summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* refpolicy: make proftpd be able to workRoy Li2014-04-032-0/+40
| | | | | Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* audit: fix the permission of configuration fileRoy Li2014-04-031-0/+3
| | | | | | | A ordinary use should not to access auditd configuration files Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* audit: Add systemd supportRoy Li2014-04-033-2/+38
| | | | | | | Audit unit file is from https://fedorahosted.org/audit/browser/trunk/init.d/auditd.service Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: allow sysadm to run rpcbindRoy Li2014-04-032-0/+34
| | | | | Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* core-image-selinux: update 'core-basic' packagegroupJoe MacDonald2014-04-031-1/+1
| | | | | | | packagegroup-core-basic has been renamed to packagegroup-full-cmdline, update our core-image-selinux. Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: Updated FILESEXTRAPATHS_prepend valueAlexandru.Vaduva2014-04-031-1/+1
| | | | | | | | | | | | The value was defined as: FILESEXTRAPATHS_prepend := "${THISDIR}/refpolicy-${PV}:" and changed it to: FILESEXTRAPATHS_prepend := "${THISDIR}/refpolicy-2.20130424:" becase the bb that inherit this overwrites the PV every time, changing its name. Signed-off-by: Alexandru.Vaduva <Alexandru.Vaduva@enea.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: fix real path for su.shadowWenzong Fan2014-02-132-0/+26
| | | | | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: backport two patches to fix dhclient, hostname and ifconfigRoy Li2014-02-123-0/+102
| | | | | Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: fix ftpwho install dirRoy Li2014-02-122-0/+28
| | | | | | | ftpwho is installed into /usr/bin, not /usr/sbin. Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libcgroup: Use wildcard for version number in libcgroup bbappend.Philip Tricca2014-02-121-0/+0
| | | | | | | | Signed-off-by: Philip Tricca <flihp@twobit.us> create mode 100644 recipes-core/libcgroup/libcgroup_%.bbappend delete mode 100644 recipes-core/libcgroup/libcgroup_0.38.bbappend Signed-off-by: Joe MacDonald <joe@deserted.net>
* sudo: Use wildcard for version number in sudo bbappend.Philip Tricca2014-02-121-0/+0
| | | | | | | | Signed-off-by: Philip Tricca <flihp@twobit.us> create mode 100644 recipes-extended/sudo/sudo_%.bbappend delete mode 100644 recipes-extended/sudo/sudo_1.8.8.bbappend Signed-off-by: Joe MacDonald <joe@deserted.net>
* libxcb: Use wildcard for version number in libxcb bbappend.Philip Tricca2014-02-121-0/+0
| | | | | | | | Signed-off-by: Philip Tricca <flihp@twobit.us> create mode 100644 recipes-graphics/xcb/libxcb_%.bbappend delete mode 100644 recipes-graphics/xcb/libxcb_1.9.3.bbappend Signed-off-by: Joe MacDonald <joe@deserted.net>
* busybox: Use wildcard for version number in busybox bbappend.Philip Tricca2014-02-121-0/+0
| | | | | | | | Signed-off-by: Philip Tricca <flihp@twobit.us> create mode 100644 recipes-core/busybox/busybox_%.bbappend delete mode 100644 recipes-core/busybox/busybox_1.21.1.bbappend Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: Allow ping to get/set capabilitiesWenzong Fan2014-01-282-0/+36
| | | | | | | | When ping is installed with capabilities instead of being marked setuid, then the ping_t domain needs to be allowed to getcap/setcap. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
* refpolicy: fix real path for swapoffWenzong Fan2014-01-281-9/+10
| | | | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
* refpolicy: fix real path for cpioWenzong Fan2014-01-282-0/+26
| | | | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
* selinux: set policy-version to 28Wenzong Fan2014-01-282-0/+6
| | | | | The default policy version of new selinux toolchains is 29, to fit kernel 3.10.x, set it to 28.
