summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* restorecond: upgrade 3.5 -> 3.6Yi Zhao2023-12-181-0/+0
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* mcstrans: upgrade 3.5 -> 3.6Yi Zhao2023-12-181-0/+0
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* policycoreutils: upgrade 3.5 -> 3.6Yi Zhao2023-12-181-0/+0
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* secilc: upgrade 3.5 -> 3.6Yi Zhao2023-12-181-0/+0
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* checkpolicy: upgrade 3.5 -> 3.6Yi Zhao2023-12-181-0/+0
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libsemanage: upgrade 3.5 -> 3.6Yi Zhao2023-12-184-14/+14
| | | | | | | * Refresh patches Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux: upgrade 3.5 -> 3.6Yi Zhao2023-12-185-60/+32
| | | | | | | | | | | | | * Refresh patches. * Merge libselinux and libselinux-python. The previous libselinux recipe was split into libselinux and libselinux-python due to loop dependency[1]. Now this error is gone, we can merge these two recipes into one again. [1] https://git.yoctoproject.org/meta-selinux/commit/?id=7bb1507928f2e0f54ff8eac4135e15e821cdb1e2 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* PATCH 02/15] libsepol: upgrade 3.5 -> 3.6Yi Zhao2023-12-181-0/+0
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux: upgrade 3.5 -> 3.6Yi Zhao2023-12-181-2/+2
| | | | | | | | | | ChangeLog: https://github.com/SELinuxProject/selinux/releases/tag/3.6 * Switch branch to main Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: fix login errors after enabling systemd DynamicUserYi Zhao2023-12-142-0/+105
| | | | | | | | | | After oe-ocre commit ba3a78c0[1], domains using PAM need to read /etc/shadow. [1] https://git.openembedded.org/openembedded-core/commit/?id=ba3a78c08cb0ce08afde049610d3172b9e3b0695 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: update to latest git revYi Zhao2023-12-141-1/+1
| | | | | | | | | | | | | | | | | | | | | * 82b4448e1 Additional file context fix for: * 65eed16b5 policy/modules/services/smartmon.te: make fstools optional * 2e27be3c5 Let the certmonger module manage SSL Private Keys and CSR used for example by the HTTP and/or Mail Transport daemons. * 912d3a687 Let the webadm role manage Private Keys and CSR for SSL Certificates used by the HTTP daemon. * 5c9038ec9 Create new TLS Private Keys file contexts for the Apache HTTP server according to the default locations: * b38583a79 The LDAP server only needs to read generic certificate files, not manage them. * 100a853c0 rpm: fixes for dnf * 8839a7137 Modify the gpg module so that gpg and the gpg_agent can manage gpg_runtime_t socket files. * 780adb80a Simple patch for Brother printer drivers as described in: https://etbe.coker.com.au/2023/10/22/brother-mfc-j4440dw-printer/ Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* README: updatenanbieldYi Zhao2023-10-121-0/+8
| | | | | | | Add how to enable labeling on first boot. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-autorelabel: enable labeling during buildYi Zhao2023-10-121-3/+3
| | | | | | | | | | | | | Previously, system using systemd would label selinux contexts on first boot. While system using sysvinit would label during build. Add a variable FIRST_BOOT_RELABEL as a switch to control labeling to make the behavior of sysvinit and systemd consistent. Set FIRST_BOOT_RELABEL to 1 in local.conf to enable labeling on first boot. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-image.bbclass: refactor bbclassYi Zhao2023-10-121-9/+23
| | | | | | | | | | | | | The selinux_set_labels function should run as late as possible. To guarantee that, we append it to IMAGE_PREPROCESS_COMMAND in RecipePreFinalise event handler, this ensures it is the last function in IMAGE_PREPROCESS_COMMAND. After refactoring, system using systemd can also label selinux contexts during build. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* layer.conf: update LAYERSERIES_COMPAT for nanbieldYi Zhao2023-10-121-1/+1
| | | | | | | | oe-core has switched to nanbield in: https://git.openembedded.org/openembedded-core/commit/?id=f212cb12a0db9c9de5afd3cc89b1331d386e55f6 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: upgrade 20221101+git -> 20231002+gitYi Zhao2023-10-1261-317/+304
