summaryrefslogtreecommitdiffstats
path: root/recipes-security/selinux
Commit message (Collapse)AuthorAgeFilesLines
...
* selinux: uprev include file to 20170804Wenzong Fan2017-09-131-1/+1
| | | | | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* selinux-init: start service after local-fs.targetWenzong Fan2017-05-021-0/+1
| | | | | | | | Fixing labels after local-fs.target to make sure all mounted filesystems labeled correctly. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libsemanage: remove dependency on ustrDoug Goldstein2017-05-026-1/+668
| | | | | | | | | Use the upstream patches to remove the dependency on ustr which no longer builds with new versions of GCC and the author is unresponsive and the site hosting the code is down. Signed-off-by: Doug Goldstein <cardoe@cardoe.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* policycoreutils: add gettext-native to DEPENDSRobert Yang2017-02-241-1/+1
| | | | | | | | | | Fixed: msgfmt -o af.mo af.po make[1]: msgfmt: Command not found make[1]: *** [af.mo] Error 127 Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* libsemanage: add swig-native to DEPENDSRobert Yang2017-02-241-1/+1
| | | | | | | | | Fixed: swig -Wall -python -o semanageswig_wrap.c -outdir ./ semanageswig_python.i make[1]: swig: Command not found Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* selinux_common: remove EXTRA_OEMAKE = "-e"Wenzong Fan2017-01-051-5/+0
| | | | | | | | | | | | | | | | Some variables are exported by top Makefile and updated from sub Makefile (such as PCRE_LDFLAGS, DISABLE_FLAGS ...). The '-e' option prevents those variables from updating in the sub Makefile and causes libselinux build errors: | label.lo:(.data.rel.ro.local+0x20): undefined reference to `selabel_property_init' | label.lo:(.data.rel.ro.local+0x28): undefined reference to `selabel_service_init' oe-core also cleaned such default value from commit: aeb65386 Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* secilc: uprev to 2.6 (20161014)Wenzong Fan2017-01-052-7/+7
| | | | | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* sepolgen: uprev to 2.6 (20161014)Wenzong Fan2017-01-052-7/+7
| | | | | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* policycoreutils: uprev to 2.6 (20161014)Wenzong Fan2017-01-052-20/+21
| | | | | | | | * rebase patch: - policycoreutils-process-ValueError-for-sepolicy-seobject.patch Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* checkpolicy: uprev to 2.6 (20161014)Wenzong Fan2017-01-052-7/+7
| | | | | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libsemanage: uprev to 2.6 (20161014)Wenzong Fan2017-01-051-3/+3
| | | | | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libselinux: uprev to 2.6 (20161014)Wenzong Fan2017-01-056-194/+44
| | | | | | | | | | | | | | | | | | * rebase patch: - libselinux-make-O_CLOEXEC-optional.patch * cleanup patches: - libselinux-only-mount-proc-if-necessary.patch - libselinux-procattr-return-einval-for-0-pid.patch - libselinux-procattr-return-error-on-invalid-pid.patch * other fixes: - remove useless variables according to latest Makefile - update FILES_${PN}-python to match the installed file: '${libdir}/python2.7/site-packages/_selinux.so'. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libsepol: uprev to 2.6 (20161014)Wenzong Fan2017-01-052-9/+9
| | | | | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* selinux: uprev include file to 20161014Wenzong Fan2017-01-051-1/+1
| | | | | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* selinux: update policy-version to 30Wenzong Fan2016-09-221-1/+1
| | | | | | | Both selinux 2.5 and kernel 4.8 support Max Policy Version 30. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* selinux-labeldev: add systemd service file supportShrikant Bobade2016-09-012-1/+15
| | | | | | | | | add systemd service file for handling selinux labeldev, this change improves handling of systemd service functionality like:status check, debug etc. compared to sysvinit compatibility mode scripts. Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* selinux-autorelabel: add systemd service file supportShrikant Bobade2016-09-012-1/+15
| | | | | | | | | add systemd service file for handling selinux autorelabel, this change improves handling of systemd service functionality like:status check, re-run, debug etc. compared to sysvinit compatibility mode scripts. Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* selinux-init: add systemd service file supportShrikant Bobade2016-09-012-1/+15
