summaryrefslogtreecommitdiffstats
path: root/recipes-security
Commit message (Collapse)AuthorAgeFilesLines
* libselinux-python: Add native supportscarthgapPoonam Jadhav10 days1-0/+2
| | | | | | | | | | | | Add native support for libselinux-python to fix build error for setools-native ERROR: Nothing RPROVIDES 'libselinux-python-native' (but virtual:native: meta-selinux/recipes-security/setools/setools_4.5.1.bb RDEPENDS on or otherwise requires it) Signed-off-by: Poonam Jadhav <poonam.jadhav@kpit.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* setools: Add native supportPoonam Jadhav10 days1-0/+2
| | | | | | | | Enable using setools native for analyzing the built SELinux policy during the build. Signed-off-by: Poonam Jadhav <poonam.jadhav@kpit.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* refpolicy: oddjob - allow oddjob_mkhomedir_t privfd:fd useClayton Casciato2025-05-022-0/+63
| | | | | Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* refpolicy: refresh patchYi Zhao2025-05-011-6/+6
| | | | | | Refresh 0001-refpolicy-minimum-make-sysadmin-module-optional.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* refpolicy: locallogin - allow sulogin_t user_tty_device_t rwClayton Casciato2025-05-012-0/+80
| | | | | Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* refpolicy: locallogin - allow sulogin_t unconfined domtransClayton Casciato2025-04-102-0/+82
| | | | | Signed-off-by: Clayton Casciato <majortomtosourecontrol@gmail.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* refpolicy: locallogin - dontaudit sulogin_t checkpoint_restoreClayton Casciato2025-04-092-0/+54
| | | | | Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* refpolicy: files, init - filetrans /run/machine-id etc_runtime_tClayton Casciato2025-04-082-0/+110
| | | | | Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* refpolicy: firewalld - fix firewalld_t firewalld_tmpfs_t execClayton Casciato2025-04-072-0/+50
| | | | | Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* refpolicy: firewalld - fix lib_t Python cache denial auditingClayton Casciato2025-04-062-0/+123
| | | | | Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* refpolicy: unconfined - fix oddjob security_compute_sidClayton Casciato2025-04-052-0/+59
| | | | | Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* refpolicy: chronyd - fix dac_read_search denialsClayton Casciato2025-04-042-0/+59
| | | | Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
* refpolicy: authlogin - allow unix_chkpwd to runClayton Casciato2025-03-162-0/+30
| | | | | Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* selinux: Mark CVE-2020-10751 as PatchedMadhu Marri2025-03-071-0/+2
| | | | | | | | | | | | | | | | | | | Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2020-10751 Type: Security Advisory CVE: CVE-2020-10751 Score: 6.1 Patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ff Analysis: - This is a selinux cve which is addressed in kernel. - The fix is available at [1]. - Hence, marking the CVE as patched. Reference: [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ff Signed-off-by: Madhu Marri <madmarri@cisco.com> Signed-off-by: Joe MacDonald <joe.macdonald@siemens.com>
* selinux: upgrade to core 3.7 and setools to 4.5.1Joe MacDonald2024-12-1016-3/+3
| | | | | | | | | | | | | These two patches: https://lists.yoctoproject.org/g/yocto-patches/message/392 https://lists.yoctoproject.org/g/yocto-patches/message/393 were missed earlier this year but we definitely want these updates. Recreating them manually since I'm unable to find the original patches anywhere. Signed-off-by: Joe MacDonald <joe.macdonald@siemens.com>
* selinux-python: fix sepolicy runtime errorYi Zhao2024-10-102-0/+62
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For some distributions (e.g. Yocto) that do not provide system-release/distribution-release file, libdnf can not get releasever variable, causing conf.substitutions['releasever'] to not be set. This will cause 'sepolicy generate' command to fail with the following error on these distributions: $ sepolicy generate --init /usr/local/bin/foo Traceback (most recent call last): File "/usr/bin/sepolicy", line 702, in <module> args.func(args) File "/usr/bin/sepolicy", line 569, in generate mypolicy.gen_writeable() File "/usr/lib/python3.12/site-packages/sepolicy/generate.py", line 1302, in gen_writeable self.__extract_rpms() File "/usr/lib/python3.12/site-packages/sepolicy/generate.py", line 1268, in __extract_rpms base.read_all_repos() File "/usr/lib/python3.12/site-packages/dnf/base.py", line 554, in read_all_repos for repo in reader: ^^^^^^ File "/usr/lib/python3.12/site-packages/dnf/conf/read.py", line 42, in __iter__ for r in self._get_repos(self.conf.config_file_path): ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.12/site-packages/dnf/conf/read.py", line 109, in _get_repos parser.setSubstitutions(substs) File "/usr/lib/python3.12/site-packages/libdnf/conf.py", line 1643, in setSubstitutions return _conf.ConfigParser_setSubstitutions(self, substitutions) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ TypeError: in method 'ConfigParser_setSubstitutions', argument 2 of type 'std::map< std::string,std::string,std::less< std::string >,std::allocator< std::pair< std::string const,std::string > > > const &' Set conf.substitutions['releasever'] to empty str if releasever is None. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe.macdonald@siemens.com>
