summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* packages: inherit with-selinuxXin Ouyang2013-01-0512-54/+24
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* packages: inherit enable-selinuxXin Ouyang2013-01-055-23/+11
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* layer: add selinux/audit bbclassesXin Ouyang2013-01-055-0/+30
| | | | | | | Add bbclasses only for target packages to enable selinux support, not native/nativesdk/cross/crosssdk pacakges. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* selinux packages: create include files.Xin Ouyang2013-01-0519-485/+285
| | | | | | | | | | | | Create include files for selinux userspace packages: * checkpolicy.inc * libselinux.inc * libsemanage.inc * libsepol.inc * policycoreutils.inc * sepolgen.inc Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* libsemanage: fix path length limits.Xin Ouyang2012-12-253-8/+38
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* sed: fix parallel compile error with libselinuxXin Ouyang2012-12-192-0/+75
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* util-linux: fix build failures for version 2.22.1.Xin Ouyang2012-12-123-16/+31
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* policycoreutils: install init script under /etc/init.d/Roy.Li2012-12-122-2/+4
| | | | | Signed-off-by: Roy.Li <rongqing.li@windriver.com> Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* libcgroup: remove the SRC_URI to fit oe-coreXin Ouyang2012-12-111-3/+1
| | | | | | | oe-core has fixed this by commit 9a97367038a1e2431bf94211dabbc5aedbbee3bb Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* glib-2.0,util-linux: uprev to oe-core version.Xin Ouyang2012-12-052-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* libcgroup: fix hard coded /lib to ${base_libdir}Xin Ouyang2012-12-051-4/+4
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* checkpolicy+libsemanage: flex+bison native dependsXin Ouyang2012-11-294-8/+8
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* glib-2.0/psmisc: uprev to oe-core versionXin Ouyang2012-11-272-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* refpolicy: standard/mls policy should set UBAC=nXin Ouyang2012-11-263-2/+5
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* refpolicy: fix policy to allow nfsd works.Xin Ouyang2012-11-264-2/+72
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* selinux-config: update the init scriptXin Ouyang2012-11-192-11/+41
| | | | | | | Fix the hard-coded security type for /dev/null and /dev/console. Check rootfs if support xattrs before do relabel. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* refpolicy*: make to use pythonnativeXin Ouyang2012-11-083-3/+3
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* udev: uprev to oe-core version 182.Xin Ouyang2012-11-071-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* libcgroup: add bbappend and remove bb filesXin Ouyang2012-11-073-189/+14
| | | | | | | | | libcgroup is placed in oe-core now. http://git.openembedded.org/openembedded-core/commit/?id=6ef8e6f2f9b0583fa0881e0dfc52462405b21ede So remove bb files from meta-selinux and add bbappend. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* policycoreutils: backport to remove empty po filesXin Ouyang2012-11-013-2/+3813
| | | | | | | et, gl, and id .po files contained no translations. This can cause build errors. Delete those puppies. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* kernel: default enable selinux for this layer.Xin Ouyang2012-10-181-1/+1
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* setools: add libxml2 DEPENDS.Xin Ouyang2012-10-181-1/+1
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* openssl: disable execstack in CFLAGXin Ouyang2012-10-181-0/+3
| | | | | | | | | "-Wa,--noexecstack" will mark objects as requiring executable stack, this is a dangerous CFLAG and would cause security issues. So disable it as most distros did. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* selinux-config: add init scriptXin Ouyang2012-10-182-2/+53
| | | | | | | | | | | This script will be installed as 0selinux-init, in runlevel S and sequence number 0. It will start before any other init script. * relabel /dev for restorecon/fixfiles running * rebuild policy and relabel the rootfs if /.autorelabel placed. * relabel the rootfs if it is first booting. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* document: add FAQ file for selinuxXin Ouyang2012-10-181-0/+146
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* core-image-selinux: update task-* to packagegroup-*Xin Ouyang2012-10-181-2/+2
| | | | | | | oe-core has changed task-* recipes to packagegroup-*, so we should follow this. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* tinylogin: create script wrappers for selinuxXin Ouyang2012-10-181-0/+14
| | | | | | | | | Symlink can not execute will security contexts, so create script wrappers for tinylogin commands instead of symlinks. Also add tinylogin's login command as a alternative. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* lsof: version 4.86 for oe-core uprev.Xin Ouyang2012-10-181-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* udev: initscript restore security context for /devXin Ouyang2012-10-182-1/+89
| | | | | | | | | | | | | | Poky/oe-core has set CONFIG_DEVTMPFS_MOUNT=y for kernel to mount /dev with devtmpfs itself. With MLS policy, kernel is running in s15:c0.c1023 level, so /dev will be relabeled to this high level too. This will cause processes running with low levels can not visit /dev directory. So, we just run restorecon /dev to fix this. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* sysklogd: initscripts restorecon for log devicesXin Ouyang2012-10-182-0/+144
