4 -> 3.5Yi Zhao2023-03-271-6/+7
| | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux-python: upgrade 3.4 -> 3.5Yi Zhao2023-03-273-15/+19
| | | | | | | | * Add dependency python3-setuptools-scm-native to fix build error. * Refresh patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux: upgrade 3.4 -> 3.5Yi Zhao2023-03-271-0/+0
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libsepol: upgrade 3.4 -> 3.5Yi Zhao2023-03-272-83/+1
| | | | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. * Drop backport patch. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux: upgrade 3.4 -> 3.5Yi Zhao2023-03-271-1/+1
| | | | | | | | ChangeLog: https://github.com/SELinuxProject/selinux/releases/tag/3.5 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: update to latest git revYi Zhao2023-03-273-38/+1
| | | | | | | | Drop 0003-refpolicy-minimum-make-dbus-module-optional.patch as the issue has been fixed upstream. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* gitignore: add itYi Zhao2023-03-271-0/+7
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* linux-yocto: drop version from bbappendYi Zhao2023-03-061-0/+0
| | | | | | | Make the bbappend available for 5.x and 6.x kernels. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* setools: upgrade 4.4.0 -> 4.4.1Yi Zhao2023-03-061-2/+2
| | | | | | | | | | | | Changelog: https://github.com/SELinuxProject/setools/releases/tag/4.4.1 License-Update: Refine COPYING text. No license changes.[1] [1] https://github.com/SELinuxProject/setools/commit/fff1906ff436835108b62bf46616e19705183dfb Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* layer.conf: update LAYERSERIES_COMPAT for mickledoreYi Zhao2023-01-171-1/+1
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* psmisc: move PACKAGECONFIG to oe-coreMingli Yu2022-12-141-1/+0
| | | | | | | | | Move PACKAGECONFIG setting to oe-core [1] to conform to yocto compliance. [1] https://git.openembedded.org/openembedded-core/commit/?id=d2aa518163a4836eeb5bf8517456790cba382c2e Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* cronie: move PACKAGECONFIG to oe-coreMingli Yu2022-12-141-1/+0
| | | | | | | | | Move PACKAGECONFIG setting to oe-core [1] to conform to yocto compliance. [1] https://git.openembedded.org/openembedded-core/commit/?id=fd036af063ef47d8296be909eb5db9bddc05eb6e Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* util-linux: move PACKAGECONFIG to oe-coreMingli Yu2022-12-141-1/+0
| | | | | | | | | Move PACKAGECONFIG setting to oe-core [1] to conform to yocto compliance. [1] https://git.openembedded.org/openembedded-core/commit/?id=c57cc22fad708ac856ac4ebe0a42042031fbf90b Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* iproute2: move PACKAGECONFIG to oe-coreMingli Yu2022-12-141-1/+0
| | | | | | | | | Move PACKAGECONFIG setting to oe-core [1] to conform to yocto compliance. [1] https://git.openembedded.org/openembedded-core/commit/?id=067ce90494bc370fc7a271c6a036c414358f0f38 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* sudo: move PACKAGECONFIG to oe-coreMingli Yu2022-12-141-3/+0
| | | | | | | | | Move PACKAGECONFIG setting to oe-core [1] to conform to yocto compliance. [1] https://git.openembedded.org/openembedded-core/commit/?id=5c8e22895709a0ce7ce855468473d9d6d10a1e65 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: upgrade 20210908+git -> 20221101+gitlangdaleYi Zhao2022-11-2381-1636/+556
| | | | | | | | | * Update to latest git rev. * Drop obsolete and useless patches. * Rebase patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libsepol: fix build failure for refpolicy-mlsYi Zhao2022-11-072-0/+82
| | | | | | | | | | | | | | Backport a patch to fix build failure for refpolicy-mls: | Creating mls xserver.pp policy package | libsepol.validate_user_datum: Invalid user datum | libsepol.validate_datum_array_entries: Invalid datum array entries | libsepol.validate_policydb: Invalid policydb | /buildarea/build/tmp/work/qemux86_64-poky-linux/refpolicy-mls/2.20220520+gitAUTOINC+f311d401cd-r0/recipe-sysroot-native/usr/bin/semodule_package: Error while reading policy module from tmp/xserver.mod | make: *** [Rules.modular:98: xserver.pp] Error 1 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* base-files: set correct label for /var/volatileYi Zhao2022-11-072-0/+14
