summaryrefslogtreecommitdiffstats
path: root/recipes-security/selinux
Commit message (Collapse)AuthorAgeFilesLines
...
* selinux-dbus: upgrade 3.3 -> 3.4Yi Zhao2022-08-281-1/+1
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-python: upgrade 3.3 -> 3.4Yi Zhao2022-08-283-27/+201
| | | | | | | | * Backport a patch to fix chcat runtime error. * Refresh patch. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* restorecond: upgrade 3.3 -> 3.4Yi Zhao2022-08-281-3/+3
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* mcstrans: upgrade 3.3 -> 3.4Yi Zhao2022-08-283-11/+11
| | | | | | | Refresh patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* policycoreutils: upgrade 3.3 -> 3.4Yi Zhao2022-08-282-43/+43
| | | | | | | Refresh patch. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* secilc: upgrade 3.3 -> 3.4Yi Zhao2022-08-281-2/+2
| | | | | | | Use precise license BSD-2-Clause instead of license BSD. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* checkpolicy: upgrade 3.3 -> 3.4Yi Zhao2022-08-281-4/+1
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libsemanage: upgrade 3.3 -> 3.4Yi Zhao2022-08-284-17/+18
| | | | | | | Refresh patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux-python: upgrade 3.3 -> 3.4Yi Zhao2022-08-283-14/+15
| | | | | | | | * Use libpcre2 instead of libpcre. * Refresh patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux: upgrade 3.3 -> 3.4Yi Zhao2022-08-281-4/+3
| | | | | | | Use libpcre2 instead of libpcre. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libsepol: upgrade 3.3 -> 3.4Yi Zhao2022-08-281-5/+1
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux: upgrade 3.3 -> 3.4Yi Zhao2022-08-281-1/+1
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-python: add RDEPENDES on python3-multiprocessingYi Zhao2022-05-161-0/+1
| | | | | | | | | | | | | | Add RDEPENDS on python3-multiprocessing for selinux-python-sepolicy to fix runtime error: $ sepolicy Traceback (most recent call last): File "/usr/bin/sepolicy", line 28, in <module> from multiprocessing import Pool ModuleNotFoundError: No module named 'multiprocessing' Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* LICENSE: update to SPDX standard namesJoe Slater2022-04-196-6/+6
| | | | | | | Use convert-spdx-licenses.py to update LICENSE names in recipes. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* meta-selinux: Use SPDX style licensing formatAshish Sharma2022-04-195-5/+5
| | | | | | | | | | | | | | | | | WARNING: checkpolicy-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: setools-4.4.0-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 LGPLv2.1 [obsolete-license] \ WARNING: policycoreutils-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: refpolicy-standard-2.20210908+gitAUTOINC+23a8d103f3-r0.2 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ WARNING: selinux-python-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: ecryptfs-utils-111-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPL-2.0 [obsolete-license] \ WARNING: nikto-2.1.6-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ WARNING: bastille-3.2.1-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ WARNING: suricata-6.0.4-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ WARNING: samhain-server-4.4.6-r0.7 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ ... Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux: upgrade 3.2 -> 3.3Yi Zhao2021-12-0819-324/+1
| | | | | | | Drop backport CVE patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux: move selinux scripts to selinux-scriptsYi Zhao2021-12-0811-246/+0
| | | | | | | | | There are too many recipes in recipes-security/selinux. Keep the selinux userspace recipes and move selinux scripts to selinux-scripts directory to make the directory hierarchy clearer. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-python: add RDEPENDES on audit-pythonYi Zhao2021-12-081-0/+1
| | | | | | | | | | | | | | | | | | | | | | | Add RDEPENDS on audit-python for selinux-python-semanage. Fixes: $ semanage fcontext -a -t user_home_t "/web(/.*)?" Traceback (most recent call last): File "/usr/sbin/semanage", line 975, in <module> do_parser() File "/usr/sbin/semanage", line 947, in do_parser args.func(args) File "/usr/sbin/semanage", line 329, in handleFcontext OBJECT.add(args.file_spec, args.type, args.ftype, args.range, args.seuser) File "/usr/lib/python3.9/site-packages/seobject.py", line 2485, in add self.__add(target, type, ftype, serange, seuser) File "/usr/lib/python3.9/site-packages/seobject.py", line 2481, in __add self.mylog.log_change("resrc=fcontext op=add %s ftype=%s tcontext=%s:%s:%s:%s" % (audit.audit_encode_nv_string("tglob", target, 0), ftype_to_audit[ftype],) NameError: name 'audit' is not defined Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux: inherit pkgconfigJoe MacDonald2021-11-232-2/+2
| | | | | | Ensure the correct build options are passed during builds. Signed-off-by: Joe MacDonald <joe@deserted.net>
* recipes: update SRC_URI branch and protocolsYi Zhao2021-11-221-1/+1
| | | | | | | | Update SRC_URIs using git to include branch=master if no branch is set and also to use protocol=https for github urls. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libsepol: Security fix for CVE-2021-36086Yi Zhao2021-09-292-1/+48
| | | | | | | | | | | | | | | CVE-2021-36086: The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list). Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-36086 Patch from: https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* secilc: Security fix for CVE-2021-36087Armin Kuster2021-09-162-0/+136
| | | | | | | | | | | | | | Source: https://github.com/SELinuxProject/selinux MR: 111869 Type: Security Fix Disposition: Backport from https://github.com/SELinuxProject/selinux/commit/bad0a746e9f4cf260dedba5828d9645d50176aac ChangeID: b282a68f76e509f548fe6ce46349af56d09481c6 Description: Affects: secilc <= 3.2 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libsepol: Security fix CVE-2021-36085Armin Kuster2021-09-162-1/+40
