| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are some redundant classes: enable-selinux.bbclass,
with-selinux.bbclass, meson-enable-selinux.bbclass,
meson-selinux.bbclass, enable-audit.bbclass, with-audit.bbclass.
These classes only add PACKAGEOCNFIG[selinux]/[audit] to recipes. But
currently most recipes have added PACKAGECONFIG[selinux]/[audit] in
their bb files. We don't need these anymore. Only keep
enable-selinux.class and enable-audit.class to append
PACKAGECONFIG[selinux]/[audit] for recipes.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
| |
This is the result of automated script conversion:
poky/scripts/contrib/convert-overrides.py meta-selinux
Converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
| |
Change the references to check for the distribution flag of 'selinux' being
set before taking any action within the bbappends. This prevents the
signature from being modified.
Also remove PR changes, as they are no longer allowed.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
|
|
| |
Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
|
|
|
|
| |
Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[ CQID: WIND00425413 ]
pam.d/login refered to the /etc/default/locale env file.
This file is not used in oe-core/Poky.
Remove the this reference to avoid error messages in auth.log.
Signed-off-by: Qiang Chen <qiang.chen@windriver.com>
Signed-off-by: Jeff Polk <jeff.polk@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
select_context param for pam_selinux module attempt to ask the user
for a custom security context role while login.
Admins and linux distros hardly use this param to the pam configs,
because this adds a new step in login process, and users could use
"newrole" command instead after login in.
Moreover, this is totally unnecessary for policy types without
multiple roles.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
|
|
|
|
|
|
|
|
| |
We add pam conf files for login/sshd to use pam_selinux module. When
selinux is not in DISTRO_FEATURES, pam-plugin-selinux would not be
built, this will cause runtime errors to not allow users to login in
on the console or ssh.
Use @target_selinux() to enable these pam conf files conditionally.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
|
|
|
|
|
| |
login should use pam_selinux module to label security contexts of
processes while login into system.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|