1 files changed, 35 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy-targeted_2.20190201.bb b/recipes-security/refpolicy/refpolicy-targeted_2.20190201.bb
new file mode 100644
index 0000000..1ecdb4e
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy-targeted_2.20190201.bb
@@ -0,0 +1,35 @@
+SUMMARY = "SELinux targeted policy"
+DESCRIPTION = "\
+This is the targeted variant of the SELinux reference policy.  Most service \
+domains are locked down. Users and admins will login in with unconfined_t \
+domain, so they have the same access to the system as if SELinux was not \
+enabled. \
+"
+FILESEXTRAPATHS_prepend := "${THISDIR}/refpolicy-${PV}:"
+POLICY_NAME = "targeted"
+POLICY_TYPE = "mcs"
+POLICY_MLS_SENS = "0"
+include refpolicy_${PV}.inc
+SYSTEMD_REFPOLICY_PATCHES = " \
+        file://0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch \
+        file://0002-refpolicy-minimum-locallogin-add-allow-rules-for-typ.patch \
+        file://0003-refpolicy-minimum-systemd-unconfined-lib-add-systemd.patch \
+        file://0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch \
+        file://0005-refpolicy-minimum-init-fix-reboot-with-systemd-as-in.patch \
+        file://0006-refpolicy-minimum-systemd-mount-enable-required-refp.patch \
+        file://0007-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch \
+        file://0008-refpolicy-minimum-systemd-fix-for-systemd-tmp-files-.patch \
+        file://0009-refpolicy-minimum-systemd-fix-for-syslog.patch \
+        "
+SYSVINIT_REFPOLICY_PATCHES = " \
+        file://0001-fix-update-alternatives-for-sysvinit.patch \
+        "
+SRC_URI += " \
+        ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${SYSTEMD_REFPOLICY_PATCHES}', '${SYSVINIT_REFPOLICY_PATCHES}', d)} \
+        "

diff --git a/recipes-security/refpolicy/refpolicy-targeted_2.20190201.bb b/recipes-security/refpolicy/refpolicy-targeted_2.20190201.bb new file mode 100644 index 0000000..1ecdb4e --- /dev/null +++ b/recipes-security/refpolicy/refpolicy-targeted_2.20190201.bb
@@ -0,0 +1,35 @@
	1	SUMMARY = "SELinux targeted policy"
	2	DESCRIPTION = "\
	3	This is the targeted variant of the SELinux reference policy. Most service \
	4	domains are locked down. Users and admins will login in with unconfined_t \
	5	domain, so they have the same access to the system as if SELinux was not \
	6	enabled. \
	7	"
	8
	9	FILESEXTRAPATHS_prepend := "${THISDIR}/refpolicy-${PV}:"
	10
	11	POLICY_NAME = "targeted"
	12	POLICY_TYPE = "mcs"
	13	POLICY_MLS_SENS = "0"
	14
	15	include refpolicy_${PV}.inc
	16
	17	SYSTEMD_REFPOLICY_PATCHES = " \
	18	file://0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch \
	19	file://0002-refpolicy-minimum-locallogin-add-allow-rules-for-typ.patch \
	20	file://0003-refpolicy-minimum-systemd-unconfined-lib-add-systemd.patch \
	21	file://0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch \
	22	file://0005-refpolicy-minimum-init-fix-reboot-with-systemd-as-in.patch \
	23	file://0006-refpolicy-minimum-systemd-mount-enable-required-refp.patch \
	24	file://0007-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch \
	25	file://0008-refpolicy-minimum-systemd-fix-for-systemd-tmp-files-.patch \
	26	file://0009-refpolicy-minimum-systemd-fix-for-syslog.patch \
	27	"
	28
	29	SYSVINIT_REFPOLICY_PATCHES = " \
	30	file://0001-fix-update-alternatives-for-sysvinit.patch \
	31	"
	32
	33	SRC_URI += " \
	34	${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${SYSTEMD_REFPOLICY_PATCHES}', '${SYSVINIT_REFPOLICY_PATCHES}', d)} \
	35	"