Looks good to me.
Thanks,
Yi
On 3/22/24 23:54, Philip Lorenz wrote:
`PACKAGEBUILDPKGD` was dropped in Yocto 4.2 and
`PACKAGE_PREPROCESS_FUNCS` should be used instead. The only requirement
for wrapper creation is that it is executed before any of the
`update-alternatives` hooks are executed.
Signed-off-by: Yi Zhao
---
conf/layer.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/conf/layer.conf b/conf/layer.conf
index 0a0a6ab..4e04e5c 100644
--- a/conf/layer.conf
+++ b/conf/layer.conf
@@ -17,7 +17,7 @@ BBFILE_PRIORITY_selinux = "5"
# cause compatibil
to io_uring:cmd
Add additional rules to cloud-init based on sysadm_t
* Update to latest git rev.
* Refresh patches.
* Add a patch to fix reboot timeout error.
Signed-off-by: Yi Zhao
---
...tile-alias-common-var-volatile-paths.patch | 2 +-
...inimum-make-sysadmin-module-optional.patch | 6
Drop SRCPV as this variable is no longer needed in PV[1].
[1]
https://git.openembedded.org/openembedded-core/commit/?id=a8e7b0f932b9ea69b3a218fca18041676c65aba0
Signed-off-by: Yi Zhao
---
recipes-security/refpolicy/refpolicy_git.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff
PACKAGECONFIG:append:pn-python3 = \" tk\"" >> conf/local.conf
$ bitbake core-image-selinux -n
So we still need to split the libselinux recipe into two recipes:
libselinux and libselinux-python.
[1]
https://git.yoctoproject.org/meta-selinux/commit/?id=62b9c816a500
ChangeLog:
https://github.com/SELinuxProject/setools/releases/tag/4.4.4
* Refresh local patch
Signed-off-by: Yi Zhao
---
.../setools/setools4-fixes-for-cross-compiling.patch | 8
.../setools/{setools_4.4.3.bb => setools_4.4.4.bb}| 2 +-
2 files changed, 5 insertions(+)
Signed-off-by: Yi Zhao
---
.../selinux/{semodule-utils_3.5.bb => semodule-utils_3.6.bb} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename recipes-security/selinux/{semodule-utils_3.5.bb =>
semodule-utils_3.6.bb} (100%)
diff --git a/recipes-security/selinux/semodule-utils_
Signed-off-by: Yi Zhao
---
.../selinux/{selinux-sandbox_3.5.bb => selinux-sandbox_3.6.bb}| 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename recipes-security/selinux/{selinux-sandbox_3.5.bb =>
selinux-sandbox_3.6.bb} (100%)
diff --git a/recipes-security/selinux/selinux-sandb
Signed-off-by: Yi Zhao
---
.../selinux/{selinux-gui_3.5.bb => selinux-gui_3.6.bb}| 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename recipes-security/selinux/{selinux-gui_3.5.bb => selinux-gui_3.6.bb}
(100%)
diff --git a/recipes-security/selinux/selinux-gui_3.5
Signed-off-by: Yi Zhao
---
.../selinux/{selinux-dbus_3.5.bb => selinux-dbus_3.6.bb} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename recipes-security/selinux/{selinux-dbus_3.5.bb => selinux-dbus_3.6.bb}
(100%)
diff --git a/recipes-security/selinux/selinux-dbus_3.5
* Refresh patch
Signed-off-by: Yi Zhao
---
.../selinux/selinux-python/fix-sepolicy-install-path.patch| 4 ++--
.../selinux/{selinux-python_3.5.bb => selinux-python_3.6.bb} | 0
2 files changed, 2 insertions(+), 2 deletions(-)
rename recipes-security/selinux/{selinux-python_3.5
Signed-off-by: Yi Zhao
---
.../selinux/{restorecond_3.5.bb => restorecond_3.6.bb}| 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename recipes-security/selinux/{restorecond_3.5.bb => restorecond_3.6.bb}
(100%)
diff --git a/recipes-security/selinux/restorecond_3.5
Signed-off-by: Yi Zhao
---
recipes-security/selinux/{mcstrans_3.5.bb => mcstrans_3.6.bb} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename recipes-security/selinux/{mcstrans_3.5.bb => mcstrans_3.6.bb} (100%)
diff --git a/recipes-security/selinux/mcstrans_3.5.bb
b/recipes-se
Signed-off-by: Yi Zhao
---