* refpolicy: update to latest git revYi Zhao2024-07-246-82/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * a6cf20736 filesystem, devices: move gadgetfs to usbfs_t * 75492f95f systemd: make xdg optional * 097d688ff sshd: label sshd-session as sshd_exec_t * b57b6005c Setting bluetooth helper domain for bluetoothctl * 30f451d6a Adding Sepolicy rules to allow pulseaudio to access bluetooth sockets. * 7037c341f systemd: allow logind to use locallogin pidfds * 5f7f494d1 userdomain: allow administrative user to get attributes of shadow history file * 0126cb1e6 node_exporter: allow reading RPC sysctls * 9c90f9f7d asterisk: allow reading certbot lib * bfcaec9ba postfix: allow postfix pipe to watch mail spool * 06a80c3d8 netutils: allow ping to read net sysctls * 2e0509c9e node_exporter: allow reading localization * 50a8cddd1 container: allow containers to execute tmpfs files * 09a747a16 sysadm: make haproxy admin * c8c3ae2cb haproxy: initial policy * 4e97f87ce init: use pidfds from local login * 7fd9032d8 dbus, init: add interface for pidfd usage * a6d6921a9 asterisk: allow watching spool dirs * 72c1d912f su, sudo: allow sudo to signal all su domains * 8b3178248 sudo: allow systemd-logind to read cgroup state of sudo * 871f0b0dd postfix: allow smtpd to mmap SASL keytab files * 578375480 sysnetwork: allow ifconfig to read usr files * 6916e9b20 systemd: allow systemd-logind to use sshd pidfds * 96ebb7c4e Reorder perms and classes * cb68df087 tests.yml: Add policy diff on PRs. * 99258825c tests.yml: Divide into reusable workflows. * 1e4b68930 Reorder perms and classes Drop 0002-refpolicy-minimum-make-xdg-module-optional.patch and 0040-policy-modules-system-systemd-allow-systemd-logind-t.patch which have been merged upstream. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe.macdonald@siemens.com>
* packagegroup-selinux-minimal: add missing runtime dependency selinux-autorelabelYi Zhao2024-06-261-0/+1
| | | | | | | | Add selinux-autorelabel to reset the SELinux label on the root filesystem at boot time. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe.macdonald@siemens.com>
* refpolicy: fixes for auditctl and rsyslogYi Zhao2024-06-193-6/+53
| | | | | | | | * Allow auditctl to read symlink of var/log directory. * Grant getpcap capability to syslogd_t. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe.macdonald@siemens.com>
* refpolicy: update to latest git revYi Zhao2024-06-193-11/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2102055d4 devices: Change dev_rw_uhid() to use a policy pattern * 1cbe455a5 device: Move dev_rw_uhid definition * 7a33b4bc8 Sepolicy changes for bluez to access uhid * c6dd4087d selinuxutil: make policykit optional * 10feb47e5 newrole: allow newrole to search faillock runtime directory * bf34d3e5e sysnetwork: fixes for dhcpcd * 4663e613f Adding Sepolicy rules to allow bluetoothctl and dbus-daemon to access unix stream sockets * 27602a932 various: various fixes * 63d50bbaa container, crio, kubernetes: minor fixes * 11e729e27 container, podman: various fixes * ef5954a0e systemd: allow systemd-sysctl to search tmpfs * 472e0442e container: allow containers to getcap * 7876e5151 container: allow system container engines to mmap runtime files * d917092a8 matrixd: add tunable for binding to all unreserved ports * 3dba91dd4 bootloader: allow systemd-boot to manage EFI binaries * ddf395d5d asterisk: allow binding to all unreserved UDP ports * 3bad3696b postgres: add a standalone execmem tunable * ef28f7879 userdom: allow users to read user home dir symlinks * 03711caea dovecot: allow dovecot-auth to read SASL keytab * cd781e783 fail2ban: allow reading net sysctls * ddc6ac493 init: allow systemd to use sshd pidfds * b9c457d80 files context for merged-usr profile on gentoo * 5040dd3b6 Need map perm for cockpit 300.4 * 2ef9838db tests.yml: Add sechecker testing * c62bd5c6c cockpit: Change $1_cockpit_tmpfs_t to a tmpfs file type * 1c694125b certbot: Drop execmem * 349411d55 xen: Drop xend/xm stack * 2a261f916 Allow systemd to pass down sig mask * 2577feb83 cups: Remove PTAL * 5b02b44e5 xen: Revoke kernel module loading permissions * 1c20c002c minissdpd: Revoke kernel module loading permissions * 5671390e2 docker: Fix dockerc typo in container_engine_executable_file * e1bc4830d cron: Use raw entrypoint rule for system_cronjob_t * 0f71792c8 uml: Remove excessive access from user domains on uml_exec_t * 511223e2d Set the type on /etc/machine-info to net_conf_t so hostnamectl can manipulate it (CRUD) * 72fc1b2a3 fix: minor correction in MCS_CATS range comment * cbf56c8ae systemd: allow notify client to stat socket Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe.macdonald@siemens.com>
