summaryrefslogtreecommitdiffstats
path: root/recipes-security/refpolicy/refpolicy_common.inc
Commit message (Collapse)AuthorAgeFilesLines
* refpolicy: oddjob - allow oddjob_mkhomedir_t privfd:fd usestyheadClayton Casciato2025-05-011-0/+1
| | | | | Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* refpolicy: locallogin - allow sulogin_t user_tty_device_t rwClayton Casciato2025-04-301-0/+1
| | | | | Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* refpolicy: locallogin - allow sulogin_t unconfined domtransClayton Casciato2025-04-091-0/+1
| | | | Signed-off-by: Clayton Casciato <majortomtosourecontrol@gmail.com>
* refpolicy: locallogin - dontaudit sulogin_t checkpoint_restoreClayton Casciato2025-04-081-0/+1
| | | | | Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* refpolicy: files, init - filetrans /run/machine-id etc_runtime_tClayton Casciato2025-04-071-0/+1
| | | | | Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* refpolicy: firewalld - fix firewalld_t firewalld_tmpfs_t execClayton Casciato2025-04-061-0/+1
| | | | | Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* refpolicy: firewalld - fix lib_t Python cache denial auditingClayton Casciato2025-04-051-0/+1
| | | | | Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* refpolicy: unconfined - fix oddjob security_compute_sidClayton Casciato2025-04-041-0/+1
| | | | | Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* refpolicy: chronyd - fix dac_read_search denialsClayton Casciato2025-04-041-0/+1
| | | | Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
* refpolicy: authlogin - allow unix_chkpwd to runClayton Casciato2025-03-161-0/+1
| | | | | Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* refpolicy: upgrade 20240226+git -> 20240916+gitYi Zhao2024-10-091-7/+8
| | | | | | | | | | | | | | | | | | ChangeLog: https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20240916 Notable Changes Added sechecker configuration for GitHub CI actions. Cleaned up concerning permissions uncovered by sechecker Removed extremely deprecated domains in cups (ptal) and xen (xend/xm) Systemd updates up to v256 Various container fixes New Modules haproxy Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe.macdonald@siemens.com>
* refpolicy: update to latest git revYi Zhao2024-09-241-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Update policy for systemd-v256 c20cf2214 systemd: allow systemd-hostnamed to read vsock device 4f3437040 systemd: fix policy for systemd-ssh-generator d852b7540 devices: add label vsock_device_t for /dev/vsock a4a7b830f systemd: add policy for systemd-nsresourced 47081be47 systemd: allow system --user to create netlink_route_socket 78cacc708 systemd: allow systemd-networkd to manage sock files under /run/systemd/netif 29d0bb8c3 systemd: set context to systemd_networkd_var_lib_t for /var/lib/systemd/network 22fd3ddad Allow interactive user terminal output for the NetLabel management tool. c1284c601 bluetooth: Move line. 50a5555f2 Adding SE Policy rules to allow usage of unix stream sockets by dbus and bluetooth contexts when Gatt notifications are turned on by remote. 2b8fa2b4a kubernetes: allow kubelet to connect all TCP ports 9ab94df30 container: allow reading generic certs 7530dfa3c testing: add container_kvm_t to net admin exempt list 47eced9be Makefile: drop duplicate quotes b0b0d52dd various: rules required for DV manipulation in kubevirt 21e4a44c0 container: add container_kvm_t and supporting kubevirt rules a9bd177bb iptables: allow reading container engine tmp files af0b40824 container: allow spc various rules for kubevirt d585f08c2 container, kubernetes: add supporting rules for kubevirt and multus 9f37f86b2 dbus: dontaudit session bus domains the netadmin capability d9ca32f5a container: allow super privileged containers to manage BPF dirs 1900fbe68 kubernetes: allow kubelet to create unlabeled dirs b9c8ba607 haproxy: allow interactive usage 846804c58 podman: allow managing init runtime units 8787b3d8d iptables: allow reading usr files * Drop obsolete patches: 0033-policy-modules-services-rpcbind-allow-rpcbind_t-to-c.patch 0039-policy-modules-system-authlogin-fix-login-errors-aft.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe.macdonald@siemens.com>
