summaryrefslogtreecommitdiffstats
path: root/recipes-security
Commit message (Collapse)AuthorAgeFilesLines
* selinux-autorelabel: enable labeling during buildYi Zhao2023-10-121-3/+3
| | | | | | | | | | | | | Previously, system using systemd would label selinux contexts on first boot. While system using sysvinit would label during build. Add a variable FIRST_BOOT_RELABEL as a switch to control labeling to make the behavior of sysvinit and systemd consistent. Set FIRST_BOOT_RELABEL to 1 in local.conf to enable labeling on first boot. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: upgrade 20221101+git -> 20231002+gitYi Zhao2023-10-1261-317/+304
| | | | | | | | | | * Switch branch to main. * Update to latest git rev. * Drop obsolete and useless patches. * Refresh patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux-python: fix build with muslYi Zhao2023-09-051-0/+1
| | | | | | | | | | libselinux-python also requires the patch which provided by [1] to fix build with musl. [1] https://git.yoctoproject.org/meta-selinux/commit/?id=23d8e2d86317170c0a3c155640c71b83329ff726 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-python: add python3-distro and binutils to RDEPENDSYi Zhao2023-09-051-0/+2
| | | | | | | | | | | | | | | | | | | | | | Add python3-distro and binutils to RDEPENDS for sepolicy to fix runtime error: $ sepolicy -h Traceback (most recent call last): File "/usr/bin/sepolicy", line 690, in <module> gen_manpage_args(subparsers) File "/usr/bin/sepolicy", line 375, in gen_manpage_args man.add_argument("-o", "--os", dest="os", default=get_os_version(), File "/usr/lib/python3.11/site-packages/sepolicy/__init__.py", line 1245, in get_os_version import distro ModuleNotFoundError: No module named 'distro' $ sepolicy generate --init /usr/sbin/sshd /bin/sh: line 1: nm: command not found Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* setools: upgrade 4.4.2 -> 4.4.3Yi Zhao2023-08-081-1/+1
| | | | | | | | ChangeLog: https://github.com/SELinuxProject/setools/releases/tag/4.4.3 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux: fix compilation with muslRenato Caldas2023-07-312-0/+44
| | | | | Signed-off-by: Renato Caldas <renato@calgera.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux: Set CVE_PRODUCTmickledoreschitrod=cisco.com@lists.yoctoproject.org2023-05-311-0/+2
| | | | | | | | | | | | | | | | | | | | | | The CVE product name for selinux-* package is (usually) the selinux (and not our recipe name), so use selinux as the default. See also: http://lists.openembedded.org/pipermail/openembedded-core/2017-July/139897.html "Results from cve-check are not very good at the moment. One of the reasons for this is that component names used in CVE database differ from yocto recipe names. This series fixes several of those name mapping problems by setting the CVE_PRODUCT correctly in the recipes. To check this mapping with after a build, I'm exporting LICENSE and CVE_PRODUCT variables to buildhistory for recipes and packages." Value added is based on: https://nvd.nist.gov/vuln/search/results?results_type=overview&search_type=all&cpe_product=cpe%3A%2F%3Akernel%3Aselinux Signed-off-by: Sanjay Chitroda <schitrod@cisco.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* setools: upgrade 4.1 -> 4.2Yi Zhao2023-04-301-1/+1
| | | | | | | | ChangeLog: https://github.com/SELinuxProject/setools/releases/tag/4.4.2 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* semodule-utils: upgrade 3.4 -> 3.5Yi Zhao2023-03-271-1/+1
| | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-sandbox: upgrade 3.4 -> 3.5Yi Zhao2023-03-272-51/+1
| | | | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. * Drop backport patch. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-gui: upgrade 3.4 -> 3.5Yi Zhao2023-03-272-202/+1
| | | | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. * Drop backport patch. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-dbus: upgrade 3.4 -> 3.5Yi Zhao2023-03-271-1/+1
| | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-python: upgrade 3.4 -> 3.5Yi Zhao2023-03-273-186/+19
| | | | | | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. * Refresh patch. * Drop backport patch. * Add dependency python3-setuptools-scm-native to fix build error. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* restorecond: upgrade 3.4 -> 3.5Yi Zhao2023-03-271-1/+1
| | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* mcstrans: upgrade 3.4 -> 3.5Yi Zhao2023-03-271-1/+1
| | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* policycoreutils: upgrade 3.4 -> 3.5Yi Zhao2023-03-272-6/+6
| | | | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. * Refresh patch. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* secilc: upgrade 3.4 -> 3.5Yi Zhao2023-03-271-1/+1
| | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* checkpolicy: upgrade 3.4 -> 3.5Yi Zhao2023-03-271-1/+1
| | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libsemanage: upgrade 3.4 -> 3.5Yi Zhao2023-03-271-6/+7
| | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux-python: upgrade 3.4 -> 3.5Yi Zhao2023-03-273-15/+19
| | | | | | | | * Add dependency python3-setuptools-scm-native to fix build error. * Refresh patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux: upgrade 3.4 -> 3.5Yi Zhao2023-03-271-0/+0
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libsepol: upgrade 3.4 -> 3.5Yi Zhao2023-03-272-83/+1
| | | | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. * Drop backport patch. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux: upgrade 3.4 -> 3.5Yi Zhao2023-03-271-1/+1
| | | | | | | | ChangeLog: https://github.com/SELinuxProject/selinux/releases/tag/3.5 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: update to latest git revYi Zhao2023-03-273-38/+1
| | | | | | | | Drop 0003-refpolicy-minimum-make-dbus-module-optional.patch as the issue has been fixed upstream. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* setools: upgrade 4.4.0 -> 4.4.1Yi Zhao2023-03-061-2/+2
| | | | | | | | | | | | Changelog: https://github.com/SELinuxProject/setools/releases/tag/4.4.1 License-Update: Refine COPYING text. No license changes.[1] [1] https://github.com/SELinuxProject/setools/commit/fff1906ff436835108b62bf46616e19705183dfb Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: upgrade 20210908+git -> 20221101+gitlangdaleYi Zhao2022-11-2381-1636/+556
| | | | | | | | | * Update to latest git rev. * Drop obsolete and useless patches. * Rebase patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libsepol: fix build failure for refpolicy-mlsYi Zhao2022-11-072-0/+82
| | | | | | | | | | | | | | Backport a patch to fix build failure for refpolicy-mls: | Creating mls xserver.pp policy package | libsepol.validate_user_datum: Invalid user datum | libsepol.validate_datum_array_entries: Invalid datum array entries | libsepol.validate_policydb: Invalid policydb | /buildarea/build/tmp/work/qemux86_64-poky-linux/refpolicy-mls/2.20220520+gitAUTOINC+f311d401cd-r0/recipe-sysroot-native/usr/bin/semodule_package: Error while reading policy module from tmp/xserver.mod | make: *** [Rules.modular:98: xserver.pp] Error 1 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libsemanage: Add python3 to dependenciesOleksiy Obitotskyy2022-10-021-1/+1
| | | | | | | | | | Recipe have implicit dependency on nativesdk-python, so recipe-sysroot-root populated with python headers. But during build code look for headers into recipe-sysroot. Add python dependency explicitly. Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* setools: fix buildpaths issueYi Zhao2022-08-281-16/+17
| | | | | | | | | Fixes: QA Issue: File /usr/src/debug/setools/4.4.0-r0/setools/policyrep.c in package setools-src contains reference to TMPDIR [buildpaths] Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* semodule-utils: upgrade 3.3 -> 3.4Yi Zhao2022-08-281-7/+4
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-sandbox: upgrade 3.3 -> 3.4Yi Zhao2022-08-283-6/+57
| | | | | | | | * Backport a patch to fix chcat runtime error. * Refresh patch. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-gui: upgrade 3.3 -> 3.4Yi Zhao2022-08-282-1/+203
| | | | | | | Backport a patch to fix chcat runtime error. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-dbus: upgrade 3.3 -> 3.4Yi Zhao2022-08-281-1/+1
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-python: upgrade 3.3 -> 3.4Yi Zhao2022-08-283-27/+201