| | | | | | | | | | | | By default /var/volatile will be mounted with tmpfs_t instead of var_t label, which will cause us to have to add some extra rules to eliminate avc denials of some services. Set rootcontext for /var/volatile in fstab to make sure it is mounted with correct label. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* SELinux-FAQ: remove references to poky-selinux distroYi Zhao2022-11-071-4/+2
| | | | | | | | Update SELinux-FAQ as the poky-selinux distro has been removed for a long time. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* layer.conf: add langdale to LAYERSERIES_COMPATYi Zhao2022-10-021-1/+1
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libsemanage: Add python3 to dependenciesOleksiy Obitotskyy2022-10-021-1/+1
| | | | | | | | | | Recipe have implicit dependency on nativesdk-python, so recipe-sysroot-root populated with python headers. But during build code look for headers into recipe-sysroot. Add python dependency explicitly. Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* setools: fix buildpaths issueYi Zhao2022-08-281-16/+17
| | | | | | | | | Fixes: QA Issue: File /usr/src/debug/setools/4.4.0-r0/setools/policyrep.c in package setools-src contains reference to TMPDIR [buildpaths] Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* semodule-utils: upgrade 3.3 -> 3.4Yi Zhao2022-08-281-7/+4
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-sandbox: upgrade 3.3 -> 3.4Yi Zhao2022-08-283-6/+57
| | | | | | | | * Backport a patch to fix chcat runtime error. * Refresh patch. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-gui: upgrade 3.3 -> 3.4Yi Zhao2022-08-282-1/+203
| | | | | | | Backport a patch to fix chcat runtime error. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-dbus: upgrade 3.3 -> 3.4Yi Zhao2022-08-281-1/+1
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-python: upgrade 3.3 -> 3.4Yi Zhao2022-08-283-27/+201
| | | | | | | | * Backport a patch to fix chcat runtime error. * Refresh patch. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* restorecond: upgrade 3.3 -> 3.4Yi Zhao2022-08-281-3/+3
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* mcstrans: upgrade 3.3 -> 3.4Yi Zhao2022-08-283-11/+11
| | | | | | | Refresh patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* policycoreutils: upgrade 3.3 -> 3.4Yi Zhao2022-08-282-43/+43
| | | | | | | Refresh patch. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* secilc: upgrade 3.3 -> 3.4Yi Zhao2022-08-281-2/+2
| | | | | | | Use precise license BSD-2-Clause instead of license BSD. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* checkpolicy: upgrade 3.3 -> 3.4Yi Zhao2022-08-281-4/+1
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libsemanage: upgrade 3.3 -> 3.4Yi Zhao2022-08-284-17/+18
| | | | | | | Refresh patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux-python: upgrade 3.3 -> 3.4Yi Zhao2022-08-283-14/+15
| | | | | | | | * Use libpcre2 instead of libpcre. * Refresh patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux: upgrade 3.3 -> 3.4Yi Zhao2022-08-281-4/+3
| | | | | | | Use libpcre2 instead of libpcre. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libsepol: upgrade 3.3 -> 3.4Yi Zhao2022-08-281-5/+1
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux: upgrade 3.3 -> 3.4Yi Zhao2022-08-281-1/+1
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: add file context for findfs alternativeYi Zhao2022-07-062-0/+30
| | | | | | | Add file context for findfs alternative which is provided by util-linux. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: backport patches to fix policy issues for systemd 250Yi Zhao2022-07-068-0/+330
| | | | | | | | | | | | | | | Backport the following patches to fix systemd-resolved and systemd-netowrkd policy issues: systemd-systemd-resolved-is-linked-to-libselinux.patch sysnetwork-systemd-allow-DNS-resolution-over-io.syst.patch term-init-allow-systemd-to-watch-and-watch-reads-on-.patch systemd-add-file-transition-for-systemd-networkd-run.patch systemd-add-missing-file-context-for-run-systemd-net.patch systemd-add-file-contexts-for-systemd-network-genera.patch systemd-udev-allow-udev-to-read-systemd-networkd-run.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-python: add RDEPENDES on python3-multiprocessingYi Zhao2022-05-161-0/+1