* refpolicy: update to latest git revYi Zhao2024-07-241-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * a6cf20736 filesystem, devices: move gadgetfs to usbfs_t * 75492f95f systemd: make xdg optional * 097d688ff sshd: label sshd-session as sshd_exec_t * b57b6005c Setting bluetooth helper domain for bluetoothctl * 30f451d6a Adding Sepolicy rules to allow pulseaudio to access bluetooth sockets. * 7037c341f systemd: allow logind to use locallogin pidfds * 5f7f494d1 userdomain: allow administrative user to get attributes of shadow history file * 0126cb1e6 node_exporter: allow reading RPC sysctls * 9c90f9f7d asterisk: allow reading certbot lib * bfcaec9ba postfix: allow postfix pipe to watch mail spool * 06a80c3d8 netutils: allow ping to read net sysctls * 2e0509c9e node_exporter: allow reading localization * 50a8cddd1 container: allow containers to execute tmpfs files * 09a747a16 sysadm: make haproxy admin * c8c3ae2cb haproxy: initial policy * 4e97f87ce init: use pidfds from local login * 7fd9032d8 dbus, init: add interface for pidfd usage * a6d6921a9 asterisk: allow watching spool dirs * 72c1d912f su, sudo: allow sudo to signal all su domains * 8b3178248 sudo: allow systemd-logind to read cgroup state of sudo * 871f0b0dd postfix: allow smtpd to mmap SASL keytab files * 578375480 sysnetwork: allow ifconfig to read usr files * 6916e9b20 systemd: allow systemd-logind to use sshd pidfds * 96ebb7c4e Reorder perms and classes * cb68df087 tests.yml: Add policy diff on PRs. * 99258825c tests.yml: Divide into reusable workflows. * 1e4b68930 Reorder perms and classes Drop 0002-refpolicy-minimum-make-xdg-module-optional.patch and 0040-policy-modules-system-systemd-allow-systemd-logind-t.patch which have been merged upstream. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe.macdonald@siemens.com>
* refpolicy: fixes for auditctl and rsyslogYi Zhao2024-07-231-0/+1
| | | | | | | | * Allow auditctl to read symlink of var/log directory. * Grant getpcap capability to syslogd_t. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe.macdonald@siemens.com>
* recipes: WORKDIR -> UNPACKDIR transitionChangqing Li2024-06-261-3/+3
| | | | | | | | * WORKDIR -> UNPACKDIR transition * Switch away from S = WORKDIR Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Joe MacDonald <joe.macdonald@siemens.com>
* refpolicy: upgrade 20231002+git -> 20240226+gitYi Zhao2024-03-121-17/+18
| | | | | | | | | | | | | | | | | | | | | ChangeLog: https://github.com/SELinuxProject/refpolicy/blob/main/Changelog Notable Changes: Many systemd updates up to v255 RPM and dnf fixes Tighten private key handling for Apache Many container and kubernetes improvements Add support for Cilium Update object class definitions up to io_uring:cmd Add additional rules to cloud-init based on sysadm_t * Update to latest git rev. * Refresh patches. * Add a patch to fix reboot timeout error. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: fix login errors after enabling systemd DynamicUserYi Zhao2023-12-141-0/+1
| | | | | | | | | | After oe-ocre commit ba3a78c0[1], domains using PAM need to read /etc/shadow. [1] https://git.openembedded.org/openembedded-core/commit/?id=ba3a78c08cb0ce08afde049610d3172b9e3b0695 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: upgrade 20221101+git -> 20231002+gitYi Zhao2023-10-121-25/+25
| | | | | | | | | | * Switch branch to main. * Update to latest git rev. * Drop obsolete and useless patches. * Refresh patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: upgrade 20210908+git -> 20221101+gitlangdaleYi Zhao2022-11-231-138/+123
| | | | | | | | | * Update to latest git rev. * Drop obsolete and useless patches. * Rebase patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: add file context for findfs alternativeYi Zhao2022-07-061-0/+1
| | | | | | | Add file context for findfs alternative which is provided by util-linux. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: backport patches to fix policy issues for systemd 250Yi Zhao2022-07-061-0/+7
| | | | | | | | | | | | | | | Backport the following patches to fix systemd-resolved and systemd-netowrkd policy issues: systemd-systemd-resolved-is-linked-to-libselinux.patch sysnetwork-systemd-allow-DNS-resolution-over-io.syst.patch term-init-allow-systemd-to-watch-and-watch-reads-on-.patch systemd-add-file-transition-for-systemd-networkd-run.patch systemd-add-missing-file-context-for-run-systemd-net.patch systemd-add-file-contexts-for-systemd-network-genera.patch systemd-udev-allow-udev-to-read-systemd-networkd-run.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* meta-selinux: Use SPDX style licensing formatAshish Sharma2022-04-191-1/+1
| | | | | | | | | | | | | | | | | WARNING: checkpolicy-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: setools-4.4.0-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 LGPLv2.1 [obsolete-license] \ WARNING: policycoreutils-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: refpolicy-standard-2.20210908+gitAUTOINC+23a8d103f3-r0.2 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ WARNING: selinux-python-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: ecryptfs-utils-111-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPL-2.0 [obsolete-license] \ WARNING: nikto-2.1.6-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ WARNING: bastille-3.2.1-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ WARNING: suricata-6.0.4-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ WARNING: samhain-server-4.4.6-r0.7 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ ... Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: upgrade 20210203+git -> 20210908+gitYi Zhao2022-01-181-89/+59
