| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
Fixing labels after local-fs.target to make sure all mounted
filesystems labeled correctly.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
| |
Use the upstream patches to remove the dependency on ustr which no
longer builds with new versions of GCC and the author is unresponsive
and the site hosting the code is down.
Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fixed:
msgfmt -o af.mo af.po
make[1]: msgfmt: Command not found
make[1]: *** [af.mo] Error 127
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
Fixed:
swig -Wall -python -o semanageswig_wrap.c -outdir ./ semanageswig_python.i
make[1]: swig: Command not found
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some variables are exported by top Makefile and updated from sub
Makefile (such as PCRE_LDFLAGS, DISABLE_FLAGS ...).
The '-e' option prevents those variables from updating in the sub
Makefile and causes libselinux build errors:
| label.lo:(.data.rel.ro.local+0x20): undefined reference to `selabel_property_init'
| label.lo:(.data.rel.ro.local+0x28): undefined reference to `selabel_service_init'
oe-core also cleaned such default value from commit: aeb65386
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
| |
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
| |
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
| |
* rebase patch:
- policycoreutils-process-ValueError-for-sepolicy-seobject.patch
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
| |
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
| |
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* rebase patch:
- libselinux-make-O_CLOEXEC-optional.patch
* cleanup patches:
- libselinux-only-mount-proc-if-necessary.patch
- libselinux-procattr-return-einval-for-0-pid.patch
- libselinux-procattr-return-error-on-invalid-pid.patch
* other fixes:
- remove useless variables according to latest Makefile
- update FILES_${PN}-python to match the installed file:
'${libdir}/python2.7/site-packages/_selinux.so'.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
| |
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
| |
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
| |
Both selinux 2.5 and kernel 4.8 support Max Policy Version 30.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
| |
add systemd service file for handling selinux labeldev, this change improves
handling of systemd service functionality like:status check, debug etc.
compared to sysvinit compatibility mode scripts.
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
| |
add systemd service file for handling selinux autorelabel, this change
improves handling of systemd service functionality like:status check,
re-run, debug etc. compared to sysvinit compatibility mode scripts.
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
| |
add systemd service file for handling selinux initialization, this change
improves handling of systemd service functionality like:status check, debug
etc. compared to sysvinit compatibility mode scripts.
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
| |
add support for systemd service file and handling of script required by
systemd service file.
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed:
sepolgen-1.2.3: sepolgen: Files/directories were installed but not shipped in any package:
/usr
/usr/lib
/usr/lib/python
/usr/lib/python/site-packages
/usr/lib/python/site-packages/sepolgen
/usr/lib/python/site-packages/sepolgen/lex.py
/usr/lib/python/site-packages/sepolgen/matching.py
/usr/lib/python/site-packages/sepolgen/sepolgeni18n.py
/usr/lib/python/site-packages/sepolgen/__init__.py
/usr/lib/python/site-packages/sepolgen/classperms.py
/usr/lib/python/site-packages/sepolgen/refparser.py
/usr/lib/python/site-packages/sepolgen/module.py
/usr/lib/python/site-packages/sepolgen/objectmodel.py
/usr/lib/python/site-packages/sepolgen/interfaces.py
/usr/lib/python/site-packages/sepolgen/access.py
/usr/lib/python/site-packages/sepolgen/output.py
/usr/lib/python/site-packages/sepolgen/refpolicy.py
/usr/lib/python/site-packages/sepolgen/defaults.py
/usr/lib/python/site-packages/sepolgen/audit.py
/usr/lib/python/site-packages/sepolgen/yacc.py
/usr/lib/python/site-packages/sepolgen/util.py
/usr/lib/python/site-packages/sepolgen/policygen.py
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
sepolgen: 22 installed and not shipped files. [installed-vs-shipped]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
| |
Fixed:
semanageswig_wrap.c:147:21: fatal error: Python.h: No such file or directory
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Drop unavailable patches entry to fix the warning, even we are using
libselinux v2.5 these warnings pop-up during recipes parsing.
WARNING:..libselinux_git.bb: Unable to get checksum for libselinux SRC_URI
entry libselinux-get-pywrap-depends-on-selinux.py.patch: file could not be
found
WARNING:..libselinux_git.bb: Unable to get checksum for libselinux SRC_URI
entry libselinux-mount-procfs-before-check.patch: file could not be found
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
| |
With the virutal package there's no need for a separate recipe to build
the config. This can be generated and included as part of the policy
package.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This allows us to provide a default policy through the
PREFERRED_PROVIDER mechanism for each of the example distro configs.
Consumers of meta-selinux will be able to override this at the config
level instead of having to depend on a specific policy package. We do
lose the ability install more than one policy package but this falls
in line with the embedded nature of the project.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
| |
selinux upstream commits c7cf5d8aa061b9616bf9d5e91139ce4fb40f532c
and f77021d720f12767576c25d751c75cacd7478614
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
|
|
| |
selinux upstream commit 5a8d8c499b2ef80eaa7b5abe2ec68d7101e613bf
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
|
|
| |
These include files are no longer used by any .bb files.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
|
|
| |
SELinux Common Intermediate Language (CIL) policy compiler
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
| |
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
| |
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
| |
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
| |
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
| |
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
| |
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
| |
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
|
|
| |
libselinux 20160107 ships this change (git commit id 9df49888)
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
|
|
| |
ERROR: libsemanage-2.4-r0 do_populate_sysroot: QA Issue: libselinux.pc failed sanity test (tmpdir) in path /path/to/sysroot-destdir//usr/lib/pkgconfig [pkgconfig]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
|
|
| |
ERROR: libselinux-2.4-r0 do_populate_sysroot: QA Issue: libselinux.pc failed sanity test (tmpdir) in path /path/to/sysroot-destdir//usr/lib/pkgconfig [pkgconfig]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
|
|
| |
ERROR: libsepol-2.4-r0 do_populate_sysroot: QA Issue: libsepol.pc failed sanity test (tmpdir) in path /path/to//sysroot-destdir//usr/lib/pkgconfig [pkgconfig]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
|
|
|
| |
Fixup DESCRIPTION in old selinux-init recipe.
Exclude this autorelabel script from the minimal packagegroup.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
| |
Remove selinux-init package from packagegroup-selinux-minimal.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
| |
This will be useful when we have other init scripts.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
| |
Add runtime dependencies for init script.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
| |
Fixed when build libsepol-native:
/bin/sh: 1: flex: not found
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This integrates the new hll tool for compiling pp files into cil.
The hack to stage pp into the sysroot is a bit weird but the libexec
dir seems to be something bitbake doesn't account for.
Had to pull one patch from upstream to build the MLS policy. This fixes
an error where the auditadm_r and secadm_r roles end up defined twice in
the CIL.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
| |
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
| |
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
| |
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
| |
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
| |
Note the change in the URL from the last release. We were pulling source
tarballs generated by GitHub as part of its reponse to the addition of
tags. The SELinux project maintains their own releases on the wiki at:
https://github.com/SELinuxProject/selinux/wiki/Releases
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The SRC_URI used for the last SELinux userspace upgrade was the
wrong one. We were using the URI generated by GitHub when tags are
added to a repo. These are not the SELinux release tarballs.
The SELinux project generates and releases tarballs for each tool
and posts them to their GitHub wiki 'Releases' page:
https://github.com/SELinuxProject/selinux/wiki/Releases. This patch
fixes this URI, fixes the SELINUX_RELEASE variable that didn't get
updated during the last upgrade, removes the workaround for the 'S'
variable and fixes up the SRC_URI hashes.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
