| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
CQID: WIND00399962
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
| |
audit admin tools and daemons should install to base_sbindir, so
they can get correct security labels after selinux restorecon
command.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
| |
Add user_tty_device_t as a customizable_type, so that restorecon -R
/dev will not complain about it or modify the security labels.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
| |
- /etc -> ${sysconfdir}
- /usr/share -> ${datadir}
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
| |
CQID: WIND00397456
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Create include files for selinux userspace packages:
* checkpolicy.inc
* libselinux.inc
* libsemanage.inc
* libsepol.inc
* policycoreutils.inc
* sepolgen.inc
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
| |
Fix the hard-coded security type for /dev/null and /dev/console.
Check rootfs if support xattrs before do relabel.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
| |
et, gl, and id .po files contained no translations. This can cause
build errors. Delete those puppies.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This script will be installed as 0selinux-init, in runlevel S and
sequence number 0. It will start before any other init script.
* relabel /dev for restorecon/fixfiles running
* rebuild policy and relabel the rootfs if /.autorelabel placed.
* relabel the rootfs if it is first booting.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
| |
oe-core has changed task-* recipes to packagegroup-*, so we should
follow this.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
| |
Also fix missing RDEPENDS for setools-*
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Patches are migrated or droped for new version.
* poky-fc-etc_init.d.patch: droped because file_contexts.subs_dist
is defined to instead.
* fix-mount-to-write-mountpoints-dirs.patch: droped because the
rules is not needed now.
* poky-fc-update-alternatives_sysvinit.patch: migrated.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
| |
libcap-ng need native python while do_configure, and native swig
while do_compile, so add them.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fixfiles in /sbin would run some /usr/bin binaries to cause these
QA warnings.
WARNING: Shell scripts in base_bindir and base_sbindir should not
reference anything in exec_prefix
Since fixfiles is installed into /sbin in most Linux distros,
changing this path may cause runtime errors for some hard coded
binaries.
So, disable unsafe-references-in-scripts QA checkes.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Rename two packages and change files in them.
* audit-libs -> audit : main package, for libraries
* audit -> auditd : for daemon binaries
Libraries are changed to install into ${base_libdir}.
The two fixes are used to fix QA issues and fit the Debian policy.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
| |
The "Public Domain" license now has a common license file placed
as PD in Poky/oe-core, so fix this.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
| |
With new changes in oe-core, recipes which need python-native
should "inherit pythonnative".
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
| |
If no pam DISTRO_FEATURE, policycoreutils should not build with
libpam headers and libraries.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
| |
With new changes in oe-core, recipes which need python-native
should "inherit pythonnative".
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
eglibc-2.16 splits enum __socket_type from bits/socket.h to
bits/socket_type.h, so old eglibc does not have bits/socket_type.h
We should copy it only if it exists.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
EXTRA_DEPENDS is still not null while building native packages,
this will add useless depends for libcap-ng&libcgroup&pam and
cause build errors.
So rewrite these DEPENDS.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
Fix these warnings:
===================
WARNING: Variable get_git_policyconfigarch contains tabs, please remove
these(....)
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
| |
We have copied some target kernel headers in 72fb6da. We may get
build failures because of missing bits/socket_type.h on some hosts,
so add it.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
| |
Remove -Wno-error=format-security from CFLAGS. and add a patch
so we can build policycoreutils if -Werror=format-security
enabled.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
| |
*** Error: Package name contains illegal characters, (other than [a-z0-9.+-])
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Just like audit_2.1.3.bb.
The executables in lib/, which are named as gen_*_h, will run on
the hosts to create *_tables.h/*tabs.h header files for the
targets.
In some old hosts, build will fail because .h files in the old
linux-libc-headers (<= 2.6.29) has incomplete DEFINE lists for
the audit system.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The recipe is derived from 2.1.3 with some changes made.
1. configuration files are updated to look for sbin binaries in /usr/sbin
2. a init.d file was derived from Debian to work with busybox's start-stop-daemon
3. the plugin package contents was fine tuned as some of the files from 2.1.3 were required
to let audit run.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
| |
Now, the default policy is "mls".
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
See Yocto Project bugzilla:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=2530
This is a temporary workaround to the parsing issue.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The executables in lib/, which are named as gen_*_h, will run on
the hosts to create *_tables.h/*tabs.h header files for the
targets.
In some old hosts, build will fail because audit.h in the old
linux-libc-headers (<= 2.6.29) has a incomplete netlink message
list for the audit system.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
| |
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libselinux was attempting to ensure ARCH was set to i386 for any i*86
platform. Replaced the existing code with a simpler construct that
accomplishes the same goal.
A similar anonymous python block was being used in policycoreutils to
identify an optional dependency on libcap-ng and libcgroup. Also replaced
with a simpler construct. The newest policycoreutils depends on them both
anyway in the current configuration.
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
Added _git versions.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