.../selinux/{policycoreutils_3.5.bb => policycoreutils_3.6.bb}| 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename recipes-security/selinux/{policycoreutils_3.5.bb =>
policycoreutils_3.6.bb} (100%)
diff --git a/recipes-security/selinux/policycoreuti
Signed-off-by: Yi Zhao
---
recipes-security/selinux/{secilc_3.5.bb => secilc_3.6.bb} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename recipes-security/selinux/{secilc_3.5.bb => secilc_3.6.bb} (100%)
diff --git a/recipes-security/selinux/secilc_3.5.bb
b/recipes-security/s
Signed-off-by: Yi Zhao
---
.../selinux/{checkpolicy_3.5.bb => checkpolicy_3.6.bb}| 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename recipes-security/selinux/{checkpolicy_3.5.bb => checkpolicy_3.6.bb}
(100%)
diff --git a/recipes-security/selinux/checkpolicy_3.5
/?id=7bb1507928f2e0f54ff8eac4135e15e821cdb1e2
Signed-off-by: Yi Zhao
---
...hon-modules-install-path-for-multili.patch | 10 +++---
...T-and-rely-on-the-installed-file-nam.patch | 8 ++---
...re-drop-the-obsolete-LSF-transitiona.patch | 21 ++--
recipes-security/selinux/libselinux_3.5.bb
* Refresh patches
Signed-off-by: Yi Zhao
---
...anage-Fix-execve-segfaults-on-Ubuntu.patch | 4 ++--
...anage-allow-to-disable-audit-support.patch | 22 +--
...-disable-expand-check-on-policy-load.patch | 2 +-
...{libsemanage_3.5.bb => libsemanage_3.6.bb} | 0
4 fi
ChangeLog:
https://github.com/SELinuxProject/selinux/releases/tag/3.6
* Switch branch to main
Signed-off-by: Yi Zhao
---
recipes-security/selinux/selinux_common.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/recipes-security/selinux/selinux_common.inc
b/recipes
Signed-off-by: Yi Zhao
---
recipes-security/selinux/{libsepol_3.5.bb => libsepol_3.6.bb} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename recipes-security/selinux/{libsepol_3.5.bb => libsepol_3.6.bb} (100%)
diff --git a/recipes-security/selinux/libsepol_3.5.bb
b/recipes-se
-printer/
Signed-off-by: Yi Zhao
---
recipes-security/refpolicy/refpolicy_git.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/recipes-security/refpolicy/refpolicy_git.inc
b/recipes-security/refpolicy/refpolicy_git.inc
index 1913ec8..d739522 100644
--- a/recipes-security
* Switch branch to main.
* Update to latest git rev.
* Drop obsolete and useless patches.
* Refresh patches.
Signed-off-by: Yi Zhao
---
...tile-alias-common-var-volatile-paths.patch | 2 +-
...inimum-make-sysadmin-module-optional.patch | 10 +--
...ed-make-unconfined_u-the-default-sel.patch
oe-core has switched to nanbield in:
https://git.openembedded.org/openembedded-core/commit/?id=f212cb12a0db9c9de5afd3cc89b1331d386e55f6
Signed-off-by: Yi Zhao
---
conf/layer.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/conf/layer.conf b/conf/layer.conf
index 8bdc3de
Add how to enable labeling on first boot.
Signed-off-by: Yi Zhao
---
README | 8
1 file changed, 8 insertions(+)
diff --git a/README b/README
index 77b6253..67708f7 100644
--- a/README
+++ b/README
@@ -75,6 +75,14 @@ VIRTUAL-RUNTIME_init_manager = "sy
during build.
Signed-off-by: Yi Zhao
---
classes/selinux-image.bbclass | 32 +++-
1 file changed, 23 insertions(+), 9 deletions(-)
diff --git a/classes/selinux-image.bbclass b/classes/selinux-image.bbclass
index 23645b7..b4f9321 100644
--- a/classes/selinux
to enable labeling on first
boot.
Signed-off-by: Yi Zhao
---
recipes-security/selinux-scripts/selinux-autorelabel_0.1.bb | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/recipes-security/selinux-scripts/selinux-autorelabel_0.1.bb
b/recipes-security/selinux-scripts/selinux
tries to find the schema files in
build-1 directory since these paths are hardcoded when building
openscap-native.
We need to pass the correct cpe/schemas/xsl paths to oscap to make sure
it can find the files in right location.