| | | | | | | | | | | | | | sysklogd would create /dev/log and create log files in /var/log with the default security contexts while starting. So we should restore the correct security contexts. The initscript file is from oe-core, and add these lines after the start action. test ! -x /sbin/restorecon || \ /sbin/restorecon -R /dev/log /var/log/ Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* initscripts: restorecon after populate-volatileXin Ouyang2012-10-182-0/+205
| | | | | | | | | | | | | | populate-volatile.sh creates new directories in /var/volatile/ while booting, so we should restore the security contexts in it. Also touch /var/log/lastlog to set correct security contexts. populate-volatile.sh is imported for oe-core, and add these two lines at the end. touch /var/log/lastlog test ! -x /sbin/restorecon || /sbin/restorecon -R /var/volatile/ Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* libpam: add pam-plugin-selinux to RDEPENDSXin Ouyang2012-10-181-1/+3
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* shadow: pam config for login to use pam_selinux moduleXin Ouyang2012-10-182-1/+101
| | | | | | | login should use pam_selinux module to label security contexts of processes while login into system. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* policycoreutils: add pam config for newrole/run_initXin Ouyang2012-10-184-9/+52
| | | | | | Also fix missing RDEPENDS for setools-* Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* openssh: enable pam and selinux.Xin Ouyang2012-10-183-1/+146
| | | | | | | sshd_config file from oe-core to set "UsePAM yes". sshd file (pam config for sshd) from oe-core to add pam_selinux module. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* refpolicy: xconsole_device_t as a dev_nodeXin Ouyang2012-10-182-0/+28
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* refpolicy: add poky specific rules for packages.Xin Ouyang2012-10-1811-0/+735
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* refpolicy: Fix specific file contexts for pokyXin Ouyang2012-10-188-2/+245
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* refpolicy: uprev to version 2.20120725.Xin Ouyang2012-10-187-1554/+14
| | | | | | | | | | | Patches are migrated or droped for new version. * poky-fc-etc_init.d.patch: droped because file_contexts.subs_dist is defined to instead. * fix-mount-to-write-mountpoints-dirs.patch: droped because the rules is not needed now. * poky-fc-update-alternatives_sysvinit.patch: migrated. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* libcap-ng: pythonnative, add swig-native dependXin Ouyang2012-10-152-8/+6
| | | | | | | libcap-ng need native python while do_configure, and native swig while do_compile, so add them. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* policycoreutils: disable QA checkes for fixfiles.Xin Ouyang2012-10-112-2/+6
| | | | | | | | | | | | | | | | fixfiles in /sbin would run some /usr/bin binaries to cause these QA warnings. WARNING: Shell scripts in base_bindir and base_sbindir should not reference anything in exec_prefix Since fixfiles is installed into /sbin in most Linux distros, changing this path may cause runtime errors for some hard coded binaries. So, disable unsafe-references-in-scripts QA checkes. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* audit: fix package issues.Xin Ouyang2012-10-111-9/+20
| | | | | | | | | | | | Rename two packages and change files in them. * audit-libs -> audit : main package, for libraries * audit -> auditd : for daemon binaries Libraries are changed to install into ${base_libdir}. The two fixes are used to fix QA issues and fit the Debian policy. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* libselinux: fix Public Domain license warning.Xin Ouyang2012-10-092-4/+4
| | | | | | | The "Public Domain" license now has a common license file placed as PD in Poky/oe-core, so fix this. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* selinux recipes: inherit pythonnativeXin Ouyang2012-09-265-10/+14
| | | | | | | With new changes in oe-core, recipes which need python-native should "inherit pythonnative". Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* policycoreutils: fix build with pam DISTRO_FEATUREXin Ouyang2012-09-242-4/+4
| | | | | | | If no pam DISTRO_FEATURE, policycoreutils should not build with libpam headers and libraries. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* setools: inherit pythonnativeXin Ouyang2012-09-201-3/+3
| | | | | | | With new changes in oe-core, recipes which need python-native should "inherit pythonnative". Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* audit-2.2.1: copy bits/socket_type.h only if it existsXin Ouyang2012-09-071-2/+6
| | | | | | | | | eglibc-2.16 splits enum __socket_type from bits/socket.h to bits/socket_type.h, so old eglibc does not have bits/socket_type.h We should copy it only if it exists. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* rpm: fix depend for selinux enabledXin Ouyang2012-08-211-2/+2
| | | | | | | The depends should be: libsepol -> libselinux -> libsemanage -> rpm Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* pam-1.1.6: fix wrong path for sepermit moduleXin Ouyang2012-08-212-1/+37
| | | | | | | | | Fix this error: =================== | mkdir -p /var/run/sepermit | mkdir: cannot create directory `/var/run/sepermit': Permission denied Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* selinux-task: add necessary packages for selinuxXin Ouyang2012-08-211-0/+4
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>