1 files changed, 44 insertions, 4 deletions
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index 2ce02ac..137ccee 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -1,6 +1,6 @@
 DEFAULT_ENFORCING ??= "enforcing"
-SECTION = "base"
+SECTION = "admin"
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
@@ -9,11 +9,51 @@ PROVIDES += "virtual/refpolicy"
 RPROVIDES_${PN} += "refpolicy"
 # Specific config files for Poky
-SRC_URI += "file://customizable_types \
+SRC_URI += "file://customizable_types  \
-            file://setrans-mls.conf \
+            file://setrans-mls.conf  \
-            file://setrans-mcs.conf \
+            file://setrans-mcs.conf  \
           "
+# Base patches applied to all Yocto-based platforms.  Your own version of
+# refpolicy should provide a version of these and place them in your own
+# refpolicy-${PV} directory.
+SRC_URI += " \
+        file://0001-fc-subs-volatile-alias-common-var-volatile-paths.patch \
+        file://0002-fc-subs-busybox-set-aliases-for-bin-sbin-and-usr.patch \
+        file://0003-fc-sysklogd-apply-policy-to-sysklogd-symlink.patch \
+        file://0004-fc-hostname-apply-policy-to-common-yocto-hostname-al.patch \
+        file://0005-fc-bash-apply-usr-bin-bash-context-to-bin-bash.bash.patch \
+        file://0006-fc-resolv.conf-label-resolv.conf-in-var-run-properly.patch \
+        file://0007-fc-login-apply-login-context-to-login.shadow.patch \
+        file://0008-fc-bind-fix-real-path-for-bind.patch \
+        file://0009-fc-hwclock-add-hwclock-alternatives.patch \
+        file://0010-fc-dmesg-apply-policy-to-dmesg-alternatives.patch \
+        file://0011-fc-ssh-apply-policy-to-ssh-alternatives.patch \
+        file://0012-fc-sysnetwork-apply-policy-to-ip-alternatives.patch \
+        file://0013-fc-udev-apply-policy-to-udevadm-in-libexec.patch \
+        file://0014-fc-rpm-apply-rpm_exec-policy-to-cpio-binaries.patch \
+        file://0015-fc-su-apply-policy-to-su-alternatives.patch \
+        file://0016-fc-fstools-fix-real-path-for-fstools.patch \
+        file://0017-policy-module-logging-Add-the-syslogd_t-to-trusted-o.patch \
+        file://0018-policy-module-logging-add-rules-for-the-symlink-of-v.patch \
+        file://0019-policy-module-logging-add-rules-for-syslogd-symlink-.patch \
+        file://0020-policy-module-logging-add-domain-rules-for-the-subdi.patch \
+        file://0021-policy-module-files-add-rules-for-the-symlink-of-tmp.patch \
+        file://0022-policy-module-terminals-add-rules-for-bsdpty_device_.patch \
+        file://0023-policy-module-terminals-don-t-audit-tty_device_t-in-.patch \
+        file://0024-policy-module-rpc-allow-nfsd-to-exec-shell-commands.patch \
+        file://0025-policy-module-rpc-fix-policy-for-nfsserver-to-mount-.patch \
+        file://0026-policy-module-sysfs-fix-for-new-SELINUXMNT-in-sys.patch \
+        file://0027-policy-module-rpc-allow-sysadm-to-run-rpcinfo.patch \
+        file://0028-policy-module-userdomain-fix-selinux-utils-to-manage.patch \
+        file://0029-policy-module-selinuxutil-fix-setfiles-statvfs-to-ge.patch \
+        file://0030-policy-module-admin-fix-dmesg-to-use-dev-kmsg-as-def.patch \
+        file://0031-policy-module-ftp-add-ftpd_t-to-mls_file_write_all_l.patch \
+        file://0032-policy-module-init-update-for-systemd-related-allow-.patch \
+        file://0033-refpolicy-minimum-make-sysadmin-module-optional.patch \
+        file://0034-policy-module-apache-add-rules-for-the-symlink-of-va.patch \
+   "
 S = "${WORKDIR}/refpolicy"
 CONFFILES_${PN} += "${sysconfdir}/selinux/config"

diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc index 2ce02ac..137ccee 100644 --- a/recipes-security/refpolicy/refpolicy_common.inc +++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -1,6 +1,6 @@
1	DEFAULT_ENFORCING ??= "enforcing"	1	DEFAULT_ENFORCING ??= "enforcing"
2		2
3	SECTION = "base"	3	SECTION = "admin"
4	LICENSE = "GPLv2"	4	LICENSE = "GPLv2"
5		5
6	LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"	6	LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
@@ -9,11 +9,51 @@ PROVIDES += "virtual/refpolicy"
9	RPROVIDES_${PN} += "refpolicy"	9	RPROVIDES_${PN} += "refpolicy"
10		10
11	# Specific config files for Poky	11	# Specific config files for Poky
12	SRC_URI += "file://customizable_types \	12	SRC_URI += "file://customizable_types \
13	file://setrans-mls.conf \	13	file://setrans-mls.conf \
14	file://setrans-mcs.conf \	14	file://setrans-mcs.conf \
15	"	15	"
16		16
		17	# Base patches applied to all Yocto-based platforms. Your own version of
		18	# refpolicy should provide a version of these and place them in your own
		19	# refpolicy-${PV} directory.
