| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
|
Some new packages added after SELinux uprev to 2.7, sync the package
names accordingly:
policycoreutils-audit2allow -> selinux-python-audit2allow
policycoreutils-chcat -> selinux-python-chcat
policycoreutils-python -> selinux-python
policycoreutils-semanage -> selinux-python-semanage
policycoreutils-sandbox -> selinux-sandbox
policycoreutils-sepolgen-ifgen -> selinux-python-sepolgen-ifgen
policycoreutils-sepolicy -> selinux-python-sepolicy,
selinux-dbus
policycoreutils-semodule-deps -> semodule-utils-semodule-deps
policycoreutils-semodule-expand -> semodule-utils-semodule-expand
policycoreutils-semodule-link -> semodule-utils-semodule-link
policycoreutils-semodule-package -> semodule-utils-semodule-package
system-config-selinux -> selinux-gui
sepolgen -> selinux-python-sepolgen
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
|
SETools v4 is a rewrite of SETools in Python, details refer to:
https://github.com/TresysTechnology/setools/wiki/Changes-Since-SETools-v3
Changes for upreving:
* removed setools_3.3.8.bb and all useless patch
* add patches to fix cross-compiling issues:
- setools4-fixes-for-cross-compiling.patch
- setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
|
Those tools have been moved from policycoreutils to semodule-utils:
semodule_deps, semodule_expand, semodule_link, semodule_package
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
|
Underscore ("_") should be used for variable overrides.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
|
|
Remove setools from DEPENDS/RDEPENDS, it was required by sepolicy,
sepolgen, semanage which have been moved to python/*.
Rebase patch:
- policycoreutils-fixfiles-de-bashify.patch
Drop useless patch:
- policycoreutils-loadpolicy-symlink.patch
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
|
Move policycoreutils/gui to gui and cleanup policycoreutils.inc.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
|
Move policycoreutils/sepolicy/dbus to dbus.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
|
Move policycoreutils/semodule_* to semodule-utils/*:
- policycoreutils/semodule_deps -> semodule-utils/semodule_deps
- policycoreutils/semodule_expand -> semodule-utils/semodule_expand
- policycoreutils/semodule_link -> semodule-utils/semodule_link
- policycoreutils/semodule_package -> semodule-utils/semodule_package
* Cleanup policycoreutils.inc
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
|
Move packages to python/*:
- policycoreutils/semanage -> python/semanage
- policycoreutils/audit2allow -> python/audit2allow
- policycoreutils/sepolgen-ifgen -> python/audit2allow/sepolgen-ifgen
- policycoreutils/sepolicy -> python/sepolicy
- policycoreutils/scripts/chcat -> python/chcat
- sepolgen -> python/sepolgen
* Move and rebase patches:
- policycoreutils-fix-TypeError-for-seobject.py.patch
- policycoreutils-fix-sepolicy-install-path.patch
- policycoreutils-process-ValueError-for-sepolicy-seobject.patch
* Cleanup policycoreutils.inc and policycoreutils_2.7.bb
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
|
Move policycoreutils/sandbox to sandbox:
* Move and rebase patch:
- policycoreutils-sandbox-de-bashify.patch
* Cleanup policycoreutils.inc
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
|
Move policycoreutils/restorecond to restorecond:
* Move and rebase patch:
- policycoreutils-make-O_CLOEXEC-optional.patch
* Cleanup policycoreutils_2.7.bb.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
|
Move policycoreutils/mcstrans to mcstrans:
* Move and rebase patches:
- mcstrans-de-bashify.patch
- 0001-mcstrans-fix-the-init-script.patch
* Remove useless patch:
- enable-mcstrans.patch
* Cleanup policycoreutils_2.7.bb and policycoreutils.inc.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
|
The package has been moved to selinux-python/sepolgen.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
|
Uprev the recipe file as is.
Some packages have been moved out from policycoreutils, they will be
added as new packages and the policycoreutils.inc need to be cleaned
up from later commits accordingly.
Moved packages:
From: To:
- policycoreutils/gui gui
- policycoreutils/mcstrans mcstrans
- policycoreutils/restorecond restorecond
- policycoreutils/sandbox sandbox
- policycoreutils/sepolicy/dbus dbus
- policycoreutils/semodule_deps semodule-utils/semodule_deps
- policycoreutils/semodule_expand semodule-utils/semodule_expand
- policycoreutils/semodule_link semodule-utils/semodule_link
- policycoreutils/semodule_package semodule-utils/semodule_package
- policycoreutils/semanage python/semanage
- policycoreutils/audit2allow python/audit2allow
- policycoreutils/sepolgen-ifgen python/audit2allow/sepolgen-ifgen
- policycoreutils/sepolicy python/sepolicy
- policycoreutils/scripts/chcat python/chcat
Released package list refer to:
https://github.com/SELinuxProject/selinux/wiki/Releases
Cleanup the patch file that have been removed in 2.6:
- policycoreutils-fts_flags-FTS_NOCHDIR.patch
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
|
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
|
Remove patch that included by new version:
- checkpolicy-Do-not-link-against-libfl.patch
Specify LIBSEPOLA to fix build error:
make[1]: *** No rule to make target `/usr/lib/libsepol.a'
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
|
Remove patches that included by new version:
- 0001-libsemanage-simplify-string-utilities-functions.patch
- 0002-libsemanage-add-semanage_str_replace-utility-functio.patch
- 0003-libsemanage-genhomedircon-drop-ustr-dependency.patch
- 0004-libsemanage-remove-ustr-library-from-Makefiles-READM.patch
- libsemanage-fix-path-len-limit.patch
Rebase patch:
- libsemanage-allow-to-disable-audit-support.patch
Set PYCEXT and PYSITEDIR to generate the _semanage.so and install it
to ${libdir}/python${PYTHON_BASEVERSION}/site-packages.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
|
Specify LIBSEPOLA to fix build error:
make[1]: *** No rule to make target `/usr/lib/libsepol.a',
needed by `python-2.7audit2why.so'. Stop.
