Age | Commit message (Collapse) | Author |
|
This reverts commit 87d3c3dd74b5d25f9a103025286c27a3b14db679.
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
This reverts commit 000d0719ad6efb491403cc368083a0e58a8a7aef.
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
This reverts commit aa46581a4573a0bc5c8a52b265953a45ec70f6d6.
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
This reverts commit b48fa45f56f2361e696991a2966ebe217009d196.
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Ensure the correct build options are passed during builds.
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
The sysvinit in oe-core has been upgraded to 3.0. Update the bbappend to
adapt it.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
This file is not needed anymore as bind daemon will create them by
itself.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Update SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
When enable meta-gplv2 layer [1], there comes below error:
ERROR: coreutils-6.9-r5 do_configure: QA Issue: coreutils: configure was passed unrecognised options: --without-selinux [unknown-configure-option]
ERROR: coreutils-6.9-r5 do_configure: Fatal QA errors found, failing task.
It's because the old version of coreutils under meta-gplv2 layer
doesn't support the above configure option, so move the related
pkgconfig setting to the coreutils recipe under oe-core [2] which
supports the configure option to fix the gap.
And the findutils and tar also have the problem.
[1] http://git.yoctoproject.org/cgit/cgit.cgi/meta-gplv2/
[2] https://git.openembedded.org/openembedded-core/
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
CVE-2021-36086:
The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission
(called from cil_reset_classperms_set and cil_reset_classperms_list).
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2021-36086
Patch from:
https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Source: https://github.com/SELinuxProject/selinux
MR: 111869
Type: Security Fix
Disposition: Backport from https://github.com/SELinuxProject/selinux/commit/bad0a746e9f4cf260dedba5828d9645d50176aac
ChangeID: b282a68f76e509f548fe6ce46349af56d09481c6
Description:
Affects: secilc <= 3.2
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Source: https://github.com/SELinuxProject/selinux/
MR: 111857
Type: Security Fix
Disposition: Backport from https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba
ChangeID: e50ae65189351ee618db2b278ba7105a5728e4c4
Description:
Affects: libsepol <= 3.2
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Source: https://github.com/SELinuxProject/selinux
MR: 111851
Type: Security Fix
Disposition: Backport from https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3
ChangeID: 7fae27568e26ccbb18be3d2a1ce7332d42706f18
Description:
Affects: libsepol < 3.2
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
It is useless as setools-native build is disabled.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
It is useless as setools-native build is disabled.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Disable native/nativesdk build as they don't work for a long time.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Simply adding EXTRA_OEMAKE doesn't work for selinux build. We need to
modify config files in do_configure.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
The sysklogd has been updated to 2.2.3 in oe-core. Update the initscript
to adapt it.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
There are some redundant classes: enable-selinux.bbclass,
with-selinux.bbclass, meson-enable-selinux.bbclass,
meson-selinux.bbclass, enable-audit.bbclass, with-audit.bbclass.
These classes only add PACKAGEOCNFIG[selinux]/[audit] to recipes. But
currently most recipes have added PACKAGECONFIG[selinux]/[audit] in
their bb files. We don't need these anymore. Only keep
enable-selinux.class and enable-audit.class to append
PACKAGECONFIG[selinux]/[audit] for recipes.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
This bbappend was added long time ago and it is useless now.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
The PACKAGECONFIG[selinux] is enabled in lxc recipe.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
The PACKAGECONFIG[selinux] is enabled in augeas recipe.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
The content of the bbappend is already contained in logrotate recipe.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
This bbappend was added long time ago and it is useless now.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
The content of the bbappend is already contained in libcgroup recipe.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
This is the result of automated script conversion:
poky/scripts/contrib/convert-overrides.py meta-selinux
Converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Currently there is no default refpolicy provider and the user must
specify it in local.conf. Set the default refpolicy provider to
refpolicy-targeted in case the user doesn't set it.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
The util-linux has provided chfn and chsh since oe-core commit
804c6b5bd3d398d5ea2a45d6bcc23c76e328ea3f. Update the file context for
them.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Set LAYERSERIES_COMPAT with honister in layer.conf which aligns with
oe-core.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Include example send-email
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
I have been inactive for an extended period.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Signed-off-by: Aníbal Limón <anibal.limon@linaro.org>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Merge inc file into bb file.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Merge inc file into bb file.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Merge inc file into bb file.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Merge inc file into bb file.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Merge inc file into bb file.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
* Merge inc file into bb file.
* Drop obsolete patches:
policycoreutils-make-O_CLOEXEC-optional.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Merge inc file into bb file.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Merge inc file into bb file.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Merge inc file into bb file.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Merge inc file into bb file.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
* Merge inc file into bb file.
* Drop obsolete patches:
libsemanage-define-FD_CLOEXEC-as-necessary.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Merge inc file into bb file.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
* Merge inc file into bb file.
* Drop obsolete patches:
0001-libselinux-do-not-define-gettid-for-musl.patch
libselinux-define-FD_CLOEXEC-as-necessary.patch
libselinux-make-O_CLOEXEC-optional.patch
libselinux-make-SOCK_CLOEXEC-optional.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Merge inc file into bb file.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
* Drop selinux_DATE.inc since upstream now uses X.Y version instead of
date for release tag[1]. Move its content to selinux_common.inc.
* Switch to git repo in SRC_URI, then all selinux recipes can use
unified source.
[1] https://github.com/SELinuxProject/selinux/commit/f63ac245f7addf832e8cde3cc4f26607b738994d
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
This fixes the error below:
gcc: error: unrecognized command line option
‘-fmacro-prefix-map=/path/to/build/libselinux-python/3.0-r0=/usr/src/debug/libselinux-python/3.0-r0’
Without inheriting the config, supposedly a wrong compiler is used.
Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|