| | | | | | | | | | * Switch branch to main. * Update to latest git rev. * Drop obsolete and useless patches. * Refresh patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux-python: fix build with muslYi Zhao2023-09-051-0/+1
| | | | | | | | | | libselinux-python also requires the patch which provided by [1] to fix build with musl. [1] https://git.yoctoproject.org/meta-selinux/commit/?id=23d8e2d86317170c0a3c155640c71b83329ff726 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* linux-yocto: drop CONFIG_SECURITY_SELINUX_DISABLEYi Zhao2023-09-051-1/+0
| | | | | | | | | | CONFIG_SECURITY_SELINUX_DISABLE has been removed since kernel 6.4[1][2]. [1] https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-runtime-disable [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f22f9aaf6c3d92ebd5ad9e67acc03afebaaeb289 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-python: add python3-distro and binutils to RDEPENDSYi Zhao2023-09-051-0/+2
| | | | | | | | | | | | | | | | | | | | | | Add python3-distro and binutils to RDEPENDS for sepolicy to fix runtime error: $ sepolicy -h Traceback (most recent call last): File "/usr/bin/sepolicy", line 690, in <module> gen_manpage_args(subparsers) File "/usr/bin/sepolicy", line 375, in gen_manpage_args man.add_argument("-o", "--os", dest="os", default=get_os_version(), File "/usr/lib/python3.11/site-packages/sepolicy/__init__.py", line 1245, in get_os_version import distro ModuleNotFoundError: No module named 'distro' $ sepolicy generate --init /usr/sbin/sshd /bin/sh: line 1: nm: command not found Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* setools: upgrade 4.4.2 -> 4.4.3Yi Zhao2023-08-081-1/+1
| | | | | | | | ChangeLog: https://github.com/SELinuxProject/setools/releases/tag/4.4.3 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux: fix compilation with muslRenato Caldas2023-07-312-0/+44
| | | | | Signed-off-by: Renato Caldas <renato@calgera.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux: Set CVE_PRODUCTmickledoreschitrod=cisco.com@lists.yoctoproject.org2023-05-311-0/+2
| | | | | | | | | | | | | | | | | | | | | | The CVE product name for selinux-* package is (usually) the selinux (and not our recipe name), so use selinux as the default. See also: http://lists.openembedded.org/pipermail/openembedded-core/2017-July/139897.html "Results from cve-check are not very good at the moment. One of the reasons for this is that component names used in CVE database differ from yocto recipe names. This series fixes several of those name mapping problems by setting the CVE_PRODUCT correctly in the recipes. To check this mapping with after a build, I'm exporting LICENSE and CVE_PRODUCT variables to buildhistory for recipes and packages." Value added is based on: https://nvd.nist.gov/vuln/search/results?results_type=overview&search_type=all&cpe_product=cpe%3A%2F%3Akernel%3Aselinux Signed-off-by: Sanjay Chitroda <schitrod@cisco.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* linux-yocto: drop CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUEYi Zhao2023-04-301-1/+0
| | | | | | | | | | CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE is deprecated and will be rejected in a future kernel release[1]. [1] https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-checkreqprot Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* setools: upgrade 4.1 -> 4.2Yi Zhao2023-04-301-1/+1
| | | | | | | | ChangeLog: https://github.com/SELinuxProject/setools/releases/tag/4.4.2 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* semodule-utils: upgrade 3.4 -> 3.5Yi Zhao2023-03-271-1/+1
| | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-sandbox: upgrade 3.4 -> 3.5Yi Zhao2023-03-272-51/+1
| | | | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. * Drop backport patch. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-gui: upgrade 3.4 -> 3.5Yi Zhao2023-03-272-202/+1
| | | | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. * Drop backport patch. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-dbus: upgrade 3.4 -> 3.5Yi Zhao2023-03-271-1/+1
| | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-python: upgrade 3.4 -> 3.5Yi Zhao2023-03-273-186/+19
| | | | | | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. * Refresh patch. * Drop backport patch. * Add dependency python3-setuptools-scm-native to fix build error. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* restorecond: upgrade 3.4 -> 3.5Yi Zhao2023-03-271-1/+1
| | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* mcstrans: upgrade 3.4 -> 3.5Yi Zhao2023-03-271-1/+1
| | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* policycoreutils: upgrade 3.4 -> 3.5Yi Zhao2023-03-272-6/+6
| | | | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. * Refresh patch. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* secilc: upgrade 3.4 -> 3.5Yi Zhao2023-03-271-1/+1
| | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* checkpolicy: upgrade 3.4 -> 3.5Yi Zhao2023-03-271-1/+1
| | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libsemanage: upgrade 3.4 -> 3.5Yi Zhao2023-03-271-6/+7
| | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux-python: upgrade 3.4 -> 3.5Yi Zhao2023-03-273-15/+19
| | | | | | | | * Add dependency python3-setuptools-scm-native to fix build error. * Refresh patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux: upgrade 3.4 -> 3.5Yi Zhao2023-03-271-0/+0
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libsepol: upgrade 3.4 -> 3.5Yi Zhao2023-03-272-83/+1
| | | | | | | | | License-Update: Rename COPYING to LICENSE. No content changes. * Drop backport patch. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux: upgrade 3.4 -> 3.5Yi Zhao2023-03-271-1/+1
| | | | | | | | ChangeLog: https://github.com/SELinuxProject/selinux/releases/tag/3.5 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: update to latest git revYi Zhao2023-03-273-38/+1
| | | | | | | | Drop 0003-refpolicy-minimum-make-dbus-module-optional.patch as the issue has been fixed upstream. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* gitignore: add itYi Zhao2023-03-271-0/+7
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* linux-yocto: drop version from bbappendYi Zhao2023-03-061-0/+0
| | | | | | | Make the bbappend available for 5.x and 6.x kernels. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* setools: upgrade 4.4.0 -> 4.4.1Yi Zhao2023-03-061-2/+2
| | | | | | | | | | | | Changelog: https://github.com/SELinuxProject/setools/releases/tag/4.4.1 License-Update: Refine COPYING text. No license changes.[1] [1] https://github.com/SELinuxProject/setools/commit/fff1906ff436835108b62bf46616e19705183dfb Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* layer.conf: update LAYERSERIES_COMPAT for mickledoreYi Zhao2023-01-171-1/+1
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* psmisc: move PACKAGECONFIG to oe-coreMingli Yu2022-12-141-1/+0
| | | | | | | | | Move PACKAGECONFIG setting to oe-core [1] to conform to yocto compliance. [1] https://git.openembedded.org/openembedded-core/commit/?id=d2aa518163a4836eeb5bf8517456790cba382c2e Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* cronie: move PACKAGECONFIG to oe-coreMingli Yu2022-12-141-1/+0
| | | | | | | | | Move PACKAGECONFIG setting to oe-core [1] to conform to yocto compliance. [1] https://git.openembedded.org/openembedded-core/commit/?id=fd036af063ef47d8296be909eb5db9bddc05eb6e Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* util-linux: move PACKAGECONFIG to oe-coreMingli Yu2022-12-141-1/+0
| | | | | | | | | Move PACKAGECONFIG setting to oe-core [1] to conform to yocto compliance. [1] https://git.openembedded.org/openembedded-core/commit/?id=c57cc22fad708ac856ac4ebe0a42042031fbf90b Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* iproute2: move PACKAGECONFIG to oe-coreMingli Yu2022-12-141-1/+0
| | | | | | | | | Move PACKAGECONFIG setting to oe-core [1] to conform to yocto compliance. [1] https://git.openembedded.org/openembedded-core/commit/?id=067ce90494bc370fc7a271c6a036c414358f0f38 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* sudo: move PACKAGECONFIG to oe-coreMingli Yu2022-12-141-3/+0
| | | | | | | | | Move PACKAGECONFIG setting to oe-core [1] to conform to yocto compliance. [1] https://git.openembedded.org/openembedded-core/commit/?id=5c8e22895709a0ce7ce855468473d9d6d10a1e65 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: upgrade 20210908+git -> 20221101+gitlangdaleYi Zhao2022-11-2381-1636/+556
| | | | | | | | | * Update to latest git rev. * Drop obsolete and useless patches. * Rebase patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-06-30 10:00:09 +0000