summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* libpcre: uprev to 8.32 to fit oe-coreXin Ouyang2013-05-131-1/+2
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* glib-2.0: uprev to 2.36.1 to fit oe-coreXin Ouyang2013-05-131-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* openssh: uprev to 6.2p1 to fit oe-coreXin Ouyang2013-05-131-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* libsemanage: drop flag: -Wno-unused-but-set-variableRandy MacLeod2013-05-013-4/+25
| | | | | | | | | The flag: -Wno-unused-but-set-variable isn't supported on older versions of gcc such as gcc-4.1.2 which is the native compiler for RHEL-5.9. Drop this warning flag for both the native and target builds. Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* libselinux: drop flag: -Wno-unused-but-set-variableRandy MacLeod2013-04-302-3/+23
| | | | | | | | | The flag: -Wno-unused-but-set-variable isn't supported on older versions of gcc such as gcc-4.1.2 which is the native compiler for RHEL-5.9. I've droped this warning flag for both the native and target builds. Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* libpcre: move library to base_libdir to avoid QA issueXin Ouyang2013-04-251-0/+12
| | | | | | | | | Fix these QA warnings. WARNING: QA Issue: package_a: lib_a, installed in the base_prefix, requires a shared library under exec_prefix (/usr): libpcre.so.0 => /usr/lib64/libpcre.so.0 Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* shadow: drop select_context for login pam_selinuxXin Ouyang2013-04-252-2/+2
| | | | | | | | | | | | | | select_context param for pam_selinux module attempt to ask the user for a custom security context role while login. Admins and linux distros hardly use this param to the pam configs, because this adds a new step in login process, and users could use "newrole" command instead after login in. Moreover, this is totally unnecessary for policy types without multiple roles. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* selinux userspace: uprev to release 2.20120924Xin Ouyang2013-04-2422-4083/+118
| | | | | | | | | | | | | | | | | Upreved packages: - checkpolicy to 2.1.11 - libselinux to 2.1.12 - libsemanage to 2.1.9 - libsepol to 2.1.8 - policycoreutils to 2.1.13 - sepolgen to 1.1.8 Misc changes: - libselinux has a new depend for libpcre - drop patches that new version merged - set PR to r0 for new version Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* openssl: remove bbappend since oe-core mergedXin Ouyang2013-04-161-3/+0
| | | | | | | | | oe-core has used "-Wa,--noexecstack" in CFLAG not only for native now, so the bbappend should be removed. http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-connectivity/openssl/openssl.inc?id=4fb837687dd68363f25fbfc15207dd05d1369661 Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* shadow/openssh: use pam_selinux only if target_selinux enabledXin Ouyang2013-04-152-6/+6
| | | | | | | | | | We add pam conf files for login/sshd to use pam_selinux module. When selinux is not in DISTRO_FEATURES, pam-plugin-selinux would not be built, this will cause runtime errors to not allow users to login in on the console or ssh. Use @target_selinux() to enable these pam conf files conditionally. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* audit: use generated headers for cross compilingXin Ouyang2013-04-013-334/+2442
| | | | | | | | | | | | | | | | | | | Default audit Makefile will generate native executables in lib/ and auparse/, which are named as gen_*_h and run on the hosts to create *_tables.h/*tabs.h header files for the targets. This is inappropriate for our cross compiling because they need linux-libc-headers from the host. Even worse, on some old hosts, build will fail because some .h files in the old linux-libc-headers (<= 2.6.29) has incomplete DEFINE lists for the audit system. So add *tables.h/*tabs.h header files which are generated from linux-libc-headers-3.4, and do not generate and run those native executables. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* coreutils: uprev to 8.21 to fit oe-coreXin Ouyang2013-04-011-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* findutils: Fix case where ${B} != ${S}Xin Ouyang2013-04-011-1/+1
| | | | | | | | | | | oe-core 9e64079063fc4748b48eee0e2592caf8ba9de10e has split ${B} of findutils into a different path from ${S}, this would cause build failures. .../findutils/4.4.2-r6.5/temp/run.do_configure.25396: line 87: ./import-gnulib.sh: No such file or directory Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* mesa: rename mesa-dri to mesa to fit oe-coreXin Ouyang2013-04-011-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* cronie: uprev to fit oe-core versionXin Ouyang2013-03-211-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* python-ipy: fix PN -> BPN in do_install for multilibsJackie Huang2013-03-191-3/+3
| | | | Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
* ustr: fix PN -> BPN in do_install for multilibsJackie Huang2013-03-191-6/+6
| | | | Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
* refpolicy: oe-core /var/log symlink policy for apacheXin Ouyang2013-03-193-1/+30
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* refpolicy*: fix file contexts for many oe-core recipesXin Ouyang2013-03-1915-0/+403
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* libcap-ng: fix the QA issue for libcap-ng.so*Xin Ouyang2013-03-151-1/+11
| | | | | | | Some binaries in base_sbindir have libcap-ng.so* depends, so move libcap-ng.so* to avoid QA warnings. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* meta-selinux: Add LAYERVERSION and LAYERDEPENDSWenzong Fan2013-03-151-0/+5
| | | | | | Add LAYERVERSION and LAYERDEPENDS to layer.conf Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
* sudo: uprev to 1.8.6p7 to fit oe-coreXin Ouyang2013-03-091-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* kernel: add linux-3.8 bbappendXin Ouyang2013-03-091-0/+7