| | | | | | | | | | | | * Update to latest git rev. * Drop obsolete and useless patches. * Rebase patches. * Set POLICY_DISTRO from redhat to debian, which can reduce the amount of local patches. * Set max kernel policy version from 31 to 33. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* meta-selinux: convert to new override syntaxYi Zhao2021-08-041-7/+7
| | | | | | | | | | This is the result of automated script conversion: poky/scripts/contrib/convert-overrides.py meta-selinux Converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: update file context for chfn/chshYi Zhao2021-08-041-0/+1
| | | | | | | | | The util-linux has provided chfn and chsh since oe-core commit 804c6b5bd3d398d5ea2a45d6bcc23c76e328ea3f. Update the file context for them. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: upgrade 20200229+git -> 20210203+gitYi Zhao2021-03-031-52/+61
| | | | | | | | | | * Update to latest git rev. * Drop obsolete and unused patches. * Rebase patches. * Add patches to make systemd --user work. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: update file context for ifconfigYi Zhao2020-09-231-0/+1
| | | | | | | | | The ifconfig was moved from sbin to bin with oe-core commit: c9caff40ff61c08e24a84922f8d7c8e9cdf8883e. Update the file context for it. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: update to 20200229+gitYi Zhao2020-07-141-36/+82
| | | | | | | | | * Drop obsolete and unused patches. * Rebase patches. * Add patches to make systemd and sysvinit can work with all policy types. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* clean up getVar() usageJoe MacDonald2020-04-031-1/+1
| | | | | | | | | | | 83eac4de updated the usage of getVar() in classes/selinux.bbclass to leave out the default expand parameter. This is consistent with the usage in the core layers. Bring all other calls to getVar() in the layer into alignment with this approach. Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* refpolicy: switch to python3Yi Zhao2019-12-241-3/+3
| | | | | | | | * Switch to python3 * Update policy-version to 31 to match selinux 2.9 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* support policy module configuration at recipe levelJoe MacDonald2019-12-091-0/+10
| | | | | | | | | On highly storage-limited machines it may be beneficial to completely remove some or all non-essential policy modules. refpolicy already supports this with the 'no' option in modules.conf, so we'll just expose this feature (with an appropriate warning) at the recipe-level. Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* refpolicy: update to 2.20190201 and git HEAD policiesJoe MacDonald2019-04-121-4/+44
| | | | | | | Additionally, the README has fallen out of date, update it to reflect the current reality of layer dependencies. Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy_common: depends on semodule-utils-nativeWenzong Fan2017-09-131-1/+1
| | | | | | | | Those tools have been moved from policycoreutils to semodule-utils: semodule_deps, semodule_expand, semodule_link, semodule_package Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* refpolicy: fix a typo in RDEPENDSJackie Huang2017-09-081-1/+1
| | | | | | | Underscore ("_") should be used for variable overrides. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* refpolicy-mls: user native bzip2 instead of hostAlexandru Moise2017-05-021-1/+3
| | | | | | | | | | | | The behavior of b{zip,unzip}2 an vary from host to host with regards to a number of things such as return value or permissions. We should always use the native bzip2 package to keep the behavior deterministic. This change prevents a warning at do_package_qa task of refpolicy-mls package. Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* refpolicy-git: Update patchesJoe MacDonald2017-01-061-0/+4
| | | | | | | A number of upstream changes caused patch conflicts or duplication in the final policy. Update the list of git patches appropriately. Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* selinux: update policy-version to 30Wenzong Fan2016-09-221-1/+1
| | | | | | | Both selinux 2.5 and kernel 4.8 support Max Policy Version 30. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* refpolicy_common.inc: add refpolicy minimum banner at selinux config.Shrikant Bobade2016-09-011-0/+1
| | | | | Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* refpolicy: remove virtual prefix for runtime providersJoe MacDonald2016-07-071-1/+1
| | | | | | | | | | | | | | In keeping with the approach of only providing a single default policy at runtime, we were originally using a virtual/refpolicy dependency and filling it with one of our specific refpolicy implementations. This works well enough for some package systems, but fails for others (specifically deb, possibly more). Since the intent was to only have one present in the default image anyway, we'll just throw out the 'virtual/' part of the RPROVIDES and related dependencies across the board. Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* refpolicy_common.inc: enable conditional systemd supportShrikant Bobade2016-05-271-1/+1