Add python-importlib to RDEPENDS_${PN}-python.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
|
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
|
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
|
Changed in V5:
Let the subject more clear.
Changed in V4:
Make the comments more clear.
Changed in V3:
Rebase the patch on the latest master branch.
Delete the does not exist files when run task do_package.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
This updates all of the common policies. standard, minimum, mls and
targeted.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
The targeted, mls and minimum recipes had fallen far behind the upstream
refpolicy repository. Refresh all patches and discard ones that are
obviously no longer needed. This should not have any functional change on
the policies.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
selinux images attempt to label the filesystem image at creation time.
This depends on a native setfiles, though, which isn't guaranteed to be
present without the DEPEND addition.
If the 'setfiles' call fails, that shouldn't be fatal, though, it can
always be run at first boot time, as is commonly done with desktop and
server distros.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Fixing labels after local-fs.target to make sure all mounted
filesystems labeled correctly.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
The behavior of b{zip,unzip}2 an vary from host to host with
regards to a number of things such as return value or permissions.
We should always use the native bzip2 package to keep the behavior
deterministic. This change prevents a warning at do_package_qa
task of refpolicy-mls package.
Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Use the upstream patches to remove the dependency on ustr which no
longer builds with new versions of GCC and the author is unresponsive
and the site hosting the code is down.
Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Not intended as a final patch, this is just a quick hack for master-next
to enable building meta-selinux on current yocto base images.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Added swig-native to DEPENDS
Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Fixed:
msgfmt -o af.mo af.po
make[1]: msgfmt: Command not found
make[1]: *** [af.mo] Error 127
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Fixed:
swig -Wall -python -o semanageswig_wrap.c -outdir ./ semanageswig_python.i
make[1]: swig: Command not found
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Fixed:
make[4]: swig: Command not found
make[4]: *** [audit_wrap.c] Error 127
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
A number of upstream changes caused patch conflicts or duplication in the
final policy. Update the list of git patches appropriately.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Some variables are exported by top Makefile and updated from sub
Makefile (such as PCRE_LDFLAGS, DISABLE_FLAGS ...).
The '-e' option prevents those variables from updating in the sub
Makefile and causes libselinux build errors:
| label.lo:(.data.rel.ro.local+0x20): undefined reference to `selabel_property_init'
| label.lo:(.data.rel.ro.local+0x28): undefined reference to `selabel_service_init'
oe-core also cleaned such default value from commit: aeb65386
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
* rebase patch:
- policycoreutils-process-ValueError-for-sepolicy-seobject.patch
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
* rebase patch:
- libselinux-make-O_CLOEXEC-optional.patch
* cleanup patches:
- libselinux-only-mount-proc-if-necessary.patch
- libselinux-procattr-return-einval-for-0-pid.patch
- libselinux-procattr-return-error-on-invalid-pid.patch
* other fixes:
- remove useless variables according to latest Makefile
- update FILES_${PN}-python to match the installed file:
'${libdir}/python2.7/site-packages/_selinux.so'.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
iproute2 calls command pkg-config to check whether libselinux exists
then enable or disable selinux support. That makes packageconfig doesn't
work.
The packageconfig selinux is set by checking whether distro feature
selinux exists in with-selinux.bbclass. Modify the configure result file
with same criteria.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
This bbappend moves sysroot lib libpcre.so.x.x.x from /usr/lib to /lib
and symlinks /usr/lib/libpcre.so to ../../lib/libpcre.so.x.x.x, but this
causes certain recipes dependent on libpcre (like pango) to fail because
they also expect libpcre.so.1 to exist which this recipe omits to create.
(the reason why the lib is moved in the first place is to avoid a QA issue
because there's a risk for /usr to be on another partition)
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
When using udev-cache, the eudev init script had been explicitly calling
'setenforce 1'. That's no longer necessary with updates to other parts of
eudev and the presence of the call prevented booting core-image-selinux*
systems in permissive mode. Remove the call to allow permissive booting.
[YOCTO #7506]
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
Wenzong Fan
Jackie Huang
Dengke Du
Joe MacDonald
Alexandru Moise
Doug Goldstein
Tim Orling
Robert Yang
Kai Kang
Ioan-Adrian Ratiu