| | | | | | | | * Backport a patch to fix chcat runtime error. * Refresh patch. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* restorecond: upgrade 3.3 -> 3.4Yi Zhao2022-08-281-3/+3
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* mcstrans: upgrade 3.3 -> 3.4Yi Zhao2022-08-283-11/+11
| | | | | | | Refresh patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* policycoreutils: upgrade 3.3 -> 3.4Yi Zhao2022-08-282-43/+43
| | | | | | | Refresh patch. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* secilc: upgrade 3.3 -> 3.4Yi Zhao2022-08-281-2/+2
| | | | | | | Use precise license BSD-2-Clause instead of license BSD. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* checkpolicy: upgrade 3.3 -> 3.4Yi Zhao2022-08-281-4/+1
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libsemanage: upgrade 3.3 -> 3.4Yi Zhao2022-08-284-17/+18
| | | | | | | Refresh patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux-python: upgrade 3.3 -> 3.4Yi Zhao2022-08-283-14/+15
| | | | | | | | * Use libpcre2 instead of libpcre. * Refresh patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux: upgrade 3.3 -> 3.4Yi Zhao2022-08-281-4/+3
| | | | | | | Use libpcre2 instead of libpcre. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libsepol: upgrade 3.3 -> 3.4Yi Zhao2022-08-281-5/+1
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux: upgrade 3.3 -> 3.4Yi Zhao2022-08-281-1/+1
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: add file context for findfs alternativeYi Zhao2022-07-062-0/+30
| | | | | | | Add file context for findfs alternative which is provided by util-linux. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: backport patches to fix policy issues for systemd 250Yi Zhao2022-07-068-0/+330
| | | | | | | | | | | | | | | Backport the following patches to fix systemd-resolved and systemd-netowrkd policy issues: systemd-systemd-resolved-is-linked-to-libselinux.patch sysnetwork-systemd-allow-DNS-resolution-over-io.syst.patch term-init-allow-systemd-to-watch-and-watch-reads-on-.patch systemd-add-file-transition-for-systemd-networkd-run.patch systemd-add-missing-file-context-for-run-systemd-net.patch systemd-add-file-contexts-for-systemd-network-genera.patch systemd-udev-allow-udev-to-read-systemd-networkd-run.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-python: add RDEPENDES on python3-multiprocessingYi Zhao2022-05-161-0/+1
| | | | | | | | | | | | | | Add RDEPENDS on python3-multiprocessing for selinux-python-sepolicy to fix runtime error: $ sepolicy Traceback (most recent call last): File "/usr/bin/sepolicy", line 28, in <module> from multiprocessing import Pool ModuleNotFoundError: No module named 'multiprocessing' Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* LICENSE: update to SPDX standard namesJoe Slater2022-04-196-6/+6
| | | | | | | Use convert-spdx-licenses.py to update LICENSE names in recipes. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* meta-selinux: Use SPDX style licensing formatAshish Sharma2022-04-197-7/+7
| | | | | | | | | | | | | | | | | WARNING: checkpolicy-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: setools-4.4.0-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 LGPLv2.1 [obsolete-license] \ WARNING: policycoreutils-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: refpolicy-standard-2.20210908+gitAUTOINC+23a8d103f3-r0.2 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ WARNING: selinux-python-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: ecryptfs-utils-111-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPL-2.0 [obsolete-license] \ WARNING: nikto-2.1.6-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ WARNING: bastille-3.2.1-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ WARNING: suricata-6.0.4-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ WARNING: samhain-server-4.4.6-r0.7 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ ... Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: upgrade 20210203+git -> 20210908+gitYi Zhao2022-01-18108-2294/+1086
| | | | | | | | | | | | * Update to latest git rev. * Drop obsolete and useless patches. * Rebase patches. * Set POLICY_DISTRO from redhat to debian, which can reduce the amount of local patches. * Set max kernel policy version from 31 to 33. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-11 19:43:13 +0000