* refpolicy: update to latest git revYi Zhao2024-04-201-1/+1
| | | | | | | | | | * 0aff1990e quote: read localization * ab13c0421 getty: grant checkpoint_restore * 3643773ae Update SOS report to work on RHEL9 * 523b279bd Setup domain for dbus selinux interface Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe.macdonald@siemens.com>
* refpolicy: upgrade 20231002+git -> 20240226+gitYi Zhao2024-03-1261-140/+179
| | | | | | | | | | | | | | | | | | | | | ChangeLog: https://github.com/SELinuxProject/refpolicy/blob/main/Changelog Notable Changes: Many systemd updates up to v255 RPM and dnf fixes Tighten private key handling for Apache Many container and kubernetes improvements Add support for Cilium Update object class definitions up to io_uring:cmd Add additional rules to cloud-init based on sysadm_t * Update to latest git rev. * Refresh patches. * Add a patch to fix reboot timeout error. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: drop ${SRCPV} usageYi Zhao2024-02-281-1/+1
| | | | | | | | | Drop SRCPV as this variable is no longer needed in PV[1]. [1] https://git.openembedded.org/openembedded-core/commit/?id=a8e7b0f932b9ea69b3a218fca18041676c65aba0 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: update to latest git revYi Zhao2024-02-273-11/+11
| | | | | | | Update to latest rev to fix policy for systemd 255. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux-python: add recipeYi Zhao2024-01-242-29/+59
| | | | | | | | | | | | | | | | | | | We merged libselinux recipe and libselinux-python recipe in commit[1] because we thought the circular dependency was gone. But unfortunately, it still exists. Here are the steps to reproduce: $ echo "DISTRO_FEATURES:append = \" x11\"" >> conf/local.conf $ echo "PACKAGECONFIG:append:pn-python3 = \" tk\"" >> conf/local.conf $ bitbake core-image-selinux -n So we still need to split the libselinux recipe into two recipes: libselinux and libselinux-python. [1] https://git.yoctoproject.org/meta-selinux/commit/?id=62b9c816a5000dc01b28e78213bde26b58cbca9d Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* setools: upgrade 4.4.3 -> 4.4.4Yi Zhao2023-12-182-5/+5
| | | | | | | | | | ChangeLog: https://github.com/SELinuxProject/setools/releases/tag/4.4.4 * Refresh local patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* semodule-utils: upgrade 3.5 -> 3.6Yi Zhao2023-12-181-0/+0
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-sandbox: upgrade 3.5 -> 3.6Yi Zhao2023-12-181-0/+0
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-gui: upgrade 3.5 -> 3.6Yi Zhao2023-12-181-0/+0
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-dbus: upgrade 3.5 -> 3.6Yi Zhao2023-12-181-0/+0
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-python: upgrade 3.5 -> 3.6Yi Zhao2023-12-182-2/+2
| | | | | | | * Refresh patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* restorecond: upgrade 3.5 -> 3.6Yi Zhao2023-12-181-0/+0
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* mcstrans: upgrade 3.5 -> 3.6Yi Zhao2023-12-181-0/+0
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* policycoreutils: upgrade 3.5 -> 3.6Yi Zhao2023-12-181-0/+0
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* secilc: upgrade 3.5 -> 3.6Yi Zhao2023-12-181-0/+0
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* checkpolicy: upgrade 3.5 -> 3.6Yi Zhao2023-12-181-0/+0
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libsemanage: upgrade 3.5 -> 3.6Yi Zhao2023-12-184-14/+14
| | | | | | | * Refresh patches Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux: upgrade 3.5 -> 3.6Yi Zhao2023-12-185-60/+32
| | | | | | | | | | | | | * Refresh patches. * Merge libselinux and libselinux-python. The previous libselinux recipe was split into libselinux and libselinux-python due to loop dependency[1]. Now this error is gone, we can merge these two recipes into one again. [1] https://git.yoctoproject.org/meta-selinux/commit/?id=7bb1507928f2e0f54ff8eac4135e15e821cdb1e2 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* PATCH 02/15] libsepol: upgrade 3.5 -> 3.6Yi Zhao2023-12-181-0/+0
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux: upgrade 3.5 -> 3.6Yi Zhao2023-12-181-2/+2