| | | | | | | | | add systemd service file for handling selinux initialization, this change improves handling of systemd service functionality like:status check, debug etc. compared to sysvinit compatibility mode scripts. Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* selinux-initsh.inc: add systemd supportShrikant Bobade2016-09-011-1/+11
| | | | | | | | add support for systemd service file and handling of script required by systemd service file. Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* sepolgen: inherit python-dirRobert Yang2016-06-161-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixed: sepolgen-1.2.3: sepolgen: Files/directories were installed but not shipped in any package: /usr /usr/lib /usr/lib/python /usr/lib/python/site-packages /usr/lib/python/site-packages/sepolgen /usr/lib/python/site-packages/sepolgen/lex.py /usr/lib/python/site-packages/sepolgen/matching.py /usr/lib/python/site-packages/sepolgen/sepolgeni18n.py /usr/lib/python/site-packages/sepolgen/__init__.py /usr/lib/python/site-packages/sepolgen/classperms.py /usr/lib/python/site-packages/sepolgen/refparser.py /usr/lib/python/site-packages/sepolgen/module.py /usr/lib/python/site-packages/sepolgen/objectmodel.py /usr/lib/python/site-packages/sepolgen/interfaces.py /usr/lib/python/site-packages/sepolgen/access.py /usr/lib/python/site-packages/sepolgen/output.py /usr/lib/python/site-packages/sepolgen/refpolicy.py /usr/lib/python/site-packages/sepolgen/defaults.py /usr/lib/python/site-packages/sepolgen/audit.py /usr/lib/python/site-packages/sepolgen/yacc.py /usr/lib/python/site-packages/sepolgen/util.py /usr/lib/python/site-packages/sepolgen/policygen.py Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install. sepolgen: 22 installed and not shipped files. [installed-vs-shipped] Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libsemanage: inherit python-dirRobert Yang2016-06-161-1/+1
| | | | | | | | Fixed: semanageswig_wrap.c:147:21: fatal error: Python.h: No such file or directory Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libselinux_git: fix warnings of unavailable patchesShrikant Bobade2016-05-271-2/+0
| | | | | | | | | | | | | | Drop unavailable patches entry to fix the warning, even we are using libselinux v2.5 these warnings pop-up during recipes parsing. WARNING:..libselinux_git.bb: Unable to get checksum for libselinux SRC_URI entry libselinux-get-pywrap-depends-on-selinux.py.patch: file could not be found WARNING:..libselinux_git.bb: Unable to get checksum for libselinux SRC_URI entry libselinux-mount-procfs-before-check.patch: file could not be found Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* Integrate selinux-config into refpolicy_common.Philip Tricca2016-04-041-40/+0
| | | | | | | | | With the virutal package there's no need for a separate recipe to build the config. This can be generated and included as part of the policy package. Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* refpolicy: Setup virtual/refpolicy provider.Philip Tricca2016-04-041-2/+1
| | | | | | | | | | | | This allows us to provide a default policy through the PREFERRED_PROVIDER mechanism for each of the example distro configs. Consumers of meta-selinux will be able to override this at the config level instead of having to depend on a specific policy package. We do lose the ability install more than one policy package but this falls in line with the embedded nature of the project. Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libselinux: procattr fixesStephen Smalley2016-03-173-0/+89
| | | | | | | | selinux upstream commits c7cf5d8aa061b9616bf9d5e91139ce4fb40f532c and f77021d720f12767576c25d751c75cacd7478614 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Philip Tricca <flihp@twobit.us>
* libselinux: Only mount /proc if necessaryStephen Smalley2016-03-172-0/+55
| | | | | | | selinux upstream commit 5a8d8c499b2ef80eaa7b5abe2ec68d7101e613bf Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Philip Tricca <flihp@twobit.us>
* Delete include files for 20140506 and 20150202 releases.Stephen Smalley2016-03-172-10/+0
| | | | | | | These include files are no longer used by any .bb files. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Philip Tricca <flihp@twobit.us>
* secilc: Add recipeStephen Smalley2016-03-172-0/+18
| | | | | | | SELinux Common Intermediate Language (CIL) policy compiler Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Philip Tricca <flihp@twobit.us>
* sepolgen: uprev to 1.2.3 (20160223)Stephen Smalley2016-03-172-7/+7
| | | | | Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Philip Tricca <flihp@twobit.us>
* policycoreutils: uprev to 2.5 (20160223)Stephen Smalley2016-03-175-123/+26
| | | | | Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Philip Tricca <flihp@twobit.us>
