summaryrefslogtreecommitdiffstats
path: root/recipes-security/selinux
Commit message (Collapse)AuthorAgeFilesLines
* libselinux.inc: Add python-shell to libselinux-python RDEPENDS.master-nextChris PeBenito2019-04-151-1/+1
| | | | | | | The libselinux SWIG wrapper imports shutil. Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux: remove git versionYi Zhao2019-04-146-62/+0
| | | | | | | | | | The git version of libselinux libsemanage libsepol checkpolicy and policycoreutils are far behind the master branch and now they can not build due to the do_patch error. The current stable 2.8 version works well so we can remove them. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux: Fix build with musl libc.Piotr Tworek2018-10-231-0/+2
| | | | | | | | | | Musl libc does not implement file traversal functions from fts.h. Oe-core provides fts library which implements those. Libselinux makefile allows us to use such additional library by specifying required linker flags via FTS_LDLIBS variable. Signed-off-by: Piotr Tworek <tworaz666@gmail.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* policycorutils: package files in base_sbindir.Eric Chanudet2018-09-091-7/+6
| | | | | | | | | | | SBINDIR was changed to ${base_sbindir} in commit: 8cc9c17 policycoreutils: fix installed-but-not-shipped on updated recipes FILES_${PN}-* must now capture files installed in ${base_sbindir} accordingly. Signed-off-by: Eric Chanudet <chanudete@ainfosec.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* policycoreutils: fix installed-but-not-shipped on updated recipesJoe MacDonald2018-09-073-60/+1
| | | | Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* selinux-gui: uprev to 2.8 (20180524)Yi Zhao2018-09-072-7/+7
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* selinux-dbus: uprev to 2.8 (20180524)Yi Zhao2018-09-072-7/+7
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* semodule-utils: uprev to 2.8 (20180524)Yi Zhao2018-09-073-9/+7
| | | | | | | Remove package semodule-deps as it had been removed upstream. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* selinux-python: uprev to 2.8 (20180524)Yi Zhao2018-09-074-18/+21
| | | | | | | | Rebase patch: fix-sepolicy-install-path.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* selinux-sandbox: uprev to 2.8 (20180524)Yi Zhao2018-09-072-7/+7
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* restorecond: uprev to 2.8 (20180524)Yi Zhao2018-09-073-11/+7
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* mcstrans: uprev to 2.8 (20180524)Yi Zhao2018-09-073-8/+7
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* policycoreutils: uprev to 2.8 (20180524)Yi Zhao2018-09-076-31/+70
| | | | | | | | | | | | | Remove unused patch: policycoreutils-loadpolicy-symlink.patch Add the following patches to change commands path for backward compatibility: policycoreutils-fix-fixfiles-install-path.patch policycoreutils-fix-fixfiles-install-path.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* secilc: uprev to 2.8 (20180524)Yi Zhao2018-09-072-7/+7
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* checkpolicy: uprev to 2.8 (20180524)Yi Zhao2018-09-073-8/+7
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libsemanage: uprev to 2.8 (20180524)Yi Zhao2018-09-073-22/+16
| | | | | | | | Rebase patch: 0001-src-Makefile-fix-includedir-in-libselinux.pc.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libselinux: uprev to 2.8 (20180524)Yi Zhao2018-09-073-13/+15
| | | | | | | | Rebase patch: 0001-src-Makefile-fix-includedir-in-libselinux.pc.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libsepol: uprev to 2.8 (20180524)Yi Zhao2018-09-073-15/+16
| | | | | | | | Rebase patch: 0001-src-Makefile-fix-includedir-in-libsepol.pc.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* selinux: uprev inc files to 2.8 (20180524)Yi Zhao2018-09-072-5/+6
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libselinux: fix usrmerge do_installMingli Yu2018-09-071-1/+3
| | | | | | | | | | When usrmerge enabled in DISTRO_FEATURES, the binary actually installed under ${base_sbindir}, so cannot remove ${D}${base_sbindir} when usrmerge enabled. Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* policycoreutils: fix usrmerge install pathMingli Yu2018-09-071-0/+1
