| Age | Commit message (Collapse) | Author |
|---|
|
We add pam conf files for login/sshd to use pam_selinux module. When
selinux is not in DISTRO_FEATURES, pam-plugin-selinux would not be
built, this will cause runtime errors to not allow users to login in
on the console or ssh.
Use @target_selinux() to enable these pam conf files conditionally.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
|
|
Backport configure option with-selinux from master. If the feature
selinux is enabled, sed should depend on iti; Otherwise sed doesn't
need to depend on selinux at all.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
sysklogd would create /dev/log and create log files in /var/log
with the default security contexts while starting.
So we should restore the correct security contexts.
The initscript file is from oe-core, and add these lines after
the start action.
test ! -x /sbin/restorecon || \
/sbin/restorecon -R /dev/log /var/log/
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
login should use pam_selinux module to label security contexts of
processes while login into system.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Fix this error:
===================
| mkdir -p /var/run/sepermit
| mkdir: cannot create directory `/var/run/sepermit': Permission denied
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Add a suitable version of gnulib into SRC_URI, and run
import-gnulib.sh to update it.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
[ CQID: WIND00365962 ]
Rather than following the approach in
findutils-with-selinux-gnulib.patch,
the import-gnulib configuration was
modified to enable fetching the latest updates
related to selinux support. Specifically,
selinux-at module is now in fetched in gnulib
in order for it be used by findutils if
selinux is enabled.
Signed-off-by: Aws Ismail <aws.ismail@windriver.com>
|
|
Current patches for selinux simply add selinux codes without
conditional switches.
And also, the gnulib patch is incomplete.
These will cause build failures while we include selinux layers but
do not specify selinux in DISTO_FEATURES.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Add the selinux support for logrotate.
Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Also add a patch to support xattrs and selinux.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
|
The upstream source appears to be down, find an alternative.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
Xin Ouyang
Jackie Huang
wenzong.fan@windriver.com
Aws Ismail
Xiaofeng Yan
Mark Hatle