* checkpolicy: uprev to 2.5 (20160223)Stephen Smalley2016-03-173-8/+8
| | | | | Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Philip Tricca <flihp@twobit.us>
* libsemanage: uprev to 2.5 (20160223)Stephen Smalley2016-03-173-29/+29
| | | | | Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Philip Tricca <flihp@twobit.us>
* libselinux: uprev to 2.5 (20160223)Stephen Smalley2016-03-174-145/+35
| | | | | Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Philip Tricca <flihp@twobit.us>
* libsepol: uprev to 2.5 (release 20160223)Stephen Smalley2016-03-172-9/+9
| | | | | Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Philip Tricca <flihp@twobit.us>
* Add include file for the 20160223 SELinux userspace release.Stephen Smalley2016-03-171-0/+5
| | | | | Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Philip Tricca <flihp@twobit.us>
* libselinux: backport procfs mount fixIoan-Adrian Ratiu2016-02-283-0/+76
| | | | | | | libselinux 20160107 ships this change (git commit id 9df49888) Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by: Philip Tricca <flihp@twobit.us>
* libsemanage: fix libsepol.pc failed sanity testRobert Yang2016-02-273-0/+30
| | | | | | | ERROR: libsemanage-2.4-r0 do_populate_sysroot: QA Issue: libselinux.pc failed sanity test (tmpdir) in path /path/to/sysroot-destdir//usr/lib/pkgconfig [pkgconfig] Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Philip Tricca <flihp@twobit.us>
* libselinux: fix libselinux.pc failed sanity testRobert Yang2016-02-273-0/+30
| | | | | | | ERROR: libselinux-2.4-r0 do_populate_sysroot: QA Issue: libselinux.pc failed sanity test (tmpdir) in path /path/to/sysroot-destdir//usr/lib/pkgconfig [pkgconfig] Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Philip Tricca <flihp@twobit.us>
* libsepol: fix libsepol.pc failed sanity testRobert Yang2016-02-273-0/+32
| | | | | | | ERROR: libsepol-2.4-r0 do_populate_sysroot: QA Issue: libsepol.pc failed sanity test (tmpdir) in path /path/to//sysroot-destdir//usr/lib/pkgconfig [pkgconfig] Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Philip Tricca <flihp@twobit.us>
* selinux-init: Break handling of /.autorelabel out into separate script.Philip Tricca2015-11-274-14/+42
| | | | | | | | Fixup DESCRIPTION in old selinux-init recipe. Exclude this autorelabel script from the minimal packagegroup. Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* selinux-init: Break labeling of /dev out into separate script.Philip Tricca2015-11-274-10/+41
| | | | | | | Remove selinux-init package from packagegroup-selinux-minimal. Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* selinux-init: Move script logic into include.Philip Tricca2015-11-272-21/+28
| | | | | | | This will be useful when we have other init scripts. Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* selinux-config: Separate init script into new recipe.Philip Tricca2015-11-273-13/+38
| | | | | | | Add runtime dependencies for init script. Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libsepol: DEPENDS on flex-nativeRobert Yang2015-10-221-0/+2
| | | | | | | | Fixed when build libsepol-native: /bin/sh: 1: flex: not found Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* policycoreutuils: Bump version to 2.4.Philip Tricca2015-09-173-5/+83
| | | | | | | | | | | | This integrates the new hll tool for compiling pp files into cil. The hack to stage pp into the sysroot is a bit weird but the libexec dir seems to be something bitbake doesn't account for. Had to pull one patch from upstream to build the MLS policy. This fixes an error where the auditadm_r and secadm_r roles end up defined twice in the CIL. Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libsemanage: Bump version to 2.4.Philip Tricca2015-09-172-14/+13
| | | | | Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* checkpolicy: Bump version to 2.4.Philip Tricca2015-09-172-7/+7
| | | | | Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libselinux: Bump version to 2.4.Philip Tricca2015-09-171-3/+3
| | | | | Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libsepol: Bump version to 2.4.Philip Tricca2015-09-172-7/+7
| | | | | Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* Add common files for 20150202 SELinux userspace release.Philip Tricca2015-09-171-0/+5
| | | | | | | | | | Note the change in the URL from the last release. We were pulling source tarballs generated by GitHub as part of its reponse to the addition of tags. The SELinux project maintains their own releases on the wiki at: https://github.com/SELinuxProject/selinux/wiki/Releases Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-24 07:18:25 +0000