| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
CQID: 418197
Reference /usr/sbin instead of the directory into which
the script is installed on the host.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit d46e88abb6e1f7b0228c30c98ba4fb739e63cda3.
In d46e88ab, run_init will not use open_init_pty as Redhat did. Our
old refpolicy still does no work well with this, and make init scripts
fail to start so revert it.
This patch should be dropped while refpolicy is upreved to 2.20120725+.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This reverts uprev commit 96cedba3e59aa474f0f040da5108a17bba45ce6c.
96cedb will cause wrong security contexts for /dev/ while using
MLS type of old refpolicy, so revert it.
This patch should be dropped while refpolicy is upreved to 2.20120725+.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts upstream libpcre commits.
libselinux 2.1.12 uses libpcre to do file path matching instead of glibc
regex. Because there are some differences between glibc regex and pcre
functions, this will cause wrong security contexts for files while using
old refpolicy.
This patch should be dropped while refpolicy is upreved to 2.20120725+.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
The flag: -Wno-unused-but-set-variable isn't supported on older
versions of gcc such as gcc-4.1.2 which is the native compiler for
RHEL-5.9. Drop this warning flag for both the native and target builds.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
The flag: -Wno-unused-but-set-variable isn't supported on older
versions of gcc such as gcc-4.1.2 which is the native compiler for
RHEL-5.9. I've droped this warning flag for both the native and target builds.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upreved packages:
- checkpolicy to 2.1.11
- libselinux to 2.1.12
- libsemanage to 2.1.9
- libsepol to 2.1.8
- policycoreutils to 2.1.13
- sepolgen to 1.1.8
Misc changes:
- libselinux has a new depend for libpcre
- drop patches that new version merged
- set PR to r0 for new version
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
| |
Target package policycoreutils-sandbox always needs libcgroup and
libcap-ng, so it should not be conditional.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
| |
shadow package of oe-core and Debian has installed nologin into
/usr/sbin, so fix this path.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Create include files for selinux userspace packages:
* checkpolicy.inc
* libselinux.inc
* libsemanage.inc
* libsepol.inc
* policycoreutils.inc
* sepolgen.inc
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
| |
Fix the hard-coded security type for /dev/null and /dev/console.
Check rootfs if support xattrs before do relabel.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
| |
et, gl, and id .po files contained no translations. This can cause
build errors. Delete those puppies.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This script will be installed as 0selinux-init, in runlevel S and
sequence number 0. It will start before any other init script.
* relabel /dev for restorecon/fixfiles running
* rebuild policy and relabel the rootfs if /.autorelabel placed.
* relabel the rootfs if it is first booting.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
| |
Also fix missing RDEPENDS for setools-*
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fixfiles in /sbin would run some /usr/bin binaries to cause these
QA warnings.
WARNING: Shell scripts in base_bindir and base_sbindir should not
reference anything in exec_prefix
Since fixfiles is installed into /sbin in most Linux distros,
changing this path may cause runtime errors for some hard coded
binaries.
So, disable unsafe-references-in-scripts QA checkes.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
| |
The "Public Domain" license now has a common license file placed
as PD in Poky/oe-core, so fix this.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
| |
With new changes in oe-core, recipes which need python-native
should "inherit pythonnative".
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
| |
If no pam DISTRO_FEATURE, policycoreutils should not build with
libpam headers and libraries.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
EXTRA_DEPENDS is still not null while building native packages,
this will add useless depends for libcap-ng&libcgroup&pam and
cause build errors.
So rewrite these DEPENDS.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
Fix these warnings:
===================
WARNING: Variable get_git_policyconfigarch contains tabs, please remove
these(....)
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
| |
Remove -Wno-error=format-security from CFLAGS. and add a patch
so we can build policycoreutils if -Werror=format-security
enabled.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
| |
*** Error: Package name contains illegal characters, (other than [a-z0-9.+-])
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
| |
Now, the default policy is "mls".
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
See Yocto Project bugzilla:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=2530
This is a temporary workaround to the parsing issue.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
| |
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
| |
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libselinux was attempting to ensure ARCH was set to i386 for any i*86
platform. Replaced the existing code with a simpler construct that
accomplishes the same goal.
A similar anonymous python block was being used in policycoreutils to
identify an optional dependency on libcap-ng and libcgroup. Also replaced
with a simpler construct. The newest policycoreutils depends on them both
anyway in the current configuration.
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
Added _git versions.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The preferred versions hould always be the latest stable, not the
git recipe.
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
Revised summary commit message, and added addition _git recipes.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| | |
|
| |
|
|
|
| |
With sysvinit, selinux_init_load_policy() will fail since sysfs is
still not mounted.
|
| |
|
|
|
|
|
|
|
| |
selinux packages v2.20120215:
* libselinux-2.1.9
* libsemanage-2.1.6
* checkpolicy-2.1.8
* policycoreutils-2.1.10
* sepolgen-1.1.5
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