| | | | | | | | | | | | | | Source: https://github.com/SELinuxProject/selinux/ MR: 111857 Type: Security Fix Disposition: Backport from https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba ChangeID: e50ae65189351ee618db2b278ba7105a5728e4c4 Description: Affects: libsepol <= 3.2 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libsepol: Security fix CVE-2021-36084Armin Kuster2021-09-162-0/+101
| | | | | | | | | | | | | | Source: https://github.com/SELinuxProject/selinux MR: 111851 Type: Security Fix Disposition: Backport from https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3 ChangeID: 7fae27568e26ccbb18be3d2a1ce7332d42706f18 Description: Affects: libsepol < 3.2 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* meta-selinux: convert to new override syntaxYi Zhao2021-08-0416-87/+87
| | | | | | | | | | This is the result of automated script conversion: poky/scripts/contrib/convert-overrides.py meta-selinux Converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* semodule-utils: update to 3.2Yi Zhao2021-03-172-8/+6
| | | | | | | Merge inc file into bb file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-sandbox: update to 3.2Yi Zhao2021-03-172-10/+6
| | | | | | | Merge inc file into bb file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-gui: update to 3.2Yi Zhao2021-03-172-8/+5
| | | | | | | Merge inc file into bb file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-dbus: update to 3.2Yi Zhao2021-03-172-8/+5
| | | | | | | Merge inc file into bb file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-python: update to 3.2Yi Zhao2021-03-172-15/+12
| | | | | | | Merge inc file into bb file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* restorecond: update to 3.2Yi Zhao2021-03-173-58/+4
| | | | | | | | | * Merge inc file into bb file. * Drop obsolete patches: policycoreutils-make-O_CLOEXEC-optional.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* mcstrans: update to 3.2Yi Zhao2021-03-172-11/+9
| | | | | | | Merge inc file into bb file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* policycoreutils: update to 3.2Yi Zhao2021-03-172-77/+75
| | | | | | | Merge inc file into bb file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* secilc: update to 3.2Yi Zhao2021-03-172-8/+5
| | | | | | | Merge inc file into bb file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* checkpolicy: update to 3.2Yi Zhao2021-03-172-10/+7
| | | | | | | Merge inc file into bb file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libsemanage: update to 3.2Yi Zhao2021-03-173-58/+18
| | | | | | | | | * Merge inc file into bb file. * Drop obsolete patches: libsemanage-define-FD_CLOEXEC-as-necessary.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux-python: update to 3.2Yi Zhao2021-03-172-34/+17
| | | | | | | Merge inc file into bb file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux: update to 3.2Yi Zhao2021-03-176-235/+6
| | | | | | | | | | | | * Merge inc file into bb file. * Drop obsolete patches: 0001-libselinux-do-not-define-gettid-for-musl.patch libselinux-define-FD_CLOEXEC-as-necessary.patch libselinux-make-O_CLOEXEC-optional.patch libselinux-make-SOCK_CLOEXEC-optional.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libsepol: update to 3.2Yi Zhao2021-03-172-8/+5
| | | | | | | Merge inc file into bb file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux: update inc file to 3.2Yi Zhao2021-03-172-13/+10
| | | | | | | | | | | | * Drop selinux_DATE.inc since upstream now uses X.Y version instead of date for release tag[1]. Move its content to selinux_common.inc. * Switch to git repo in SRC_URI, then all selinux recipes can use unified source. [1] https://github.com/SELinuxProject/selinux/commit/f63ac245f7addf832e8cde3cc4f26607b738994d Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux-python: Fix build error due to missing target configAnatol Belski2021-03-091-0/+2
| | | | | | | | | | | | This fixes the error below: gcc: error: unrecognized command line option ‘-fmacro-prefix-map=/path/to/build/libselinux-python/3.0-r0=/usr/src/debug/libselinux-python/3.0-r0’ Without inheriting the config, supposedly a wrong compiler is used. Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-python: depend on libselinuxYi Zhao2021-03-031-1/+1
| | | | | | | | | | | Fix build error when selinux feature is not enabled: sepolgen-ifgen-attr-helper.c:29:10: fatal error: selinux/selinux.h: No such file or directory 29 | #include <selinux/selinux.h> | ^~~~~~~~~~~~~~~~~~~ Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* policycoreutils: Improve reproducibilityOleksiy Obitotskyy2021-03-031-1/+1
| | | | | | | | | | | | | | | | LOCALEDIR should be set to target path, e.g. /usr/share/locale not host absolute path. This prevent to build reproducible package. LOCALEDIR constructed from: $(DESTDIR)$(PREFIX)/share/locale Change PREFIX from ${D} to ${prefix}. DESTDIR is not set during compilation and is set to proper value during install. Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* semodule-utils: upgrade to 3.1 (20200710)Yi Zhao2021-01-142-7/+7
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-gui: upgrade to 3.1 (20200710)Yi Zhao2021-01-142-7/+7
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-sandbox: upgrade to 3.1 (20200710)Yi Zhao2021-01-142-7/+7
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-dbus: upgrade to 3.1 (20200710)Yi Zhao2021-01-142-7/+7
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-python: upgrade to 3.1 (20200710)Yi Zhao2021-01-143-13/+13
| | | | | | | | Refresh patch: fix-sepolicy-install-path.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* restorecond: upgrade to 3.1 (20200710)Yi Zhao2021-01-143-8/+20
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* mcstrans: upgrade to 3.1 (20200710)Yi Zhao2021-01-143-9/+11
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>