| | | | | | | | | | | | | | | | | Set SBINDIR to ${base_sbindir} to fix below issue when usrmerge enabled in DISTRO_FEATURES | ERROR: QA Issue: policycoreutils-dbg package is not obeying usrmerge distro feature. /sbin should be relocated to /usr. [usrmerge] | WARNING: policycoreutils-2.7-r0 do_package: QA Issue: policycoreutils: Files/directories were installed but not shipped in any package: /sbin/restorecon /sbin/setfiles /sbin/load_policy /sbin/restorecon_xattr /sbin/fixfiles Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* mcstrans: define SBINDIR to ${D}/${base_sbindir}Mingli Yu2018-08-171-1/+1
| | | | | | | | | | | Add SBINDIR=${D}/${base_sbindir} to EXTRA_OEMAKE to fix below error when usrmerge enabled in DISTRO_FEATURES. ERROR: QA Issue: mcstrans-dbg package is not obeying usrmerge distro feature. /sbin should be relocated to /usr. [usrmerge] Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* policycoreutils: add PACKAGECONFIG for libpam, auditWenzong Fan2018-08-171-7/+14
| | | | | | | | | * make pam and audit support configurable; * remove INITDIR from EXTRA_OEMAKE, the variable is not supported now. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* selinux-python: fix installed-vs-shipped QA errorsWenzong Fan2018-08-171-0/+1
| | | | | | | | | | | | | | | Fix the QA errors when enable multilib: ERROR: selinux-python-2.7-r0 do_package: QA Issue: selinux-python: Files/directories were installed but not shipped in any package: /usr/lib /usr/lib/python2.7 /usr/lib/python2.7/site-packages /usr/lib/python2.7/site-packages/sepolicy-1.1.egg-info [snip] Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* policycoreutils: replace _virtclass-native with _class-nativeYi Zhao2018-08-141-3/+3
| | | | | | | | | | | | | | The _virtclass-native is obsolete and replaced by _class-native. In recent oe-core commit c5aa33ac483618bc23fbaccb0a18853186f9155d the _virtclass-native override was dropped entirely which caused refpolicy-mls do_install failed: libsemanage.get_home_dirs: Error while fetching users. Returning list so far. libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned error code 1. (No such file or directory). Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* selinux-python: refresh patches to fix QA warningYi Zhao2018-08-133-24/+26
| | | | | | | Refresh patches with devtool command to fix do_patch warning Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* semodule-utils: resolve dependency error for semodule-utils when building SDKJoe MacDonald2018-08-131-0/+1
| | | | | | | | | | | | | Based on the discussion here: https://www.mail-archive.com/yocto@yoctoproject.org/msg40561.html This should fix the error encountered when building an SDK: nothing provides semodule-utils = 2.7-r0 needed by semodule-utils-dev-2.7-r0.core2-32 Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libsemanage: refresh patches to remove fuzzIoan-Adrian Ratiu2018-08-137-51/+54
| | | | | | | | | | | | | Recent versions of bitbake starting with sumo issue warnings if patches are applied with fuzz (in the future these will be errors). Regenerated patches using: devtool modify <recipe> devtool finish --force-patch-refresh <recipe> <layer_path> Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libselinux: refresh patches to remove fuzzIoan-Adrian Ratiu2018-08-135-37/+38
| | | | | | | | | | | | | Recent versions of bitbake starting with sumo issue a warning if patches are applied with any fuzz (in the future it will be an errer). Patches were regenerated using: devtool modify <recipe> devtool finish --force-patch-refresh <recipe> <layer_path> Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libsemanage-python: add runtime dependency on pythonJoe MacDonald2018-08-131-0/+4
| | | | | | | | Moving the python components to their own package removes a hard dependency on all of libsemanage but requires an explicit runtime dependency on python. Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libsemanage: lift dependency on python for the main packageJed2018-08-131-5/+3
