summaryrefslogtreecommitdiffstats
path: root/recipes-security/selinux/libselinux
Commit message (Collapse)AuthorAgeFilesLines
* selinux: upgrade 3.7 -> 3.8Yi Zhao2025-03-074-101/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | ChangeLog: https://github.com/SELinuxProject/selinux/releases/tag/3.8 * libsemanage: Preserve file context and ownership in policy store * libselinux: deprecate security_disable(3) * libsepol: Support nlmsg extended permissions * libsepol: Add policy capability netlink_xperm * libsemanage: Optionally allow duplicate declarations * policycoreutils: introduce unsetfiles * libselinux/utils: introduce selabel_compare * improved selabel_lookup performance * libselinux: support parallel usage of selabel_lookup(3) * libsepol: add support for xperms in conditional policies * Improved man pages * Code improvements and bug fixes * Always build for LFS mode on 32-bit archs. * libsemanage: Mute error messages from selinux_restorecon introduced in 3.8-rc1 * Regex spec ordering is restored to pre 3.8-rc1 * Binary fcontext files format changed, files using old format are ignored * Code improvements and bug fixes License-Update: White space cleanup for libsemanage/LICENSE Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe.macdonald@siemens.com>
* libselinux-python: fix build with swig 4.3Yi Zhao2024-12-101-0/+91
| | | | | | | | | Backport a patch to fix build with swig 4.3[1]. [1] https://github.com/SELinuxProject/selinux/issues/447 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe.macdonald@siemens.com>
* libselinux: upgrade 3.5 -> 3.6Yi Zhao2023-12-183-19/+20
| | | | | | | | | | | | | * Refresh patches. * Merge libselinux and libselinux-python. The previous libselinux recipe was split into libselinux and libselinux-python due to loop dependency[1]. Now this error is gone, we can merge these two recipes into one again. [1] https://git.yoctoproject.org/meta-selinux/commit/?id=7bb1507928f2e0f54ff8eac4135e15e821cdb1e2 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux: fix compilation with muslRenato Caldas2023-07-311-0/+39
| | | | | Signed-off-by: Renato Caldas <renato@calgera.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux-python: upgrade 3.4 -> 3.5Yi Zhao2023-03-272-10/+10
| | | | | | | | * Add dependency python3-setuptools-scm-native to fix build error. * Refresh patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux-python: upgrade 3.3 -> 3.4Yi Zhao2022-08-282-8/+8
| | | | | | | | * Use libpcre2 instead of libpcre. * Refresh patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux: update to 3.2Yi Zhao2021-03-174-217/+0
| | | | | | | | | | | | * Merge inc file into bb file. * Drop obsolete patches: 0001-libselinux-do-not-define-gettid-for-musl.patch libselinux-define-FD_CLOEXEC-as-necessary.patch libselinux-make-O_CLOEXEC-optional.patch libselinux-make-SOCK_CLOEXEC-optional.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux-python: upgrade to 3.1 (20200710)Yi Zhao2021-01-142-12/+12
| | | | | | | | | Refresh patches: 0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch 0001-Makefile-fix-python-modules-install-path-for-multili.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux: upgrade to 3.1 (20200710)Yi Zhao2021-01-143-64/+47
| | | | | | | | | | | | Drop backported and obsolete patches: 0001-Fix-building-against-musl-and-uClibc-libc-libraries.patch libselinux-drop-Wno-unused-but-set-variable.patch Add patch to fix build on musl: 0001-libselinux-do-not-define-gettid-for-musl.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux-python: Fix one invalid linkChangqing Li2020-04-301-0/+52
| | | | | | | | | when host arch and target arch are different, the extension suffix of host is different with target one, so there will be a invalid link. Fix by update the way to create the link. Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux-python: upgrade to 3.0 (20191204)Yi Zhao2020-04-151-0/+28
