| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
| |
With the virutal package there's no need for a separate recipe to build
the config. This can be generated and included as part of the policy
package.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This allows us to provide a default policy through the
PREFERRED_PROVIDER mechanism for each of the example distro configs.
Consumers of meta-selinux will be able to override this at the config
level instead of having to depend on a specific policy package. We do
lose the ability install more than one policy package but this falls
in line with the embedded nature of the project.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
| |
selinux upstream commits c7cf5d8aa061b9616bf9d5e91139ce4fb40f532c
and f77021d720f12767576c25d751c75cacd7478614
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
|
|
| |
selinux upstream commit 5a8d8c499b2ef80eaa7b5abe2ec68d7101e613bf
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
|
|
| |
These include files are no longer used by any .bb files.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
|
|
| |
SELinux Common Intermediate Language (CIL) policy compiler
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
| |
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
| |
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
| |
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
| |
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
| |
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
| |
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
| |
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
|
|
| |
libselinux 20160107 ships this change (git commit id 9df49888)
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
|
|
| |
ERROR: libsemanage-2.4-r0 do_populate_sysroot: QA Issue: libselinux.pc failed sanity test (tmpdir) in path /path/to/sysroot-destdir//usr/lib/pkgconfig [pkgconfig]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
|
|
| |
ERROR: libselinux-2.4-r0 do_populate_sysroot: QA Issue: libselinux.pc failed sanity test (tmpdir) in path /path/to/sysroot-destdir//usr/lib/pkgconfig [pkgconfig]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
|
|
| |
ERROR: libsepol-2.4-r0 do_populate_sysroot: QA Issue: libsepol.pc failed sanity test (tmpdir) in path /path/to//sysroot-destdir//usr/lib/pkgconfig [pkgconfig]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
|
|
|
| |
Fixup DESCRIPTION in old selinux-init recipe.
Exclude this autorelabel script from the minimal packagegroup.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
| |
Remove selinux-init package from packagegroup-selinux-minimal.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
| |
This will be useful when we have other init scripts.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
| |
Add runtime dependencies for init script.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
| |
Fixed when build libsepol-native:
/bin/sh: 1: flex: not found
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This integrates the new hll tool for compiling pp files into cil.
The hack to stage pp into the sysroot is a bit weird but the libexec
dir seems to be something bitbake doesn't account for.
Had to pull one patch from upstream to build the MLS policy. This fixes
an error where the auditadm_r and secadm_r roles end up defined twice in
the CIL.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
| |
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
| |
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
| |
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
| |
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
| |
Note the change in the URL from the last release. We were pulling source
tarballs generated by GitHub as part of its reponse to the addition of
tags. The SELinux project maintains their own releases on the wiki at:
https://github.com/SELinuxProject/selinux/wiki/Releases
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The SRC_URI used for the last SELinux userspace upgrade was the
wrong one. We were using the URI generated by GitHub when tags are
added to a repo. These are not the SELinux release tarballs.
The SELinux project generates and releases tarballs for each tool
and posts them to their GitHub wiki 'Releases' page:
https://github.com/SELinuxProject/selinux/wiki/Releases. This patch
fixes this URI, fixes the SELINUX_RELEASE variable that didn't get
updated during the last upgrade, removes the workaround for the 'S'
variable and fixes up the SRC_URI hashes.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The selinux.py will be installed as selinux/__init__.py, just make sure
it has been generated completely while starting "make install-pywrap".
This fixes below errors that caused by an empty "selinux/__init__.py"
on target:
$ /usr/sbin/semanage -h
Traceback (most recent call last):
File "/usr/sbin/semanage", line 30, in <module>
import seobject
File "/usr/lib64/python2.7/site-packages/seobject.py", line 27, in <module>
import sepolicy
File "/usr/lib64/python2.7/site-packages/sepolicy/__init__.py", line 226, in <module>
def get_file_equiv_modified(fc_path = selinux.selinux_file_context_path()):
AttributeError: 'module' object has no attribute 'selinux_file_context_path'
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
| |
Make DEFAULT_POLICY and DEFAULT_ENFORCING configurations more flexible.
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
| |
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
| |
This dir is required for running command:
$ semanage permissive [OPTS]
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
| |
There were no apparent bashisms in mcstrans.init, so remove the dependency
on bash.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
| |
mcstransd is a daemon to translate SELinux MCS/MLS sensitivity labels,
policycoreutils includes mcstransd whose version is newer than that
from http://mcstrans.sourcearchive.com/
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
| |
Fix the warning reporing that ${S} directory does not exist by pointing
S to ${WORKDIR}.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
| |
Move the 'enforcing' setting to the DEFAULT_ENFORCING variable to allow
one to override that setting in a bbappend file.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
| |
Both the fixfiles and sandbox utilities had dependencies on bash when they
didn't really need to. Update sandbox and patch fixfiles. ifgen is
python script, so ensure that python is listed as a runtime dependency.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
selinux-init.sh updated to reboot system
normally to fix the labelling during systemd
execution. Due to force reboot labelling won't
be proper and system continuously reboot to
label it like first time boot.
Signed-off-by: Shrikant Bobade <Shrikant_Bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
| |
An updated version of the patch to drop linking against libfl was
required.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
| |
Update to the latest stable release, 20140506.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Based on oe-core commit:
commit 1528e596d4906c33e4be83fcf691cfe76d340ff3
Author: Otavio Salvador <otavio@ossystems.com.br>
Date: Thu Apr 24 15:59:20 2014 -0300
Globally replace 'base_contains' calls with 'bb.utils.contains'
The base_contains is kept as a compatibility method and we ought to not
use it in OE-Core so we can remove it from base metadata in future.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
| |
Trac has been turned off on OSS. Update all SRC_URI links for the
userspace components to point at the github project releases. The github
releases also have a slightly different directory structure in the
tarballs, requiring an update of the checksums as well.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
| |
Bump up PR and remove PRINC. Set it to something suitably large that it's
unlikely to break anyone's package feed and so that it shows it's clearly
an exception case. Obviously this is just a staging activity until the
next update when we don't include anything of the sort.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
|
| |
Bump up PR and remove PRINC. Set it to something suitably large that it's
unlikely to break anyone's package feed and so that it shows it's clearly
an exception case. Obviously this is just a staging activity until the
next update when we don't include anything of the sort.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
|
| |
Bump up PR and remove PRINC. Set it to something suitably large that it's
unlikely to break anyone's package feed and so that it shows it's clearly
an exception case. Obviously this is just a staging activity until the
next update when we don't include anything of the sort.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
|
| |
Bump up PR and remove PRINC. Set it to something suitably large that it's
unlikely to break anyone's package feed and so that it shows it's clearly
an exception case. Obviously this is just a staging activity until the
next update when we don't include anything of the sort.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
|
| |
Bump up PR and remove PRINC. Set it to something suitably large that it's
unlikely to break anyone's package feed and so that it shows it's clearly
an exception case. Obviously this is just a staging activity until the
next update when we don't include anything of the sort.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
|
| |
Bump up PR and remove PRINC. Set it to something suitably large that it's
unlikely to break anyone's package feed and so that it shows it's clearly
an exception case. Obviously this is just a staging activity until the
next update when we don't include anything of the sort.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
| |
For small policy modules it's not necessary to walk the hierarchy on load.
On embedded devices that are low-powered or resource-constrained disabling
the hierarchy processing can make the difference between seconds and
(many) minutes of load time (or being able to load the policy at all).
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
