| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
An updated version of the patch to drop linking against libfl was
required.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
| |
Update to the latest stable release, 20140506.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Based on oe-core commit:
commit 1528e596d4906c33e4be83fcf691cfe76d340ff3
Author: Otavio Salvador <otavio@ossystems.com.br>
Date: Thu Apr 24 15:59:20 2014 -0300
Globally replace 'base_contains' calls with 'bb.utils.contains'
The base_contains is kept as a compatibility method and we ought to not
use it in OE-Core so we can remove it from base metadata in future.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
| |
Trac has been turned off on OSS. Update all SRC_URI links for the
userspace components to point at the github project releases. The github
releases also have a slightly different directory structure in the
tarballs, requiring an update of the checksums as well.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
| |
Bump up PR and remove PRINC. Set it to something suitably large that it's
unlikely to break anyone's package feed and so that it shows it's clearly
an exception case. Obviously this is just a staging activity until the
next update when we don't include anything of the sort.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
|
| |
Bump up PR and remove PRINC. Set it to something suitably large that it's
unlikely to break anyone's package feed and so that it shows it's clearly
an exception case. Obviously this is just a staging activity until the
next update when we don't include anything of the sort.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
|
| |
Bump up PR and remove PRINC. Set it to something suitably large that it's
unlikely to break anyone's package feed and so that it shows it's clearly
an exception case. Obviously this is just a staging activity until the
next update when we don't include anything of the sort.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
|
| |
Bump up PR and remove PRINC. Set it to something suitably large that it's
unlikely to break anyone's package feed and so that it shows it's clearly
an exception case. Obviously this is just a staging activity until the
next update when we don't include anything of the sort.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
|
| |
Bump up PR and remove PRINC. Set it to something suitably large that it's
unlikely to break anyone's package feed and so that it shows it's clearly
an exception case. Obviously this is just a staging activity until the
next update when we don't include anything of the sort.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
|
| |
Bump up PR and remove PRINC. Set it to something suitably large that it's
unlikely to break anyone's package feed and so that it shows it's clearly
an exception case. Obviously this is just a staging activity until the
next update when we don't include anything of the sort.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
| |
For small policy modules it's not necessary to walk the hierarchy on load.
On embedded devices that are low-powered or resource-constrained disabling
the hierarchy processing can make the difference between seconds and
(many) minutes of load time (or being able to load the policy at all).
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix python error about:
File "/usr/lib64/python2.7/site-packages/seobject.py", line 109, in log
message += " sename=" + sename
TypeError: cannot concatenate 'str' and 'NoneType' objects
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
| |
The sepolicy, seobject modules raise many unprocessed ValueError, just
process them in semanage to make the script proivdes error message but
not error trace.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
| |
The semanage utility requires python-compression (for "import gzip")
and python-xml (for "import xml.etree.ElementTree").
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
|
| |
In policy_scan.l file, we have already removed all references to yywrap by
adding "%option noyywrap" statements to each flex source file that doesn't
override yywrap. After this, we no longer need to link against libfl and so
no longer get errors about undefined references to yylex.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
|
| |
The patch policycoreutils-revert-run_init-open_init_pty.patch
is only for refpolicy version older than 2.20120725, now the
refpolicy is updated to 2.20130424 so drop the patch or it
will make run_init fail to start some init scripts.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
| |
When modifying an selinux login record, seobject.py,
may try to log a value, self.sename, which has been preset to "None"
and this will fail. So, we set it to something useful.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
| |
The default policy version of new selinux toolchains is 29, to
fit kernel 3.10.x, set it to 28.