| | | | | | | | | | | | | | Add RDEPENDS on python3-multiprocessing for selinux-python-sepolicy to fix runtime error: $ sepolicy Traceback (most recent call last): File "/usr/bin/sepolicy", line 28, in <module> from multiprocessing import Pool ModuleNotFoundError: No module named 'multiprocessing' Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* LICENSE: update to SPDX standard namesJoe Slater2022-04-196-6/+6
| | | | | | | Use convert-spdx-licenses.py to update LICENSE names in recipes. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* meta-selinux: Use SPDX style licensing formatAshish Sharma2022-04-197-7/+7
| | | | | | | | | | | | | | | | | WARNING: checkpolicy-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: setools-4.4.0-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 LGPLv2.1 [obsolete-license] \ WARNING: policycoreutils-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: refpolicy-standard-2.20210908+gitAUTOINC+23a8d103f3-r0.2 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ WARNING: selinux-python-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: ecryptfs-utils-111-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPL-2.0 [obsolete-license] \ WARNING: nikto-2.1.6-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ WARNING: bastille-3.2.1-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ WARNING: suricata-6.0.4-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ WARNING: samhain-server-4.4.6-r0.7 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ ... Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* Update compat to kirkstoneJeremy Puhlman2022-03-011-1/+1
| | | | | Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* prelink: drop bbappendTim Orling2022-02-071-1/+0
| | | | | | | | | | prelink has been dropped from oe-core [1], so the bbappend can no longer be applied. [1] https://git.openembedded.org/openembedded-core/commit/?id=23c0be78106f1d1e2bb9c724174a1bb8c56c2469 Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: upgrade 20210203+git -> 20210908+gitYi Zhao2022-01-18108-2294/+1086
| | | | | | | | | | | | * Update to latest git rev. * Drop obsolete and useless patches. * Rebase patches. * Set POLICY_DISTRO from redhat to debian, which can reduce the amount of local patches. * Set max kernel policy version from 31 to 33. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux: upgrade 3.2 -> 3.3Yi Zhao2021-12-0819-324/+1
| | | | | | | Drop backport CVE patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux: move selinux scripts to selinux-scriptsYi Zhao2021-12-0811-0/+0
| | | | | | | | | There are too many recipes in recipes-security/selinux. Keep the selinux userspace recipes and move selinux scripts to selinux-scripts directory to make the directory hierarchy clearer. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-python: add RDEPENDES on audit-pythonYi Zhao2021-12-081-0/+1
| | | | | | | | | | | | | | | | | | | | | | | Add RDEPENDS on audit-python for selinux-python-semanage. Fixes: $ semanage fcontext -a -t user_home_t "/web(/.*)?" Traceback (most recent call last): File "/usr/sbin/semanage", line 975, in <module> do_parser() File "/usr/sbin/semanage", line 947, in do_parser args.func(args) File "/usr/sbin/semanage", line 329, in handleFcontext OBJECT.add(args.file_spec, args.type, args.ftype, args.range, args.seuser) File "/usr/lib/python3.9/site-packages/seobject.py", line 2485, in add self.__add(target, type, ftype, serange, seuser) File "/usr/lib/python3.9/site-packages/seobject.py", line 2481, in __add self.mylog.log_change("resrc=fcontext op=add %s ftype=%s tcontext=%s:%s:%s:%s" % (audit.audit_encode_nv_string("tglob", target, 0), ftype_to_audit[ftype],) NameError: name 'audit' is not defined Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux: inherit pkgconfigJoe MacDonald2021-11-232-2/+2
| | | | | | Ensure the correct build options are passed during builds. Signed-off-by: Joe MacDonald <joe@deserted.net>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-09 13:28:08 +0000