		20	SRC_URI += " \
		21	file://0001-fc-subs-volatile-alias-common-var-volatile-paths.patch \
		22	file://0002-fc-subs-busybox-set-aliases-for-bin-sbin-and-usr.patch \
		23	file://0003-fc-sysklogd-apply-policy-to-sysklogd-symlink.patch \
		24	file://0004-fc-hostname-apply-policy-to-common-yocto-hostname-al.patch \
		25	file://0005-fc-bash-apply-usr-bin-bash-context-to-bin-bash.bash.patch \
		26	file://0006-fc-resolv.conf-label-resolv.conf-in-var-run-properly.patch \
		27	file://0007-fc-login-apply-login-context-to-login.shadow.patch \
		28	file://0008-fc-bind-fix-real-path-for-bind.patch \
		29	file://0009-fc-hwclock-add-hwclock-alternatives.patch \
		30	file://0010-fc-dmesg-apply-policy-to-dmesg-alternatives.patch \
		31	file://0011-fc-ssh-apply-policy-to-ssh-alternatives.patch \
		32	file://0012-fc-sysnetwork-apply-policy-to-ip-alternatives.patch \
		33	file://0013-fc-udev-apply-policy-to-udevadm-in-libexec.patch \
		34	file://0014-fc-rpm-apply-rpm_exec-policy-to-cpio-binaries.patch \
		35	file://0015-fc-su-apply-policy-to-su-alternatives.patch \
		36	file://0016-fc-fstools-fix-real-path-for-fstools.patch \
		37	file://0017-policy-module-logging-Add-the-syslogd_t-to-trusted-o.patch \
		38	file://0018-policy-module-logging-add-rules-for-the-symlink-of-v.patch \
		39	file://0019-policy-module-logging-add-rules-for-syslogd-symlink-.patch \
		40	file://0020-policy-module-logging-add-domain-rules-for-the-subdi.patch \
		41	file://0021-policy-module-files-add-rules-for-the-symlink-of-tmp.patch \
		42	file://0022-policy-module-terminals-add-rules-for-bsdpty_device_.patch \
		43	file://0023-policy-module-terminals-don-t-audit-tty_device_t-in-.patch \
		44	file://0024-policy-module-rpc-allow-nfsd-to-exec-shell-commands.patch \
		45	file://0025-policy-module-rpc-fix-policy-for-nfsserver-to-mount-.patch \
		46	file://0026-policy-module-sysfs-fix-for-new-SELINUXMNT-in-sys.patch \
		47	file://0027-policy-module-rpc-allow-sysadm-to-run-rpcinfo.patch \
		48	file://0028-policy-module-userdomain-fix-selinux-utils-to-manage.patch \
		49	file://0029-policy-module-selinuxutil-fix-setfiles-statvfs-to-ge.patch \
		50	file://0030-policy-module-admin-fix-dmesg-to-use-dev-kmsg-as-def.patch \
		51	file://0031-policy-module-ftp-add-ftpd_t-to-mls_file_write_all_l.patch \
		52	file://0032-policy-module-init-update-for-systemd-related-allow-.patch \
		53	file://0033-refpolicy-minimum-make-sysadmin-module-optional.patch \
		54	file://0034-policy-module-apache-add-rules-for-the-symlink-of-va.patch \
		55	"
		56
17	S = "${WORKDIR}/refpolicy"	57	S = "${WORKDIR}/refpolicy"
18		58
19	CONFFILES_${PN} += "${sysconfdir}/selinux/config"	59	CONFFILES_${PN} += "${sysconfdir}/selinux/config"