|
| |
|
|
|
|
|
| |
Don't override DEPENDS for target build, the "audit" should be appended
to it.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
* native tools don't need audit support;
* audit 2.3.2 or laters require kernel headers >= 2.6.30, this causes
audit-native can't be built on some older distributions.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
|
| |
|
|
|
|
|
| |
This reverts commit 146bd8c6bc3bc0e9e96a8517263f28f7915b871d.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
|
| |
|
|
|
|
|
|
| |
We are using the latest version for selinux userspace packages, so
remove the PREFERRED_VERSION configs.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ERROR: QA Issue: policycoreutils: Files/directories were installed \
but not shipped
/usr/share/icons/hicolor/24x24/apps/system-config-selinux.png
/usr/share/bash-completion/completions/setsebool
/usr/share/bash-completion/completions/sepolicy
/usr/share/bash-completion/completions/semanage
/usr/share/dbus-1/system-services/org.selinux.service
/usr/share/polkit-1/actions/org.selinux.config.policy
/usr/share/polkit-1/actions/org.selinux.policy
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
| |
Building libsemanage 2.2 need the header libaudit.h.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch is removed since it is merged by new version:
- policycoreutils-fix-strict-prototypes.patch
These two patches are updated:
- policycoreutils-fix-sepolicy-install-path.patch
- policycoreutils-make-O_CLOEXEC-optional.patch
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
| |
Removed patch and ported changes to 2.2 bbfile:
- libsepol-Change-ranlib-for-cross-compiling.patch
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
| |
Updated patch:
- libsemanage-fix-path-nologin.patch
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
These two patches are removed since they are merged by new version:
- libselinux-fix-init-load-policy.patch
- libselinux-pcre-link-order.patch
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upreved packages:
- checkpolicy to 2.2
- libselinux to 2.2
- libsemanage to 2.2
- libsepol to 2.2
- policycoreutils to 2.2.5
- sepolgen to 1.2.1
Migrate patches in next commits.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
Setting DESTDIR in the policycoreutils do_install creates a bad
symlink for load_policy. This patch fixes up the Makefile to
create the symlink relative to DESTDIR.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[ CQID: WIND00438478 ]
[ CQID: WIND00439485 ]
Turns out some of the truly old hosts don't even really recognize
FD_CLOEXEC and most of the older ones don't know about SOCK_CLOEXEC. Work
around each (define FD_CLOEXEC to something sensible, simply don't use
SOCK_CLOEXEC, produce warnings in either event).
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
[ CQID: WIND00438478 ]
We still have hosts that pre-date the inclusion of O_CLOEXEC (Linux
2.6.23) so compile the flag out when building on classic distros.
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
Signed-off-by: Jeff Polk <jeff.polk@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
Now that the policycoreutuils package is empty no need for RDEPENDS.
Doing this in the commit that broke up the policycoreutuils package
made the diff hard to read. Figured it best to break it out for
readability.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
|
| |
The driver beind this is to allow images to be built with the minimal
tools necessary to load a policy. Breaking all of the stuff that's
dependent on python out from the core utils allows us to make much
smaller images.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
| |
do_install was modified to only do the special actions in the target case,
instead of using shell to check what mode we were running in.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
|
|
| |
In policycoreutils-2.13+, restorecon changes its default behaviour,
and does not restore context if the file' type is correct, even its
mcs/mls level is incorrect.
We should force it always to restore file contexts in initscripts to
avoid issues.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
| |
2.1.14 imports a new python module: sepolicy, so add setools to
DEPENDS and split new files to policycoreutils-python.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
| |
We will also uprev refpolicy, so remove "revert-libpcre.patch".
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upreved packages:
- checkpolicy to 2.1.12
- libselinux to 2.1.13
- libsemanage to 2.1.10
- libsepol to 2.1.9
- policycoreutils to 2.1.14
- sepolgen to 1.1.9
Migrate patches in next commits.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
|
| |
Currently the policycoreutils package has a broken link from
${bindir}/sepolgen to ${datadir}/system-config-selinux/polgen.py.
All of the other polgen stuff is in system-config-selinux so
adding sepolgen to same package seems like the right thing to do.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
| |
selinux-init.sh script.
This is for consistency and to aid in debugging.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is needed to build policy modules outside of the refpolicy.
Policy module build systems need to determine the name of the policy
that will be in effect on the target host. This allows them to
locate the policy headers that will be under
$sysroot/usr/share/selinux/$name/include. Given that there *could*
be more than one policy installed in the sysroot we can't assume
that the policy installed there is the only policy to build against.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
