Age | Commit message (Collapse) | Author |
|
Signed-off-by: Philip Tricca <flihp@twobit.us>
create mode 100644 recipes-extended/sudo/sudo_%.bbappend
delete mode 100644 recipes-extended/sudo/sudo_1.8.8.bbappend
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
|
|
Version 1.27.x has a new --without-selinux option, so change to
inherit with-selinux since we have droped the selinux patch.
Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
|
|
Rename most recipes
Update a few recipes as needed:
* tar: Newer version has xattr and selinux support
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
This renames the bbappend as well as a minor tweak to the selinux patch.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
[ CQID: WIND00425413 ]
pam.d/login refered to the /etc/default/locale env file.
This file is not used in oe-core/Poky.
Remove the this reference to avoid error messages in auth.log.
Signed-off-by: Qiang Chen <qiang.chen@windriver.com>
Signed-off-by: Jeff Polk <jeff.polk@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
In policycoreutils-2.13+, restorecon changes its default behaviour,
and does not restore context if the file' type is correct, even its
mcs/mls level is incorrect.
We should force it always to restore file contexts in initscripts to
avoid issues.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
If acl is a distro feature, we want to depend
on it. Note that without the xattrs patch, tar
cannot deal with acl information.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Rebase the bbappends to match the current oe-core versions.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
select_context param for pam_selinux module attempt to ask the user
for a custom security context role while login.
Admins and linux distros hardly use this param to the pam configs,
because this adds a new step in login process, and users could use
"newrole" command instead after login in.
Moreover, this is totally unnecessary for policy types without
multiple roles.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
We add pam conf files for login/sshd to use pam_selinux module. When
selinux is not in DISTRO_FEATURES, pam-plugin-selinux would not be
built, this will cause runtime errors to not allow users to login in
on the console or ssh.
Use @target_selinux() to enable these pam conf files conditionally.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
oe-core 9e64079063fc4748b48eee0e2592caf8ba9de10e has split ${B} of
findutils into a different path from ${S}, this would cause build
failures.
.../findutils/4.4.2-r6.5/temp/run.do_configure.25396:
line 87: ./import-gnulib.sh: No such file or directory
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
sed-4.2.2 now has new configure option --with-selinux,
so inherit with-selinux bbclass.
Also, remove the patch since new version fix the issue.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
sysklogd would create /dev/log and create log files in /var/log
with the default security contexts while starting.
So we should restore the correct security contexts.
The initscript file is from oe-core, and add these lines after
the start action.
test ! -x /sbin/restorecon || \
/sbin/restorecon -R /dev/log /var/log/
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
login should use pam_selinux module to label security contexts of
processes while login into system.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Fix this error:
===================
| mkdir -p /var/run/sepermit
| mkdir: cannot create directory `/var/run/sepermit': Permission denied
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Add a suitable version of gnulib into SRC_URI, and run
import-gnulib.sh to update it.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
[ CQID: WIND00365962 ]
Rather than following the approach in
findutils-with-selinux-gnulib.patch,
the import-gnulib configuration was
modified to enable fetching the latest updates
related to selinux support. Specifically,
selinux-at module is now in fetched in gnulib
in order for it be used by findutils if
selinux is enabled.
Signed-off-by: Aws Ismail <aws.ismail@windriver.com>
|
|
Current patches for selinux simply add selinux codes without
conditional switches.
And also, the gnulib patch is incomplete.
These will cause build failures while we include selinux layers but
do not specify selinux in DISTO_FEATURES.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Add the selinux support for logrotate.
Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|