| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
| |
License-Update: Rename COPYING to LICENSE. No content changes.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
License-Update: Rename COPYING to LICENSE. No content changes.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
| |
* Add dependency python3-setuptools-scm-native to fix build error.
* Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
| |
License-Update: Rename COPYING to LICENSE. No content changes.
* Drop backport patch.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
| |
ChangeLog:
https://github.com/SELinuxProject/selinux/releases/tag/3.5
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
| |
Drop 0003-refpolicy-minimum-make-dbus-module-optional.patch as the issue
has been fixed upstream.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Make the bbappend available for 5.x and 6.x kernels.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
https://github.com/SELinuxProject/setools/releases/tag/4.4.1
License-Update: Refine COPYING text. No license changes.[1]
[1] https://github.com/SELinuxProject/setools/commit/fff1906ff436835108b62bf46616e19705183dfb
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
| |
Move PACKAGECONFIG setting to oe-core [1] to conform to yocto compliance.
[1] https://git.openembedded.org/openembedded-core/commit/?id=d2aa518163a4836eeb5bf8517456790cba382c2e
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
| |
Move PACKAGECONFIG setting to oe-core [1] to conform to yocto compliance.
[1] https://git.openembedded.org/openembedded-core/commit/?id=fd036af063ef47d8296be909eb5db9bddc05eb6e
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
| |
Move PACKAGECONFIG setting to oe-core [1] to conform to yocto compliance.
[1] https://git.openembedded.org/openembedded-core/commit/?id=c57cc22fad708ac856ac4ebe0a42042031fbf90b
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
| |
Move PACKAGECONFIG setting to oe-core [1] to conform to yocto compliance.
[1] https://git.openembedded.org/openembedded-core/commit/?id=067ce90494bc370fc7a271c6a036c414358f0f38
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
| |
Move PACKAGECONFIG setting to oe-core [1] to conform to yocto compliance.
[1] https://git.openembedded.org/openembedded-core/commit/?id=5c8e22895709a0ce7ce855468473d9d6d10a1e65
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
| |
* Update to latest git rev.
* Drop obsolete and useless patches.
* Rebase patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport a patch to fix build failure for refpolicy-mls:
| Creating mls xserver.pp policy package
| libsepol.validate_user_datum: Invalid user datum
| libsepol.validate_datum_array_entries: Invalid datum array entries
| libsepol.validate_policydb: Invalid policydb
| /buildarea/build/tmp/work/qemux86_64-poky-linux/refpolicy-mls/2.20220520+gitAUTOINC+f311d401cd-r0/recipe-sysroot-native/usr/bin/semodule_package:
Error while reading policy module from tmp/xserver.mod
| make: *** [Rules.modular:98: xserver.pp] Error 1
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default /var/volatile will be mounted with tmpfs_t instead of var_t
label, which will cause us to have to add some extra rules to eliminate
avc denials of some services.
Set rootcontext for /var/volatile in fstab to make sure it is mounted
with correct label.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
| |
Update SELinux-FAQ as the poky-selinux distro has been removed for a
long time.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
| |
Recipe have implicit dependency on nativesdk-python,
so recipe-sysroot-root populated with python headers.
But during build code look for headers into recipe-sysroot.
Add python dependency explicitly.
Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
| |
Fixes:
QA Issue: File /usr/src/debug/setools/4.4.0-r0/setools/policyrep.c in package setools-src
contains reference to TMPDIR [buildpaths]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
| |
* Backport a patch to fix chcat runtime error.
* Refresh patch.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Backport a patch to fix chcat runtime error.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
| |
* Backport a patch to fix chcat runtime error.
* Refresh patch.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Refresh patch.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Use precise license BSD-2-Clause instead of license BSD.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
| |
* Use libpcre2 instead of libpcre.
* Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Use libpcre2 instead of libpcre.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Add file context for findfs alternative which is provided by util-linux.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport the following patches to fix systemd-resolved and
systemd-netowrkd policy issues:
systemd-systemd-resolved-is-linked-to-libselinux.patch
sysnetwork-systemd-allow-DNS-resolution-over-io.syst.patch
term-init-allow-systemd-to-watch-and-watch-reads-on-.patch
systemd-add-file-transition-for-systemd-networkd-run.patch
systemd-add-missing-file-context-for-run-systemd-net.patch
systemd-add-file-contexts-for-systemd-network-genera.patch
systemd-udev-allow-udev-to-read-systemd-networkd-run.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add RDEPENDS on python3-multiprocessing for selinux-python-sepolicy to
fix runtime error:
$ sepolicy
Traceback (most recent call last):
File "/usr/bin/sepolicy", line 28, in <module>
from multiprocessing import Pool
ModuleNotFoundError: No module named 'multiprocessing'
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Use convert-spdx-licenses.py to update LICENSE names in recipes.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
WARNING: checkpolicy-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \
WARNING: setools-4.4.0-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 LGPLv2.1 [obsolete-license] \
WARNING: policycoreutils-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \
WARNING: refpolicy-standard-2.20210908+gitAUTOINC+23a8d103f3-r0.2 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \
WARNING: selinux-python-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \
WARNING: ecryptfs-utils-111-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPL-2.0 [obsolete-license] \
WARNING: nikto-2.1.6-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \
WARNING: bastille-3.2.1-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \
WARNING: suricata-6.0.4-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \
WARNING: samhain-server-4.4.6-r0.7 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \
...
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
| |
prelink has been dropped from oe-core [1], so the bbappend can no longer be
applied.
[1] https://git.openembedded.org/openembedded-core/commit/?id=23c0be78106f1d1e2bb9c724174a1bb8c56c2469
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Update to latest git rev.
* Drop obsolete and useless patches.
* Rebase patches.
* Set POLICY_DISTRO from redhat to debian, which can reduce the amount
of local patches.
* Set max kernel policy version from 31 to 33.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Drop backport CVE patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
| |
There are too many recipes in recipes-security/selinux. Keep the selinux
userspace recipes and move selinux scripts to selinux-scripts directory
to make the directory hierarchy clearer.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add RDEPENDS on audit-python for selinux-python-semanage.
Fixes:
$ semanage fcontext -a -t user_home_t "/web(/.*)?"
Traceback (most recent call last):
File "/usr/sbin/semanage", line 975, in <module>
do_parser()
File "/usr/sbin/semanage", line 947, in do_parser
args.func(args)
File "/usr/sbin/semanage", line 329, in handleFcontext
OBJECT.add(args.file_spec, args.type, args.ftype, args.range, args.seuser)
File "/usr/lib/python3.9/site-packages/seobject.py", line 2485, in add
self.__add(target, type, ftype, serange, seuser)
File "/usr/lib/python3.9/site-packages/seobject.py", line 2481, in __add
self.mylog.log_change("resrc=fcontext op=add %s ftype=%s tcontext=%s:%s:%s:%s"
% (audit.audit_encode_nv_string("tglob", target, 0), ftype_to_audit[ftype],)
NameError: name 'audit' is not defined
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
| |
Ensure the correct build options are passed during builds.
Signed-off-by: Joe MacDonald <joe@deserted.net>
|