summaryrefslogtreecommitdiffstats
path: root/recipes-core
Commit message (Collapse)AuthorAgeFilesLines
* initscripts/devpts.sh: fix context for /dev/ptsWenzong Fan2014-06-231-0/+1
| | | | | | | | | | | | | devpts use file_use_trans to allocate security contexts. As there are no range_trans rules for initrc_t mounting devpts, the security level of mountpoint will be derived from the initrc process, to be systemhigh (s15:c0.c1023), instead of expected systemlow(s0). This will block login shells to search PTYs, so use restorecon to fix this. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
* initscripts: add a local copy of devpts.shWenzong Fan2014-06-232-0/+30
| | | | | | | | Start point to make SELinux specific changes in devpts.sh, copied from oe-core layer. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
* util-linux: Use wildcard for version number in bbappend.Xin Ouyang2014-05-162-8/+3
| | | | Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
* glib-2.0: Use wildcard for version number in bbappend.Xin Ouyang2014-05-161-0/+0
| | | | Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
* dbus: Use wildcard for version number in bbappend.Xin Ouyang2014-05-161-0/+0
| | | | Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
* initscripts/checkroot.sh: restore file contexts for /runJackie Huang2014-05-091-0/+2
| | | | | | | | | The file contexts for /run is incorrect while running checkroot.sh in boot time which causes mount fail to create new dir and file in /run, so restore the security contexts in it. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* udev init: restorecon for /dev/shm, /dev/ptsWenzong Fan2014-04-241-1/+1
| | | | | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* initscripts: always force to restore file contexts for /var/libWenzong Fan2014-04-241-1/+1
| | | | | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libcgroup: Use wildcard for version number in libcgroup bbappend.Philip Tricca2014-02-121-0/+0
| | | | | | | | Signed-off-by: Philip Tricca <flihp@twobit.us> create mode 100644 recipes-core/libcgroup/libcgroup_%.bbappend delete mode 100644 recipes-core/libcgroup/libcgroup_0.38.bbappend Signed-off-by: Joe MacDonald <joe@deserted.net>
* busybox: Use wildcard for version number in busybox bbappend.Philip Tricca2014-02-121-0/+0
| | | | | | | | Signed-off-by: Philip Tricca <flihp@twobit.us> create mode 100644 recipes-core/busybox/busybox_%.bbappend delete mode 100644 recipes-core/busybox/busybox_1.21.1.bbappend Signed-off-by: Joe MacDonald <joe@deserted.net>
* udev/init: sync to latest poky version ae819671Wenzong Fan2014-01-261-1/+3
| | | | | | | | Sync with the latest init file from poky as of 01262014: oe-core commit: ae819671489a22bfdda11210ff620f564aa9b24b Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
* udev: remove explicit path to udevadmJackie Huang2014-01-231-5/+5
| | | | | | | | | | | Oe-core has chnaged the udevadm path, current path will causes failure: udevd[102]: starting version 182 /etc/rcS.d/S04udev: line 106: /usr/bin/udevadm: No such file or directory Fix as oe-core commit: cc0f22cd1e93cc25647add1a3339e150572e4fce Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
* Resync to oe-core master Jan 10, 2014Mark Hatle2014-01-103-0/+0
| | | | | | | | | Rename most recipes Update a few recipes as needed: * tar: Newer version has xattr and selinux support Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* glib-2.0: rename bbappend from 2.38.0 to 2.38.1Philip Tricca2013-12-041-0/+0
| | | | | Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe@deserted.net>
* glib-2.0: upgrade from version 2.36.4 to 2.38.0Philip Tricca2013-10-211-0/+0
| | | | Signed-off-by: Joe MacDonald <joe@deserted.net>
* busybox: alternatives link to sh wrappers for commandsXin Ouyang2013-10-021-0/+87
| | | | | | | | | | | | | | | | | | | | | | While directly using busybox[.[no]suid] as the alternatives' targets, commands could not get correct security labels. ~# ls -l /sbin/getty ..... /sbin/getty -> /bin/busybox.nosuid ~# ls -Z /bin/busybox.nosuid system_u:object_r:bin_t:s0 /bin/busybox.nosuid Add sh wrappers for commands so selinux could work fine. ~# ls -l /sbin/getty ..... /sbin/getty -> /usr/lib/busybox/sbin/getty ~# ls -Z /usr/lib/busybox/sbin/getty system_u:object_r:getty_exec_t:s0 /usr/lib/busybox/sbin/getty ~# cat /usr/lib/busybox/sbin/getty #!/bin/busybox.nosuid Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* udev/init: work around dev-cache restore problemsJoe MacDonald2013-10-022-29/+66
| | | | | | | | | | | | | | | | Restoring from the dev-cache with selinux enforcing causes various failures as devices are lacking, at a minimum, reasonable types and attributes. If, on the other hand, we at least create the cache with selinux and xattrs preserved and restored, we get significantly fewer errors and warnings on boot and we can successfully restore the context further down in init anyway. It still leaves some devices mislabeled, though, and still produces warnings on boot. Previous versions of the initscript removed all use of the dev-cache, if need be, we fall back to that. It is possible to get the middle-ground behaviour by defining use_udev_cache at the top of the udev initscript. Signed-off-by: Joe MacDonald <joe@deserted.net>
* udev/init: sync to latest poky versionMark Hatle2013-10-021-55/+103
| | | | | | | | | | | | [ CQID: WIND00424385 ] Sync with the latest init file from poky as of 09172013. Changes include: - adding /sbin/restorecon on start - specifying full path for /sbin/udevadm Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* always force to restore file contexts in initscriptsXin Ouyang2013-10-023-4/+4