* refpolicy: fix new symlink for policy.kernWenzong Fan2014-01-261-0/+4
| | | | | | | | | New 2.2 release of libsemanage removes policy.kern and replace with symlink from Dan Walsh. It is a host path while cross-compiling, so fix this path. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
* refpolicy: fix real path for udevadmWenzong Fan2014-01-261-6/+14
| | | | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
* udev/init: sync to latest poky version ae819671Wenzong Fan2014-01-261-1/+3
| | | | | | | | Sync with the latest init file from poky as of 01262014: oe-core commit: ae819671489a22bfdda11210ff620f564aa9b24b Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
* libsemanage: fix DEPENDS override issueWenzong Fan2014-01-231-1/+1
| | | | | | | Don't override DEPENDS for target build, the "audit" should be appended to it. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
* udev: remove explicit path to udevadmJackie Huang2014-01-231-5/+5
| | | | | | | | | | | Oe-core has chnaged the udevadm path, current path will causes failure: udevd[102]: starting version 182 /etc/rcS.d/S04udev: line 106: /usr/bin/udevadm: No such file or directory Fix as oe-core commit: cc0f22cd1e93cc25647add1a3339e150572e4fce Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
* libsemanage-native: remove audit-native dependencyWenzong Fan2014-01-204-0/+128
| | | | | | | | | * native tools don't need audit support; * audit 2.3.2 or laters require kernel headers >= 2.6.30, this causes audit-native can't be built on some older distributions. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
* Revert "libsemanage: add audit dependency"Wenzong Fan2014-01-202-8/+2
| | | | | | | This reverts commit 146bd8c6bc3bc0e9e96a8517263f28f7915b871d. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
* libselinux: uprev to small fix version 2.2.2Wenzong Fan2014-01-201-2/+2
| | | | | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
* selinux: remove PREFERRED_VERSION configsWenzong Fan2014-01-201-7/+0
| | | | | | | | We are using the latest version for selinux userspace packages, so remove the PREFERRED_VERSION configs. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
* psmisc: inherit enable-selinux and backport to fix build issueXin Ouyang2014-01-132-1/+270
| | | | Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
* tar: inherit with-selinux for new selinux optionXin Ouyang2014-01-131-1/+1
| | | | | | | Version 1.27.x has a new --without-selinux option, so change to inherit with-selinux since we have droped the selinux patch. Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
* audit: the ldap option should be "--without-ldap"Xin Ouyang2014-01-131-1/+1
| | | | Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
* refpolicy: fix real path for udevdWenzong Fan2014-01-102-0/+28
| | | | | | | | | | | In Yocto the real path for udevd is /lib/udev/udevd, this patch fixes the init issues like: udevd[87]: setfilecon /dev/vcsa2 failed: Operation not permitted udevd[89]: setfilecon /dev/fb0 failed: Operation not permitted Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* selinux packagegroups: update LIC_FILES_CHKSUMWenzong Fan2014-01-103-3/+3
| | | | | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* policycoreutils: fix QA issuesWenzong Fan2014-01-101-3/+7
| | | | | | | | | | | | | | | ERROR: QA Issue: policycoreutils: Files/directories were installed \ but not shipped /usr/share/icons/hicolor/24x24/apps/system-config-selinux.png /usr/share/bash-completion/completions/setsebool /usr/share/bash-completion/completions/sepolicy /usr/share/bash-completion/completions/semanage /usr/share/dbus-1/system-services/org.selinux.service /usr/share/polkit-1/actions/org.selinux.config.policy /usr/share/polkit-1/actions/org.selinux.policy Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* libsemanage: add audit dependencyWenzong Fan2014-01-102-2/+8
| | | | | | | Building libsemanage 2.2 need the header libaudit.h. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* sepolgen: migrate SRC_URI to 1.2.1Wenzong Fan2014-01-102-4/+4
| | | | | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* policycoreutils: migrate SRC_URI and patches to 2.2.5Wenzong Fan2014-01-106-67/+32
