linux/meta-selinux.git - Mirror of git.yoctoproject.org/meta-selinux.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	meta-selinux: convert to new override syntax	Yi Zhao	2021-08-04	1	-2/+2
\| \| \| \| \| \| \| \| \| \|	This is the result of automated script conversion: poky/scripts/contrib/convert-overrides.py meta-selinux Converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
*	initscripts: restore security contexts after running populate-volatile.sh	Yi Zhao	2021-03-03	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Some directories are created by populate-volatile.sh. We need to restore their security contexts. Before the patch: $ ls -dZ /tmp /var/tmp /var/lock /var/run system_u:object_r:root_t /tmp system_u:object_r:var_t /var/lock system_u:object_r:var_t /var/run system_u:object_r:var_t /var/tmp After the patch: $ ls -dZ /tmp /var/tmp /var/lock /var/run system_u:object_r:tmp_t /tmp system_u:object_r:var_lock_t /var/lock system_u:object_r:var_run_t /var/run system_u:object_r:tmp_t /var/tmp Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
*	Refactor to conform to YP Compat requirements	Mark Hatle	2017-09-14	3	-13/+12
\| \| \| \| \| \| \| \| \| \|	Change the references to check for the distribution flag of 'selinux' being set before taking any action within the bbappends. This prevents the signature from being modified. Also remove PR changes, as they are no longer allowed. Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
*	initscripts: use the 'i' option for restorecon command	Zhixiong Chi	2017-09-08	1	-2/+2
\| \| \| \| \| \| \|	Use the 'i' option for restorecon command to ignore the files that don't exist when building project. Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
*	initscripts: fix contexts for /etc/resolv.conf, adjtime	Wenzong Fan	2015-08-07	1	-1/+2
\| \| \| \| \| \| \| \| \| \| \| \|	Restore contexts for /etc/{resolv.conf, adjtime}, they are created dynamically and the incorrect contexts maybe prevent some programs from valid accessing. /etc/resolv.conf: etc_t:SystemHigh -> etc_t:SystemLow /etc/adjtime: etc_t:SystemHigh -> adjtime_t:SystemLow Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
*	initscripts/devpts.sh: fix context for /dev/pts	Wenzong Fan	2014-06-23	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \|	devpts use file_use_trans to allocate security contexts. As there are no range_trans rules for initrc_t mounting devpts, the security level of mountpoint will be derived from the initrc process, to be systemhigh (s15:c0.c1023), instead of expected systemlow(s0). This will block login shells to search PTYs, so use restorecon to fix this. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
*	initscripts: add a local copy of devpts.sh	Wenzong Fan	2014-06-23	2	-0/+30
\| \| \| \| \| \| \| \|	Start point to make SELinux specific changes in devpts.sh, copied from oe-core layer. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
*	initscripts/checkroot.sh: restore file contexts for /run	Jackie Huang	2014-05-09	1	-0/+2
\| \| \| \| \| \| \| \| \|	The file contexts for /run is incorrect while running checkroot.sh in boot time which causes mount fail to create new dir and file in /run, so restore the security contexts in it. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
*	initscripts: always force to restore file contexts for /var/lib	Wenzong Fan	2014-04-24	1	-1/+1
\| \| \| \| \|	Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
*	always force to restore file contexts in initscripts	Xin Ouyang	2013-10-02	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \|	In policycoreutils-2.13+, restorecon changes its default behaviour, and does not restore context if the file' type is correct, even its mcs/mls level is incorrect. We should force it always to restore file contexts in initscripts to avoid issues. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
*	initscript: append restorecon lines instead of a final script	Xin Ouyang	2013-03-05	2	-204/+7
\| \| \| \| \| \| \| \| \| \| \| \|	Current meta-selinux provides a populate-volatile.sh for adding restorecon lines to the oe-core script. If other meta layers would add a new populate-volatile.sh, it will override the oe-core and meta-selinux ones and cause selinux issues. So append restorecon lines to the original script instead of a final script. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
*	initscripts: restorecon after populate-volatile	Xin Ouyang	2012-10-18	2	-0/+205
	populate-volatile.sh creates new directories in /var/volatile/ while booting, so we should restore the security contexts in it. Also touch /var/log/lastlog to set correct security contexts. populate-volatile.sh is imported for oe-core, and add these two lines at the end. touch /var/log/lastlog test ! -x /sbin/restorecon \|\| /sbin/restorecon -R /var/volatile/ Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>