Age | Commit message (Collapse) | Author |
|
This config file was created by postinstall or initscript, the correct
label should be "etc_t", run restorecon /etc/iscsi/initiatorname.iscsi
to fix it and remove below avc denied issues:
avc: denied { read } for pid=6094 comm="iscsid" \
name="initiatorname.iscsi" dev="sda3" ino=1057846 \
scontext=system_u:system_r:iscsid_t:s0-s15:c0.c1023 \
tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Now tar has an option for handling acl enabling/disabling. This is
correctly handled by main tar recipe in oe-core. Thus let's drop the
incorrect PACKAGECONFIG[acl] override from tar_%.bbappend.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
This is to fix the following QA warning:
audit-2.3.2: auditd requires /bin/bash, but no providers in its RDEPENDS [file-rdeps]
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
BBFILE_COLLECTIONS for meta-virtualization is 'virtualization-layer'.
This is required to get lxc bbappend working when meta-virtualization is
added to bblayers.conf.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
The current python bbappend doesn't include any patches, so it's
reasonable to move to a wildcard for the version.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Both the fixfiles and sandbox utilities had dependencies on bash when they
didn't really need to. Update sandbox and patch fixfiles. ifgen is
python script, so ensure that python is listed as a runtime dependency.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Add in support for optional bbappends based on the presence of other
layers in the project and move the lxc recipe to a meta-virtualization
location.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
This is a stop-gap to get meaningful error messages to folks till we get
per-layer bbappends implemented.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
The audit service should be manually stopped with systemd.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
The latest version eliminates the need for the two patches from
fedora. The previously pinned glib version needed updating so drop
that in favor of the default.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
inherit enable-selinux to kill the warning that lxc rdepends on libselinux,
but it isn't a build dependency
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
The recipe in oe-core is already updated:
b463d70 lsof: Upgrade to 4.88
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
This patch has been applied in fedora to fix c99 inline problems.
Upstream hasn't been updated since 2008 and those c99 problems
still exist in the last version 1.0.4.
Signed-off-by: Qian Lei <qianl.fnst@cn.fujitsu.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Official upstream is still OK, so we use it first
Signed-off-by: Qian Lei <qianl.fnst@cn.fujitsu.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
To add coreutils to packagegroup-core-selinux
inorder to get chcon avaibility.
Signed-off-by: Shrikant Bobade <Shrikant_Bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
selinux-init.sh updated to reboot system
normally to fix the labelling during systemd
execution. Due to force reboot labelling won't
be proper and system continuously reboot to
label it like first time boot.
Signed-off-by: Shrikant Bobade <Shrikant_Bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Systemd init type and related allow rules
updated for refpolicy.
Signed-off-by: Shrikant Bobade <Shrikant_Bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
An updated version of the patch to drop linking against libfl was
required.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Update to the latest stable release, 20140506.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
dhcp 4.3 has no selinux related configuration options, but it needs the
correct initscript when SELinux is enabled, so inherit selinux, not
inherit with-selinux
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
dhcp 4.3 has no selinux related configuration options, but it needs the
correct initscript when SELinux is enabled, so inherit selinux, not
inherit with-selinux
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Based on oe-core commit:
commit 1528e596d4906c33e4be83fcf691cfe76d340ff3
Author: Otavio Salvador <otavio@ossystems.com.br>
Date: Thu Apr 24 15:59:20 2014 -0300
Globally replace 'base_contains' calls with 'bb.utils.contains'
The base_contains is kept as a compatibility method and we ought to not
use it in OE-Core so we can remove it from base metadata in future.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Original refpolicy install compressed policy modules to policy store,
but leave datadir ones uncompressed. After, a "compressed_policy" distro
feature is added for compressing the datadir ones.
This simple mechanism is unworthy for a distro feature, just clear it
and use compressed policy modules by default.
Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
|
|
Original prepare_policy_store() has a naming bug for
compressed_policy, fix that and let prepare_policy_store() back.
Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
|
|
Now that the updated refpolicy core variants are available, remove the
previous recipe and patches.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
A simple forward-port of refpolicy-minimum to use the 20140311 base
refpolicy.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
A simple forward-port of refpolicy-targeted to use the 20140311 base
refpolicy. Now that the updated refpolicy core variants are available,
remove the previous recipe.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
A straight update from refpolicy 2.20130424 to 2.20140311 for the core
policy variants and forward-porting of policy patches as appropriate. Now
that the updated refpolicy core variants are available, remove the
previous recipe.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Based on oe-core commit:
commit 1528e596d4906c33e4be83fcf691cfe76d340ff3
Author: Otavio Salvador <otavio@ossystems.com.br>
Date: Thu Apr 24 15:59:20 2014 -0300
Globally replace 'base_contains' calls with 'bb.utils.contains'
The base_contains is kept as a compatibility method and we ought to not
use it in OE-Core so we can remove it from base metadata in future.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Trac has been turned off on OSS. Update all SRC_URI links for the
userspace components to point at the github project releases. The github
releases also have a slightly different directory structure in the
tarballs, requiring an update of the checksums as well.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
|
|
* CONFIG_SECURITY=y
* CONFIG_SECURITYFS=y
Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
|
|
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
|
|
Split do_install() to:
+ prepare_policy_store()
+ rebuild_policy()
+ install_misc_files()
This allows to make partial change to do_install() instead of re-write
it totally from specific refpolicy bb file.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
|
|
seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions,
and executes programs in a way that changes the relationship between the
setuid system call and the getresuid saved set-user-ID value, which makes
it easier for local users to gain privileges by leveraging a program that
mistakenly expected that it could permanently drop privileges.
Pick a patch from below link to address the CVE-2014-3215.
https://bugzilla.redhat.com/attachment.cgi?id=829864
Signed-off-by: Shan Hai <shan.hai@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
|
|
Remove PR, since oe-core has a new version.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
|