Signed-off-by: Yi Zhao
---
.../scap-security-guide/scap-security
-by: Yi Zhao
---
recipes-kernel/linux/files/selinux.cfg | 1 -
1 file changed, 1 deletion(-)
diff --git a/recipes-kernel/linux/files/selinux.cfg
b/recipes-kernel/linux/files/selinux.cfg
index a081095..8333a05 100644
--- a/recipes-kernel/linux/files/selinux.cfg
+++ b/recipes-kernel/linux/files
libselinux-python also requires the patch which provided by [1] to fix
build with musl.
[1]
https://git.yoctoproject.org/meta-selinux/commit/?id=23d8e2d86317170c0a3c155640c71b83329ff726
Signed-off-by: Yi Zhao
---
recipes-security/selinux/libselinux-python_3.5.bb | 1 +
1 file changed, 1
argument("-o", "--os", dest="os", default=get_os_version(),
File "/usr/lib/python3.11/site-packages/sepolicy/__init__.py", line 1245, in
get_os_version
import distro
ModuleNotFoundError: No module named 'distro'
$ sepolicy generate --init /usr/sbin/ss
ChangeLog:
https://github.com/SELinuxProject/setools/releases/tag/4.4.3
Signed-off-by: Yi Zhao
---
recipes-security/setools/{setools_4.4.2.bb => setools_4.4.3.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename recipes-security/setools/{setools_4.4.2.bb => setools_4.4.3.b
On 7/21/23 13:06, Poornesh G ( India - Bangalore ) wrote:
Greeetings !
I am trying to include "samba" into my yocto build . I can able to see
*"pam_winbind.so
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE is deprecated and will be
rejected in a future kernel release[1].
[1] https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-checkreqprot
Signed-off-by: Yi Zhao
---
recipes-kernel/linux/files/selinux.cfg | 1 -
1 file changed, 1 deletion
ChangeLog:
https://github.com/SELinuxProject/setools/releases/tag/4.4.2
Signed-off-by: Yi Zhao
---
recipes-security/setools/{setools_4.4.1.bb => setools_4.4.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename recipes-security/setools/{setools_4.4.1.bb => setools_4.4.2.b
Drop 0003-refpolicy-minimum-make-dbus-module-optional.patch as the issue
has been fixed upstream.
Signed-off-by: Yi Zhao
---
.../refpolicy/refpolicy-minimum_git.bb| 1 -
...cy-minimum-make-dbus-module-optional.patch | 36 ---
recipes-security/refpolicy/refpolicy_git.inc
License-Update: Rename COPYING to LICENSE. No content changes.
Signed-off-by: Yi Zhao
---
.../selinux/{semodule-utils_3.4.bb => semodule-utils_3.5.bb}| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename recipes-security/selinux/{semodule-utils_3.4.bb =>
semodule-utils_3.5.b
License-Update: Rename COPYING to LICENSE. No content changes.
* Drop backport patch.
Signed-off-by: Yi Zhao
---
...andle-unsupported-languages-properly.patch | 49 ---
...-sandbox_3.4.bb => selinux-sandbox_3.5.bb} | 3 +-
2 files changed, 1 insertion(+), 51 deleti
License-Update: Rename COPYING to LICENSE. No content changes.
* Drop backport patch.
Signed-off-by: Yi Zhao
---
...andle-unsupported-languages-properly.patch | 199 --
...{selinux-gui_3.4.bb => selinux-gui_3.5.bb} | 4 +-
2 files changed, 1 insertion(+), 202 deleti
License-Update: Rename COPYING to LICENSE. No content changes.
Signed-off-by: Yi Zhao
---
.../selinux/{selinux-dbus_3.4.bb => selinux-dbus_3.5.bb}| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename recipes-security/selinux/{selinux-dbus_3.4.bb => selinux-dbus_3.5.bb
License-Update: Rename COPYING to LICENSE. No content changes.
* Refresh patch.
* Drop backport patch.
* Add dependency python3-setuptools-scm-native to fix build error.
Signed-off-by: Yi Zhao
---
...andle-unsupported-languages-properly.patch | 173 --
.../fix-sepolicy-install
License-Update: Rename COPYING to LICENSE. No content changes.
Signed-off-by: Yi Zhao
---
.../selinux/{restorecond_3.4.bb => restorecond_3.5.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename recipes-security/selinux/{restorecond_3.4.bb => restorecond_3.5.bb
License-Update: Rename COPYING to LICENSE. No content changes.