| | | | | | | | Just moving the python script to the -python package. This allows using libsemanage without requiring python. Signed-off-by: Jed <jed.openxt@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* policycoreutils: remove oe_filter_outArmin Kuster2018-05-081-2/+2
| | | | | | | bb.data_smart.ExpansionError: Failure expanding variable WARN_QA[:=], expression was ${@oe_filter_out('unsafe-references-in-scripts', 'ldflags useless-rpaths rpaths staticdev libdir xorg-driver-abi textrel already-stripped incompatible-license files-invalid installed-vs-shipped compile-host-path install-host-path pn-overrides infodir build-deps unknown-configure-option symlink-to-sysroot multilib invalid-packageconfig host-user-contaminated uppercase-pn ', d)} which triggered exception NameError: name 'oe_filter_out' is not defined Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* libselinux: python-importlib is now part of python*-coreArmin Kuster2018-05-081-1/+1
| | | | | | | Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'restorecond', 'libselinux', 'python-importlib'] Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* policycoreutils: Update fixfilemgh/master-nextMark Hatle2017-09-142-1/+3
| | | | | | | | | | The functional call may not always work as specified, be sure to include the () to make sure the shell knows this is a function. Also add both findutils and grep as necessary for fixfiles to run properly in a minimal environment. Busybox is not adequate at this time. Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* selinux-python: add setools to RDEPENDSWenzong Fan2017-09-141-0/+1
| | | | | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* policycoreutils: fixes for 2.7 uprevWenzong Fan2017-09-134-37/+27
| | | | | | | | | | | | | | | | | Remove setools from DEPENDS/RDEPENDS, it was required by sepolicy, sepolgen, semanage which have been moved to python/*. Rebase patch: - policycoreutils-fixfiles-de-bashify.patch Drop useless patch: - policycoreutils-loadpolicy-symlink.patch Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Update policycoreutils_git.bb Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* selinux-gui: add package 2.7 (20170804)Wenzong Fan2017-09-133-7/+22
| | | | | | | Move policycoreutils/gui to gui and cleanup policycoreutils.inc. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* selinux-dbus: add package 2.7 (20170804)Wenzong Fan2017-09-132-0/+21
| | | | | | | Move policycoreutils/sepolicy/dbus to dbus. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* semodule-utils: add package 2.7 (20170804)Wenzong Fan2017-09-133-12/+35
| | | | | | | | | | | | | Move policycoreutils/semodule_* to semodule-utils/*: - policycoreutils/semodule_deps -> semodule-utils/semodule_deps - policycoreutils/semodule_expand -> semodule-utils/semodule_expand - policycoreutils/semodule_link -> semodule-utils/semodule_link - policycoreutils/semodule_package -> semodule-utils/semodule_package * Cleanup policycoreutils.inc Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* selinux-python: add package 2.7 (20170804)Wenzong Fan2017-09-138-84/+115
| | | | | | | | | | | | | | | | | | | | | | | Move packages to python/*: - policycoreutils/semanage -> python/semanage - policycoreutils/audit2allow -> python/audit2allow - policycoreutils/sepolgen-ifgen -> python/audit2allow/sepolgen-ifgen - policycoreutils/sepolicy -> python/sepolicy - policycoreutils/scripts/chcat -> python/chcat - sepolgen -> python/sepolgen * Move and rebase patches: - policycoreutils-fix-TypeError-for-seobject.py.patch - policycoreutils-fix-sepolicy-install-path.patch - policycoreutils-process-ValueError-for-sepolicy-seobject.patch * Cleanup policycoreutils.inc and policycoreutils_2.7.bb Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Update policycoreutils_git.bb Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* selinux-sandbox: add package 2.7 (20170804)Wenzong Fan2017-09-134-23/+42
| | | | | | | | | | | | Move policycoreutils/sandbox to sandbox: * Move and rebase patch: - policycoreutils-sandbox-de-bashify.patch * Cleanup policycoreutils.inc Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* restorecond: add package 2.7 (20170804)Wenzong Fan2017-09-135-6/+39