| | | | | | | | | refpolicy now introduced systemd support using POLICY_SYSTEMD variable, with systemd enabled setup we need the refpolicy with systemd support, so enable systemd support based on DISTRO_FEATURES. Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* refpolicy_common: Use POLICY_NAME instaed of POLICY_TYPE for SELINUXTYPE in ↵Wenzong Fan2016-04-201-1/+1
| | | | | | config. Signed-off-by: Philip Tricca <flihp@twobit.us>
* refpolicy_common: Sanity test DEFAULT_ENFORCING value and set default.Philip Tricca2016-04-041-0/+10
| | | | | | | | | | Use the anonymous python function to be sure the value set for 'SELINUX' in the config file is something useful. In the event that DEFAULT_ENFORCING isn't set to one of the 3 permissible values we set it to 'permissive'. Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* Integrate selinux-config into refpolicy_common.Philip Tricca2016-04-041-2/+28
| | | | | | | | | With the virutal package there's no need for a separate recipe to build the config. This can be generated and included as part of the policy package. Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* refpolicy: Setup virtual/refpolicy provider.Philip Tricca2016-04-041-0/+3
| | | | | | | | | | | | This allows us to provide a default policy through the PREFERRED_PROVIDER mechanism for each of the example distro configs. Consumers of meta-selinux will be able to override this at the config level instead of having to depend on a specific policy package. We do lose the ability install more than one policy package but this falls in line with the embedded nature of the project. Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* refpolicy: Add support for the SYSTEMD build.conf option.Stephen Smalley2016-03-171-0/+2
| | | | | | | | | | | | refpolicy has introduced a new build.conf option, SYSTEMD=y, to enable rules specific to using systemd as the init system. In particular, without setting this option, rules for direct domain transitions from init_t to daemon domains are not included in the policy. Define a POLICY_SYSTEMD variable in the refpolicy common include file that can be set elsewhere to enable this support. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Philip Tricca <flihp@twobit.us>
* refpolicy: update for change in libsemanage 2.5Stephen Smalley2016-03-171-2/+2
| | | | | | | | libsemanage 2.5 renamed /var/lib/selinux/tmp to /var/lib/selinux/final; update the refpolicy recipe accordingly. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Philip Tricca <flihp@twobit.us>
* refpolicy: fix exit code issue of bzip2Wenzong Fan2015-10-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'bzip2 -qt $moudle_name.pp' has different exit codes on different distributions, for example: * On Redhat/CentOS/Fedora, OpenSUSE: $ bzip2 -qt /tmp/tor.pp bzip2: /tmp/tor.pp: bad magic number (file not created by bzip2) $ echo $? 0 This causes install errors: unzip2: /path/to/*.pp is not a bzip2 file. libsepol.module_package_read_offsets: module package header truncated Failed to read policy package * Ubuntu has fixed it: $ bzip2 -qt /tmp/tor.pp bzip2: /tmp/tor.pp: bad magic number (file not created by bzip2) $ echo $? 2 The difference involved by '-q' options, remove it would get the bzip2 works consistently. bzip2-native has the same issue, anyway it should be fixed separately. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* refpolicy: Update policy install and bootstrap process for CIL.Philip Tricca2015-09-171-14/+26
| | | | | | | | | | | | | | | | The policy modules are now installed into /var/lib/selinux instead of /etc/selinux. Policies now have priorities. This is represented as part of the path under /var/lib/selinux. The new intermediate policy representation requires that we install the policy package as 3 files (hll, cil & lang_ext) instead of just the *.pp as before. The cil is generated from the hll (the pp file) using the new 'pp' utility. The base policy module now lives with all of the other modules. policy.kern has gone away. Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* refpolicy: correct SELINUX_DEVEL_PATHWenzong Fan2015-08-071-1/+9
| | | | | | | | | The sepolgen.conf should be installed with devel package to correct the default value of SELINUX_DEVEL_PATH, Makefile will be searched from that path while building policies on target. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* Use compressed_policy by default, and clear distro featureXin Ouyang2014-09-221-19/+9
| | | | | | | | | | | Original refpolicy install compressed policy modules to policy store, but leave datadir ones uncompressed. After, a "compressed_policy" distro feature is added for compressing the datadir ones. This simple mechanism is unworthy for a distro feature, just clear it and use compressed policy modules by default. Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-04 12:18:24 +0000