| | | | | | | | | * Inherit python3native as the libselinux uses python distutils to install selinux python bindings now. * Add a patch to fix python modules install path for multilib. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libselinux: upgrade to 3.0 (20191204)Yi Zhao2020-04-155-4/+42
| | | | | | | | * Backport a patch to fix build failure with musl. * Fix typos in patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libselinux: uprev to 2.9 (20190315)Yi Zhao2019-12-192-88/+0
| | | | | | | | | | | | | | * Switch to python3 * Drop patches: 0001-libselinux-Do-not-define-gettid-if-glibc-2.30-is-use.patch 0001-src-Makefile-fix-includedir-in-libselinux.pc.patch * Split into libselinux recipe and libselinux-python recipe to fix the loop dependency error. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libselinux: fix build with glibc 2.30Yi Zhao2019-08-281-0/+60
| | | | | | | | | | | | | | | | | Fix build error: procattr.c:27:14: error: static declaration of 'gettid' follows non-static declaration 27 | static pid_t gettid(void) | ^~~~~~ In file included from /buildarea/build/tmp/work/core2-64-poky-linux/libselinux/2.8-r0/recipe-sysroot/usr/include/unistd.h:1170, from procattr.c:2: /buildarea/build/tmp/work/core2-64-poky-linux/libselinux/2.8-r0/recipe-sysroot/usr/include/bits/unistd_ext.h:34:16: note: previous declaration of 'gettid' was here 34 | extern __pid_t gettid (void) __THROW; | ^~~~~~ Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libselinux: uprev to 2.8 (20180524)Yi Zhao2018-09-071-9/+11
| | | | | | | | Rebase patch: 0001-src-Makefile-fix-includedir-in-libselinux.pc.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libselinux: refresh patches to remove fuzzIoan-Adrian Ratiu2018-08-135-37/+38
| | | | | | | | | | | | | Recent versions of bitbake starting with sumo issue a warning if patches are applied with any fuzz (in the future it will be an errer). Patches were regenerated using: devtool modify <recipe> devtool finish --force-patch-refresh <recipe> <layer_path> Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libselinux: uprev to 2.6 (20161014)Wenzong Fan2017-01-054-180/+38
| | | | | | | | | | | | | | | | | | * rebase patch: - libselinux-make-O_CLOEXEC-optional.patch * cleanup patches: - libselinux-only-mount-proc-if-necessary.patch - libselinux-procattr-return-einval-for-0-pid.patch - libselinux-procattr-return-error-on-invalid-pid.patch * other fixes: - remove useless variables according to latest Makefile - update FILES_${PN}-python to match the installed file: '${libdir}/python2.7/site-packages/_selinux.so'. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libselinux: procattr fixesStephen Smalley2016-03-172-0/+87
| | | | | | | | selinux upstream commits c7cf5d8aa061b9616bf9d5e91139ce4fb40f532c and f77021d720f12767576c25d751c75cacd7478614 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Philip Tricca <flihp@twobit.us>
* libselinux: Only mount /proc if necessaryStephen Smalley2016-03-171-0/+54
| | | | | | | selinux upstream commit 5a8d8c499b2ef80eaa7b5abe2ec68d7101e613bf Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Philip Tricca <flihp@twobit.us>
* libselinux: uprev to 2.5 (20160223)Stephen Smalley2016-03-173-140/+32
| | | | | Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Philip Tricca <flihp@twobit.us>
* libselinux: backport procfs mount fixIoan-Adrian Ratiu2016-02-281-0/+74
| | | | | | | libselinux 20160107 ships this change (git commit id 9df49888) Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by: Philip Tricca <flihp@twobit.us>
* libselinux: fix libselinux.pc failed sanity testRobert Yang2016-02-271-0/+28
| | | | | | | ERROR: libselinux-2.4-r0 do_populate_sysroot: QA Issue: libselinux.pc failed sanity test (tmpdir) in path /path/to/sysroot-destdir//usr/lib/pkgconfig [pkgconfig] Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Philip Tricca <flihp@twobit.us>
* libselinux: get pywrap depends on selinux.pyWenzong Fan2015-08-141-0/+31
