diff options
| author | Joe MacDonald <joe@deserted.net> | 2019-04-08 13:50:40 -0400 |
|---|---|---|
| committer | Joe MacDonald <joe@deserted.net> | 2019-04-10 10:57:14 -0400 |
| commit | 776da889b550ac9e5be414a8cc10fd86b1923264 (patch) | |
| tree | 79771fa29c551e934321434f4b5f3da7a27fd91f /recipes-security/refpolicy/refpolicy-targeted_2.20190201.bb | |
| parent | a6a3cadb1ef3203a123d8f5f9df27832f55b2ce3 (diff) | |
| download | meta-selinux-jjm/RELEASE_2.20190201.tar.gz | |
refpolicy: update to 2.20190201 and git HEAD policiesjjm/RELEASE_2.20190201
Additionally, the README has fallen out of date, update it to reflect the
current reality of layer dependencies.
Signed-off-by: Joe MacDonald <joe@deserted.net>
Diffstat (limited to 'recipes-security/refpolicy/refpolicy-targeted_2.20190201.bb')
| -rw-r--r-- | recipes-security/refpolicy/refpolicy-targeted_2.20190201.bb | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy-targeted_2.20190201.bb b/recipes-security/refpolicy/refpolicy-targeted_2.20190201.bb new file mode 100644 index 0000000..1ecdb4e --- /dev/null +++ b/recipes-security/refpolicy/refpolicy-targeted_2.20190201.bb | |||
| @@ -0,0 +1,35 @@ | |||
| 1 | SUMMARY = "SELinux targeted policy" | ||
| 2 | DESCRIPTION = "\ | ||
| 3 | This is the targeted variant of the SELinux reference policy. Most service \ | ||
| 4 | domains are locked down. Users and admins will login in with unconfined_t \ | ||
| 5 | domain, so they have the same access to the system as if SELinux was not \ | ||
| 6 | enabled. \ | ||
| 7 | " | ||
| 8 | |||
| 9 | FILESEXTRAPATHS_prepend := "${THISDIR}/refpolicy-${PV}:" | ||
| 10 | |||
| 11 | POLICY_NAME = "targeted" | ||
| 12 | POLICY_TYPE = "mcs" | ||
| 13 | POLICY_MLS_SENS = "0" | ||
| 14 | |||
| 15 | include refpolicy_${PV}.inc | ||
| 16 | |||
| 17 | SYSTEMD_REFPOLICY_PATCHES = " \ | ||
| 18 | file://0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch \ | ||
| 19 | file://0002-refpolicy-minimum-locallogin-add-allow-rules-for-typ.patch \ | ||
| 20 | file://0003-refpolicy-minimum-systemd-unconfined-lib-add-systemd.patch \ | ||
| 21 | file://0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch \ | ||
| 22 | file://0005-refpolicy-minimum-init-fix-reboot-with-systemd-as-in.patch \ | ||
| 23 | file://0006-refpolicy-minimum-systemd-mount-enable-required-refp.patch \ | ||
| 24 | file://0007-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch \ | ||
| 25 | file://0008-refpolicy-minimum-systemd-fix-for-systemd-tmp-files-.patch \ | ||
| 26 | file://0009-refpolicy-minimum-systemd-fix-for-syslog.patch \ | ||
| 27 | " | ||
| 28 | |||
| 29 | SYSVINIT_REFPOLICY_PATCHES = " \ | ||
| 30 | file://0001-fix-update-alternatives-for-sysvinit.patch \ | ||
| 31 | " | ||
| 32 | |||
| 33 | SRC_URI += " \ | ||
| 34 | ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${SYSTEMD_REFPOLICY_PATCHES}', '${SYSVINIT_REFPOLICY_PATCHES}', d)} \ | ||
| 35 | " | ||