Signed-off-by: Yi Zhao
---
recipes-security/selinux/{mcstrans_3.4.bb => mcstrans_3.5.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename recipes-security/selinux/{mcstrans_3.4.bb => mcstrans_3.5.bb} (96%)
diff
License-Update: Rename COPYING to LICENSE. No content changes.
* Refresh patch.
Signed-off-by: Yi Zhao
---
.../policycoreutils-fixfiles-de-bashify.patch | 8
.../{policycoreutils_3.4.bb => policycoreutils_3.5.bb}| 4 ++--
2 files changed, 6 insertions(+), 6 deleti
License-Update: Rename COPYING to LICENSE. No content changes.
Signed-off-by: Yi Zhao
---
recipes-security/selinux/{secilc_3.4.bb => secilc_3.5.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename recipes-security/selinux/{secilc_3.4.bb => secilc_3.5.bb} (84%)
diff --git a/r
License-Update: Rename COPYING to LICENSE. No content changes.
Signed-off-by: Yi Zhao
---
.../selinux/{checkpolicy_3.4.bb => checkpolicy_3.5.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename recipes-security/selinux/{checkpolicy_3.4.bb => checkpolicy_3.5.bb
License-Update: Rename COPYING to LICENSE. No content changes.
Signed-off-by: Yi Zhao
---
.../{libsemanage_3.4.bb => libsemanage_3.5.bb} | 13 +++--
1 file changed, 7 insertions(+), 6 deletions(-)
rename recipes-security/selinux/{libsemanage_3.4.bb => libsemanage_3.5.bb
* Add dependency python3-setuptools-scm-native to fix build error.
* Refresh patches.
Signed-off-by: Yi Zhao
---
...inux-python_3.4.bb => libselinux-python_3.5.bb} | 14 +-
...x-python-modules-install-path-for-multili.patch | 10 +-
...PYCEXT-and-rely-on-the-installed-f
Signed-off-by: Yi Zhao
---
recipes-security/selinux/{libselinux_3.4.bb => libselinux_3.5.bb} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename recipes-security/selinux/{libselinux_3.4.bb => libselinux_3.5.bb} (100%)
diff --git a/recipes-security/selinux/libselinux_3.4.bb
b/r
ChangeLog:
https://github.com/SELinuxProject/selinux/releases/tag/3.5
Signed-off-by: Yi Zhao
---
recipes-security/selinux/selinux_common.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/recipes-security/selinux/selinux_common.inc
b/recipes-security/selinux
License-Update: Rename COPYING to LICENSE. No content changes.
* Drop backport patch.
Signed-off-by: Yi Zhao
---
...idation-of-user-declarations-in-modu.patch | 80 ---
.../{libsepol_3.4.bb => libsepol_3.5.bb} | 4 +-
2 files changed, 1 insertion(+), 83 deleti
Drop 0003-refpolicy-minimum-make-dbus-module-optional.patch as the issue
has been fixed upstream.
Signed-off-by: Yi Zhao
---
.../refpolicy/refpolicy-minimum_git.bb| 1 -
...cy-minimum-make-dbus-module-optional.patch | 36 ---
recipes-security/refpolicy/refpolicy_git.inc
Signed-off-by: Yi Zhao
---
.gitignore | 7 +++
1 file changed, 7 insertions(+)
create mode 100644 .gitignore
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000..c01df45
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,7 @@
+*.pyc
+*.pyo
+/*.patch
+*.swp
+*.orig
+*.rej
Changelog:
https://github.com/SELinuxProject/setools/releases/tag/4.4.1
License-Update: Refine COPYING text. No license changes.[1]
[1]
https://github.com/SELinuxProject/setools/commit/fff1906ff436835108b62bf46616e19705183dfb
Signed-off-by: Yi Zhao
---
.../setools/{setools_4.4.0.bb
Make the bbappend available for 5.x and 6.x kernels.