| | | | | | | | | | | | This patch is removed since it is merged by new version: - policycoreutils-fix-strict-prototypes.patch These two patches are updated: - policycoreutils-fix-sepolicy-install-path.patch - policycoreutils-make-O_CLOEXEC-optional.patch Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* libsepol: migrate SRC_URI to 2.2Wenzong Fan2014-01-104-40/+8
| | | | | | | | Removed patch and ported changes to 2.2 bbfile: - libsepol-Change-ranlib-for-cross-compiling.patch Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* libsemanage: migrate SRC_URI to 2.2Wenzong Fan2014-01-103-8/+10
| | | | | | | | Updated patch: - libsemanage-fix-path-nologin.patch Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* libselinux: migrate SRC_URI and patches to 2.2Wenzong Fan2014-01-104-66/+10
| | | | | | | | | These two patches are removed since they are merged by new version: - libselinux-fix-init-load-policy.patch - libselinux-pcre-link-order.patch Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* checkpolicy: migrate SRC_URI to 2.2Wenzong Fan2014-01-102-4/+4
| | | | | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* selinux userspace: uprev packages to release 20131030Wenzong Fan2014-01-109-15/+13
| | | | | | | | | | | | | | | Upreved packages: - checkpolicy to 2.2 - libselinux to 2.2 - libsemanage to 2.2 - libsepol to 2.2 - policycoreutils to 2.2.5 - sepolgen to 1.2.1 Migrate patches in next commits. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* Resync to oe-core master Jan 10, 2014Mark Hatle2014-01-108-1638/+0
| | | | | | | | | Rename most recipes Update a few recipes as needed: * tar: Newer version has xattr and selinux support Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* policycoreutils: Patch Makefile to get load_policy symlink right.Philip Tricca2014-01-102-0/+20
| | | | | | | | | Setting DESTDIR in the policycoreutils do_install creates a bad symlink for load_policy. This patch fixes up the Makefile to create the symlink relative to DESTDIR. Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* policy: Create compressed_policy distro featureJoe MacDonald2013-12-052-11/+23
| | | | | | | | | | | There is a small cost to having compressed policy files on the final image both in terms of memory requirements and load times. In nearly all circumstances this is negligible, but this adds a DISTRO_FEATURE that can be used to enable it, if desired. The default selinux distros will enable the feature by default. Signed-off-by: Joe MacDonald <joe@deserted.net>
* bzip SELinux policy modules in ${datadir}Philip Tricca2013-12-051-4/+5
| | | | | | | | | | | | | The 'semodule' utility can operate on compresed modules so the only cost of this change is a slower module load time when invoking 'semodule -i' on a running system (increased CPU load due to bzip2). That said my tests show more than 100M reduction in ext3 image size of core-image-selinux. This last metric is a bit skewed as the image includes two policies. Still, a reduction in the size of the refpolicy package by 1/2 is significant. Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe@deserted.net>
* at: bump from 3.1.13 to 3.1.14Philip Tricca2013-12-042-2/+2
| | | | | | | This renames the bbappend as well as a minor tweak to the selinux patch. Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe@deserted.net>
* sudo: rename bbappend from 1.8.7 to 1.8.8Philip Tricca2013-12-041-0/+0
| | | | | Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe@deserted.net>
* openssh: rename bbappend from 6.2p2 to 6.4p1Philip Tricca2013-12-041-0/+0
| | | | | Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe@deserted.net>
* gnupg: rename bbappend from 2.0.21 to 2.0.22Philip Tricca2013-12-041-0/+0
| | | | | Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe@deserted.net>
* mesa: rename bbappend from 9.1.6 to 9.2.2Philip Tricca2013-12-041-0/+0
| | | | | Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe@deserted.net>
* glib-2.0: rename bbappend from 2.38.0 to 2.38.1Philip Tricca2013-12-041-0/+0
| | | | | Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe@deserted.net>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-23 19:01:13 +0000