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* kernel: remove 3.0 bbappend to fit oe-coreXin Ouyang2013-03-091-4/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* refpolicy: two patches for nfs-kernel-serverXin Ouyang2013-03-095-4/+104
| | | | | | | | We still miss some rules for nfsd to bind on nfs ports, so add a patch to fix this. oe-core changed nfsd to use portmap, so also fix file contexts for portmap. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* sudo: uprev to fit oe-core versionXin Ouyang2013-03-071-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* initscript: append restorecon lines instead of a final scriptXin Ouyang2013-03-052-204/+7
| | | | | | | | | | | | Current meta-selinux provides a populate-volatile.sh for adding restorecon lines to the oe-core script. If other meta layers would add a new populate-volatile.sh, it will override the oe-core and meta-selinux ones and cause selinux issues. So append restorecon lines to the original script instead of a final script. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* bind: restore rndc.key security contextXin Ouyang2013-03-021-3/+6
| | | | | | | rndc.key would be labeled with wrong named_zone_t inherited from /etc/bind while creating, so restorecon on it. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* augeas: uprev to oe-core versionXin Ouyang2013-03-011-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* swig: add native wrapper for SWIGLIBXin Ouyang2013-02-271-1/+8
| | | | | | | | | | | | Native swig will read datas from hard-coded SWIGLIB or the same environment variable. While using sstate, the hard-coded SWIGLIB will point to the project that create original sstates. This would cause build issues, so add a wrapper to set the environment variable SWIGLIB to a relative path on current sysroot. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* bind: use volatiles to create /var subdirs.Xin Ouyang2013-02-272-0/+14
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* refpolicy: add selinux-config RDEPENDSXin Ouyang2013-02-271-1/+1
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* refpolicy: fix file contexts for bindXin Ouyang2013-02-272-0/+37
| | | | | | | Some files of bind are not installed to default pathes, fix the security contexts for these files. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* refpolicy: add rules for /var/cache symlinkXin Ouyang2013-02-272-0/+510
| | | | | | | | /var/cache is a symlink in poky, so we need allow rules for files to read lnk_file while doing search/list/delete/rw.. in /var/cache/ directory. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* packages: uprev bbappends to fit oe-coreXin Ouyang2013-02-227-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* policycoreutils: target build alway need libcgroup&libcap-ngXin Ouyang2013-02-171-2/+4
| | | | | | | Target package policycoreutils-sandbox always needs libcgroup and libcap-ng, so it should not be conditional. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* libsemanage: fix incorrect path for nologinXin Ouyang2013-02-173-4/+43
| | | | | | | shadow package of oe-core and Debian has installed nologin into /usr/sbin, so fix this path. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* mesa-dri: inherit enable-selinuxXin Ouyang2013-01-311-0/+3
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* coreutils: inherit with-selinuxXin Ouyang2013-01-311-0/+3
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* libxcb: inherit enable-selinuxXin Ouyang2013-01-311-0/+8
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* gnupg: inherit enable-selinuxXin Ouyang2013-01-311-0/+5
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* libcap-ng: remove old versionXin Ouyang2013-01-301-30/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* rpm: inherit with-selinuxXin Ouyang2013-01-291-3/+2
| | | | | | | We should also enable selinux only for target rpm, so inherit with-selinux. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* setools: fix incorrect PYTHON_LDFLAGS.Xin Ouyang2013-01-241-2/+2
| | | | | | | | | | | | | PYTHON_LDFLAGS is considered as the full path of libpython2.7.so, dirname of the .so file will be expanded into -L<DIR>. As a result, current PYTHON_LDFLAGS cause this compile result: ${CC} ... -L-LXXX/tmp/sysroots/qemux86-64/usr/lib64 -L-lapol -lqpol -o _sesearch.so So "-lapol" is ignored, fix this. CQID: WIND00400717 Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* refpolicy: policy fixes for seutils and auditd_log_tXin Ouyang2013-01-233-12/+104
| | | | | | | | | | | | Two patches to fix these two issue: * Current policy has incomplete allow rules for selinux utils to manage selinux config files and policy store. * auditd_log_t(/var/log/audit/audit.log) is also placed in var_log_t, so add related rules. CQID: WIND00396415 Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* refpolicy: file contexts for alternatives of shadowXin Ouyang2013-01-223-1/+36
| | | | | | CQID: WIND00399962 Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* policycoreutils: inherit selinuxXin Ouyang2013-01-221-5/+5
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* audit: admin tools&daemons install to base_sbindirXin Ouyang2013-01-223-39/+7
| | | | | | | | audit admin tools and daemons should install to base_sbindir, so they can get correct security labels after selinux restorecon command. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* sed: inherit with-selinux for new versionXin Ouyang2013-01-192-76/+2
| | | | | | | | sed-4.2.2 now has new configure option --with-selinux, so inherit with-selinux bbclass. Also, remove the patch since new version fix the issue. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* packages: uprev bbappends to fit oe-coreXin Ouyang2013-01-194-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-24 04:21:41 +0000