| | | | | | | | | | | In policycoreutils-2.13+, restorecon changes its default behaviour, and does not restore context if the file' type is correct, even its mcs/mls level is incorrect. We should force it always to restore file contexts in initscripts to avoid issues. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* util-linux: uprev to oe-core version 2.23.2Xin Ouyang2013-08-221-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* glib-2.0: uprev to oe-core version 2.36.4Xin Ouyang2013-08-221-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* dbus/glib-2.0/augeas/mesa: Rebase bbappends to oe-core 20130801Mark Hatle2013-08-022-4/+0
| | | | | | Rebase the bbappends to match the current oe-core versions. Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* tinylogin: No longer in oe-core, remove bbappendMark Hatle2013-08-011-15/+0
| | | | Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* util-linux: uprev to 2.23.1 to fit oe-coreXin Ouyang2013-06-171-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* glib-2.0: uprev to 2.36.2 to fit oe-coreXin Ouyang2013-06-171-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* glib-2.0: uprev to 2.36.1 to fit oe-coreXin Ouyang2013-05-131-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* coreutils: uprev to 8.21 to fit oe-coreXin Ouyang2013-04-011-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* initscript: append restorecon lines instead of a final scriptXin Ouyang2013-03-052-204/+7
| | | | | | | | | | | | Current meta-selinux provides a populate-volatile.sh for adding restorecon lines to the oe-core script. If other meta layers would add a new populate-volatile.sh, it will override the oe-core and meta-selinux ones and cause selinux issues. So append restorecon lines to the original script instead of a final script. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* packages: uprev bbappends to fit oe-coreXin Ouyang2013-02-223-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* coreutils: inherit with-selinuxXin Ouyang2013-01-311-0/+3
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* glib-2.0: config option should be --enable-selinuxXin Ouyang2013-01-181-2/+2
| | | | | | | --with-selinux is consided as unrecognized option while do_configure, so change it to --enable-selinux, Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* tinylogin: add passwd alternativeXin Ouyang2013-01-071-2/+3
| | | | | | | | | | | | In meta-selinux layer, tinylogin links are installed as script wrappers instead of symlinks to get their security labels. So, they should use alternatives if there are same commands provided by other packages. passwd -> passwd.tinylogin -> passwd.shadow Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* packages: inherit selinuxXin Ouyang2013-01-051-3/+5
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* packages: inherit with-selinuxXin Ouyang2013-01-053-13/+6
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* packages: inherit enable-selinuxXin Ouyang2013-01-051-4/+2
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* util-linux: fix build failures for version 2.22.1.Xin Ouyang2012-12-123-16/+31
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* libcgroup: remove the SRC_URI to fit oe-coreXin Ouyang2012-12-111-3/+1
| | | | | | | oe-core has fixed this by commit 9a97367038a1e2431bf94211dabbc5aedbbee3bb Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* glib-2.0,util-linux: uprev to oe-core version.Xin Ouyang2012-12-052-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* libcgroup: fix hard coded /lib to ${base_libdir}Xin Ouyang2012-12-051-4/+4
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* glib-2.0/psmisc: uprev to oe-core versionXin Ouyang2012-11-271-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* udev: uprev to oe-core version 182.Xin Ouyang2012-11-071-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* libcgroup: add bbappend and remove bb filesXin Ouyang2012-11-073-189/+14
| | | | | | | | | libcgroup is placed in oe-core now. http://git.openembedded.org/openembedded-core/commit/?id=6ef8e6f2f9b0583fa0881e0dfc52462405b21ede So remove bb files from meta-selinux and add bbappend. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* tinylogin: create script wrappers for selinuxXin Ouyang2012-10-181-0/+14
| | | | | | | | | Symlink can not execute will security contexts, so create script wrappers for tinylogin commands instead of symlinks. Also add tinylogin's login command as a alternative. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* udev: initscript restore security context for /devXin Ouyang2012-10-182-1/+89
| | | | | | | | | | | | | | Poky/oe-core has set CONFIG_DEVTMPFS_MOUNT=y for kernel to mount /dev with devtmpfs itself. With MLS policy, kernel is running in s15:c0.c1023 level, so /dev will be relabeled to this high level too. This will cause processes running with low levels can not visit /dev directory. So, we just run restorecon /dev to fix this. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* initscripts: restorecon after populate-volatileXin Ouyang2012-10-182-0/+205
| | | | | | | | | | | | | | populate-volatile.sh creates new directories in /var/volatile/ while booting, so we should restore the security contexts in it. Also touch /var/log/lastlog to set correct security contexts. populate-volatile.sh is imported for oe-core, and add these two lines at the end. touch /var/log/lastlog test ! -x /sbin/restorecon || /sbin/restorecon -R /var/volatile/ Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* glib-2.0: new version 2.32.4Xin Ouyang2012-07-191-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* util-linux: uprev to 2.21.2Xin Ouyang2012-06-281-0/+0
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* util-linux: Support selinuxXiaofeng Yan2012-06-252-0/+24
| | | | | | | Add the selinux support for util-linux. Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com> Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* dbus:Support selinuxXiaofeng Yan2012-06-251-0/+5
| | | | | | | Add the selinux support for dbus. Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com> Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
* udev: Build with selinux support.Xin Ouyang2012-06-201-0/+5
| | | | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>