summaryrefslogtreecommitdiffstats
path: root/recipes-security/refpolicy/refpolicy-minimum_2.20151208.bb
Commit message (Collapse)AuthorAgeFilesLines
* refpolicy: Update to 20170204 releaseJoe MacDonald2017-05-041-84/+0
| | | | | | | This updates all of the common policies. standard, minimum, mls and targeted. Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* refpolicy-minimum: systemd: fix for syslogShrikant Bobade2016-09-011-0/+1
| | | | | | | | syslog & getty related allow rules required to fix the syslog mixup with boot log, while using systemd as init manager. Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* refpolicy-minimum: systemd: fix for systemd tmp-files servicesShrikant Bobade2016-09-011-0/+1
| | | | | | | | fix for systemd tmp files setup services: systemd-journal-flush.service & systemd-logind.service. Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* refpolicy-minimum: systemd: fix for login & journal serviceShrikant Bobade2016-09-011-0/+1
| | | | | | | | | 1. fix for systemd services: login & journal wile using refpolicy-minimum and systemd as init manager. 2. fix login duration after providing root password. Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* refpolicy-minimum: systemd: mount: enable required refpolicy booleansShrikant Bobade2016-09-011-0/+1
| | | | | | | | enable required refpolicy booleans for these modules mount: allow_mount_anyfile & systemd:systemd_tmpfiles_manage_all Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* refpolicy-minimum: init: fix reboot with systemd as init manager.Shrikant Bobade2016-09-011-0/+1
| | | | | | | add allow rule to fix avc denial during system reboot. Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* refpolicy-minimum: locallogin: add allow rules for type local_login_tShrikant Bobade2016-09-011-0/+1
| | | | | | | add allow rules for locallogin module avc denials. Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* refpolicy-minimum: systemd: mount: logging: authlogin: add allow rulesShrikant Bobade2016-09-011-0/+1
| | | | | | | | | add allow rules for avc denails for systemd, mount, logging & authlogin modules. without this change we are getting avc. denials from these modules. Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* refpolicy-minimum: audit: logging: getty: audit related allow rulesShrikant Bobade2016-09-011-0/+1
| | | | | | | add allow rules for audit.log file & resolve dependent avc denials. Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* refpolicy-minimum: systemd:unconfined:lib: add systemd services allow rulesShrikant Bobade2016-09-011-0/+7
| | | | | | | | | | | systemd allow rules for systemd service file operations: start, stop, restart & allow rule for unconfined systemd service. without this change we are geting avc denials and access denied to perform operations on service file. Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* refpolicy-minimum_2.20151208: add systemd dependent policy modulesShrikant Bobade2016-05-271-0/+2
| | | | | | | | | | | | | | | | | | | | with systemd enabled refpolicy-minimum build breaks due to missing dependent policy modules, so add the dependent modules: clock, systemd, udev conditionally based on DISTRO_FEATURES. dependent systemd policy modules needed to fix these errors: * Failed to resolve 'adjtime_t' in typeattributeset statement at line 138 of .. modules/100/init/cil * Failed to resolve 'systemd_kmod_conf_t' in typeattributeset statement at line 141 of.. moules/100/init/cil * Failed to resolve 'udev_t' in typeattributeset statement at line 143 of modules/100/init/cil semodule: Failed! Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* refpolicy-minimum: port changes for prepare_policy_storeWenzong Fan2016-04-171-11/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | Apply the changes to refpolicy-minimum_2.20151208.bb: commit bfaf278116e6c3a04bb82c9f8a4f8629a0a85df8 Author: Wenzong Fan <wenzong.fan@windriver.com> Date: Tue Oct 27 06:25:04 2015 -0400 refpolicy-minimum: update prepare_policy_store * update prepare_policy_store() for supporting SELinux 2.4 & CIL, the logic is from refpolicy_common.inc but with minimum set of policy modules; * add extra policy modules that required by sysnetwork, without those modules the install process will fail with error: | Failed to resolve roletype statement at 62 of \ .../image/var/lib/selinux/minimum/tmp/modules/100/sysnetwork/cil | Failed to resolve ast | semodule: Failed! Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
* refpolicy: Replace 2.2014120 with release 2.20151208.Philip Tricca2016-03-211-0/+48
This was mostly straight forward. Had to refresh a single patch: poky-policy-fix-new-SELINUXMNT-in-sys.patch Signed-off-by: Philip Tricca <flihp@twobit.us>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-07 00:11:25 +0000