| | | | | | | | | | | | | | | Move policycoreutils/restorecond to restorecond: * Move and rebase patch: - policycoreutils-make-O_CLOEXEC-optional.patch * Cleanup policycoreutils_2.7.bb. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Update policycoreutils_git.bb Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* mcstrans: add package 2.7 (20170804)Wenzong Fan2017-09-139-112/+88
| | | | | | | | | | | | | | | | | | | Move policycoreutils/mcstrans to mcstrans: * Move and rebase patches: - mcstrans-de-bashify.patch - 0001-mcstrans-fix-the-init-script.patch * Remove useless patch: - enable-mcstrans.patch * Cleanup policycoreutils_2.7.bb and policycoreutils.inc. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Update policycoreutils_git.bb Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* sepolgen: remove packageWenzong Fan2017-09-133-48/+0
| | | | | | | The package has been moved to selinux-python/sepolgen. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* policycoreutils: uprev to 2.7 (20170804)Wenzong Fan2017-09-133-30/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Uprev the recipe file as is. Some packages have been moved out from policycoreutils, they will be added as new packages and the policycoreutils.inc need to be cleaned up from later commits accordingly. Moved packages: From: To: - policycoreutils/gui gui - policycoreutils/mcstrans mcstrans - policycoreutils/restorecond restorecond - policycoreutils/sandbox sandbox - policycoreutils/sepolicy/dbus dbus - policycoreutils/semodule_deps semodule-utils/semodule_deps - policycoreutils/semodule_expand semodule-utils/semodule_expand - policycoreutils/semodule_link semodule-utils/semodule_link - policycoreutils/semodule_package semodule-utils/semodule_package - policycoreutils/semanage python/semanage - policycoreutils/audit2allow python/audit2allow - policycoreutils/sepolgen-ifgen python/audit2allow/sepolgen-ifgen - policycoreutils/sepolicy python/sepolicy - policycoreutils/scripts/chcat python/chcat Released package list refer to: https://github.com/SELinuxProject/selinux/wiki/Releases Cleanup the patch file that have been removed in 2.6: - policycoreutils-fts_flags-FTS_NOCHDIR.patch Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Update policycoreutils_git.bb Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* secilc: uprev to 2.7 (20170804)Wenzong Fan2017-09-132-7/+7
| | | | | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* checkpolicy: uprev to 2.7 (20170804)Wenzong Fan2017-09-135-57/+9
| | | | | | | | | | | | | | Remove patch that included by new version: - checkpolicy-Do-not-link-against-libfl.patch Specify LIBSEPOLA to fix build error: make[1]: *** No rule to make target `/usr/lib/libsepol.a' Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Update checkpolicy_git.bb Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* libsemanage: uprev to 2.7 (20170804)Wenzong Fan2017-09-1310-734/+46
| | | | | | | | | | | | | | | | | | | | | Remove patches that included by new version: - 0001-libsemanage-simplify-string-utilities-functions.patch - 0002-libsemanage-add-semanage_str_replace-utility-functio.patch - 0003-libsemanage-genhomedircon-drop-ustr-dependency.patch - 0004-libsemanage-remove-ustr-library-from-Makefiles-READM.patch - libsemanage-fix-path-len-limit.patch Rebase patch: - libsemanage-allow-to-disable-audit-support.patch Set PYCEXT and PYSITEDIR to generate the _semanage.so and install it to ${libdir}/python${PYTHON_BASEVERSION}/site-packages. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Update libsemanage_git to match. Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* libselinux: uprev to 2.7 (20170804)Wenzong Fan2017-09-133-6/+6
| | | | | | | | | | | | | | Specify LIBSEPOLA to fix build error: make[1]: *** No rule to make target `/usr/lib/libsepol.a', needed by `python-2.7audit2why.so'. Stop. Add python-importlib to RDEPENDS_${PN}-python. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Update libselinux_git.bb Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* libsepol: uprev to 2.7 (20170804)Wenzong Fan2017-09-133-11/+10
| | | | | | | | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Update libsepol_git.bb Signed-off-by: Mark Hatle <mark.hatle@windriver.com>