| | | | | | | | | | | | | | | | | | | | | | The selinux.py will be installed as selinux/__init__.py, just make sure it has been generated completely while starting "make install-pywrap". This fixes below errors that caused by an empty "selinux/__init__.py" on target: $ /usr/sbin/semanage -h Traceback (most recent call last): File "/usr/sbin/semanage", line 30, in <module> import seobject File "/usr/lib64/python2.7/site-packages/seobject.py", line 27, in <module> import sepolicy File "/usr/lib64/python2.7/site-packages/sepolicy/__init__.py", line 226, in <module> def get_file_equiv_modified(fc_path = selinux.selinux_file_context_path()): AttributeError: 'module' object has no attribute 'selinux_file_context_path' Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libselinux: migrate SRC_URI and patches to 2.2Wenzong Fan2014-01-102-58/+0
| | | | | | | | | These two patches are removed since they are merged by new version: - libselinux-fix-init-load-policy.patch - libselinux-pcre-link-order.patch Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* libselinux / libsemanage: work around FD_CLOEXEC and SOCK_CLOEXEC absenceJoe MacDonald2013-11-142-0/+75
| | | | | | | | | | | | | | | [ CQID: WIND00438478 ] [ CQID: WIND00439485 ] Turns out some of the truly old hosts don't even really recognize FD_CLOEXEC and most of the older ones don't know about SOCK_CLOEXEC. Work around each (define FD_CLOEXEC to something sensible, simply don't use SOCK_CLOEXEC, produce warnings in either event). Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com> Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* libselinux / policycoreutils: optional O_CLOEXECJoe MacDonald2013-11-141-0/+105
| | | | | | | | | | | [ CQID: WIND00438478 ] We still have hosts that pre-date the inclusion of O_CLOEXEC (Linux 2.6.23) so compile the flag out when building on classic distros. Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com> Signed-off-by: Jeff Polk <jeff.polk@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* libselinux: migrate SRC_URI and patches to 2.1.13Xin Ouyang2013-10-021-959/+0
| | | | | | | We will also uprev refpolicy, so remove "revert-libpcre.patch". Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux packages: uprev git recipes to lastest tag 20130423.Xin Ouyang2013-06-181-0/+31
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* libselinux: Revert libpcre for old refpolicy compatibleXin Ouyang2013-05-282-34/+959
| | | | | | | | | | | | | This reverts upstream libpcre commits. libselinux 2.1.12 uses libpcre to do file path matching instead of glibc regex. Because there are some differences between glibc regex and pcre functions, this will cause wrong security contexts for files while using old refpolicy. This patch should be dropped while refpolicy is upreved to 2.20120725+. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* libselinux: drop flag: -Wno-unused-but-set-variableRandy MacLeod2013-04-301-0/+17
| | | | | | | | | The flag: -Wno-unused-but-set-variable isn't supported on older versions of gcc such as gcc-4.1.2 which is the native compiler for RHEL-5.9. I've droped this warning flag for both the native and target builds. Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* selinux userspace: uprev to release 2.20120924Xin Ouyang2013-04-242-1/+35
| | | | | | | | | | | | | | | | | Upreved packages: - checkpolicy to 2.1.11 - libselinux to 2.1.12 - libsemanage to 2.1.9 - libsepol to 2.1.8 - policycoreutils to 2.1.13 - sepolgen to 1.1.8 Misc changes: - libselinux has a new depend for libpcre - drop patches that new version merged - set PR to r0 for new version Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* libselinux: Fix selinux_init_load_policy() for sysvinit.Xin Ouyang2012-04-171-0/+27
With sysvinit, selinux_init_load_policy() will fail since sysfs is still not mounted.
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-07 02:32:58 +0000