| | | | | | | | | | ChangeLog: https://github.com/SELinuxProject/selinux/releases/tag/3.6 * Switch branch to main Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: fix login errors after enabling systemd DynamicUserYi Zhao2023-12-142-0/+105
| | | | | | | | | | After oe-ocre commit ba3a78c0[1], domains using PAM need to read /etc/shadow. [1] https://git.openembedded.org/openembedded-core/commit/?id=ba3a78c08cb0ce08afde049610d3172b9e3b0695 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: update to latest git revYi Zhao2023-12-141-1/+1
| | | | | | | | | | | | | | | | | | | | | * 82b4448e1 Additional file context fix for: * 65eed16b5 policy/modules/services/smartmon.te: make fstools optional * 2e27be3c5 Let the certmonger module manage SSL Private Keys and CSR used for example by the HTTP and/or Mail Transport daemons. * 912d3a687 Let the webadm role manage Private Keys and CSR for SSL Certificates used by the HTTP daemon. * 5c9038ec9 Create new TLS Private Keys file contexts for the Apache HTTP server according to the default locations: * b38583a79 The LDAP server only needs to read generic certificate files, not manage them. * 100a853c0 rpm: fixes for dnf * 8839a7137 Modify the gpg module so that gpg and the gpg_agent can manage gpg_runtime_t socket files. * 780adb80a Simple patch for Brother printer drivers as described in: https://etbe.coker.com.au/2023/10/22/brother-mfc-j4440dw-printer/ Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-autorelabel: enable labeling during buildYi Zhao2023-10-121-3/+3
| | | | | | | | | | | | | Previously, system using systemd would label selinux contexts on first boot. While system using sysvinit would label during build. Add a variable FIRST_BOOT_RELABEL as a switch to control labeling to make the behavior of sysvinit and systemd consistent. Set FIRST_BOOT_RELABEL to 1 in local.conf to enable labeling on first boot. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* refpolicy: upgrade 20221101+git -> 20231002+gitYi Zhao2023-10-1261-317/+304
| | | | | | | | | | * Switch branch to main. * Update to latest git rev. * Drop obsolete and useless patches. * Refresh patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux-python: fix build with muslYi Zhao2023-09-051-0/+1
| | | | | | | | | | libselinux-python also requires the patch which provided by [1] to fix build with musl. [1] https://git.yoctoproject.org/meta-selinux/commit/?id=23d8e2d86317170c0a3c155640c71b83329ff726 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-python: add python3-distro and binutils to RDEPENDSYi Zhao2023-09-051-0/+2
| | | | | | | | | | | | | | | | | | | | | | Add python3-distro and binutils to RDEPENDS for sepolicy to fix runtime error: $ sepolicy -h Traceback (most recent call last): File "/usr/bin/sepolicy", line 690, in <module> gen_manpage_args(subparsers) File "/usr/bin/sepolicy", line 375, in gen_manpage_args man.add_argument("-o", "--os", dest="os", default=get_os_version(), File "/usr/lib/python3.11/site-packages/sepolicy/__init__.py", line 1245, in get_os_version import distro ModuleNotFoundError: No module named 'distro' $ sepolicy generate --init /usr/sbin/sshd /bin/sh: line 1: nm: command not found Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* setools: upgrade 4.4.2 -> 4.4.3Yi Zhao2023-08-081-1/+1
| | | | | | | | ChangeLog: https://github.com/SELinuxProject/setools/releases/tag/4.4.3 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* libselinux: fix compilation with muslRenato Caldas2023-07-312-0/+44
| | | | | Signed-off-by: Renato Caldas <renato@calgera.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux: Set CVE_PRODUCTmickledoreschitrod=cisco.com@lists.yoctoproject.org2023-05-311-0/+2
| | | | | | | | | | | | | | | | | | | | | | The CVE product name for selinux-* package is (usually) the selinux (and not our recipe name), so use selinux as the default. See also: http://lists.openembedded.org/pipermail/openembedded-core/2017-July/139897.html "Results from cve-check are not very good at the moment. One of the reasons for this is that component names used in CVE database differ from yocto recipe names. This series fixes several of those name mapping problems by setting the CVE_PRODUCT correctly in the recipes. To check this mapping with after a build, I'm exporting LICENSE and CVE_PRODUCT variables to buildhistory for recipes and packages." Value added is based on: https://nvd.nist.gov/vuln/search/results?results_type=overview&search_type=all&cpe_product=cpe%3A%2F%3Akernel%3Aselinux Signed-off-by: Sanjay Chitroda <schitrod@cisco.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* setools: upgrade 4.1 -> 4.2Yi Zhao2023-04-301-1/+1
| | | | | | | | ChangeLog: https://github.com/SELinuxProject/setools/releases/tag/4.4.2 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-23 05:14:56 +0000