Signed-off-by: Yi Zhao
---
.../linux/{linux-yocto_5.%.bbappend => linux-yocto_%.bbappend}| 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename recipes-kernel/linux/{linux-yocto_5.%.bbappend =>
linux-yocto_%.bbappend} (100%)
Signed-off-by: Yi Zhao
---
conf/layer.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/conf/layer.conf b/conf/layer.conf
index 5673b73..8bdc3de 100644
--- a/conf/layer.conf
+++ b/conf/layer.conf
@@ -17,7 +17,7 @@ BBFILE_PRIORITY_selinux = "5"
# cause compatibil
/qemux86_64-poky-linux/refpolicy-mls/2.20220520+gitAUTOINC+f311d401cd-r0/recipe-sysroot-native/usr/bin/semodule_package:
Error while reading policy module from tmp/xserver.mod
| make: *** [Rules.modular:98: xserver.pp] Error 1
Signed-off-by: Yi Zhao
---
...idation-of-user-declarations-in-modu.patch
Update SELinux-FAQ as the poky-selinux distro has been removed for a
long time.
Signed-off-by: Yi Zhao
---
SELinux-FAQ | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/SELinux-FAQ b/SELinux-FAQ
index 8f56b2b..2ae6649 100644
--- a/SELinux-FAQ
+++ b/SELinux-FAQ
@@ -47,7
By default /var/volatile will be mounted with tmpfs_t instead of var_t
label, which will cause us to have to add some extra rules to eliminate
avc denials of some services.
Set rootcontext for /var/volatile in fstab to make sure it is mounted
with correct label.
Signed-off-by: Yi Zhao
Signed-off-by: Yi Zhao
---
meta-cgl-common/conf/layer.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta-cgl-common/conf/layer.conf b/meta-cgl-common/conf/layer.conf
index 2e21879..865ed9f 100644
--- a/meta-cgl-common/conf/layer.conf
+++ b/meta-cgl-common/conf
Fix buildpaths warning:
WARNING: resource-agents-4.5.0-r0 do_package_qa: QA Issue: File
/lib/systemd/system/ldirectord.service in package ldirectord contains
reference to TMPDIR [buildpaths]
Signed-off-by: Yi Zhao
---
...ce.in-set-correct-path-of-rm-command.patch | 28
Signed-off-by: Yi Zhao
---
conf/layer.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/conf/layer.conf b/conf/layer.conf
index d6f83c9..5673b73 100644
--- a/conf/layer.conf
+++ b/conf/layer.conf
@@ -17,7 +17,7 @@ BBFILE_PRIORITY_selinux = "5"
# cause compatibil
Fixes:
QA Issue: File /usr/src/debug/setools/4.4.0-r0/setools/policyrep.c in package
setools-src
contains reference to TMPDIR [buildpaths]
Signed-off-by: Yi Zhao
---
recipes-security/setools/setools_4.4.0.bb | 33 ---
1 file changed, 17 insertions(+), 16 deletions(-)
diff
Signed-off-by: Yi Zhao
---
.../{semodule-utils_3.3.bb => semodule-utils_3.4.bb} | 11 ---
1 file changed, 4 insertions(+), 7 deletions(-)
rename recipes-security/selinux/{semodule-utils_3.3.bb =>
semodule-utils_3.4.bb} (70%)
diff --git a/recipes-security/selinux/semodule-utils_
* Backport a patch to fix chcat runtime error.
* Refresh patch.
Signed-off-by: Yi Zhao
---
...andle-unsupported-languages-properly.patch | 49 +++
.../selinux-sandbox/sandbox-de-bashify.patch | 6 +--
...-sandbox_3.3.bb => selinux-sandbox_3.4.bb} | 8 +--
3 files changed,
Signed-off-by: Yi Zhao
---
.../selinux/{selinux-dbus_3.3.bb => selinux-dbus_3.4.bb}| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename recipes-security/selinux/{selinux-dbus_3.3.bb => selinux-dbus_3.4.bb}
(89%)
diff --git a/recipes-security/selinux/selinux-dbus_3.3
Backport a patch to fix chcat runtime error.
Signed-off-by: Yi Zhao
---
...andle-unsupported-languages-properly.patch | 199 ++
...{selinux-gui_3.3.bb => selinux-gui_3.4.bb} | 5 +-
2 files changed, 203 insertions(+), 1 deletion(-)
create mode 100644
recipes-security/seli
* Backport a patch to fix chcat runtime error.
* Refresh patch.
Signed-off-by: Yi Zhao
---
...andle-unsupported-languages-properly.patch | 173 ++
.../fix-sepolicy-install-path.patch | 4 +-
...ux-python_3.3.bb => selinux-python_3.4.bb} | 51 +++---
3 files chan
Signed-off-by: Yi Zhao
---
.../selinux/{restorecond_3.3.bb => restorecond_3.4.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename recipes-security/selinux/{restorecond_3.3.bb => restorecond_3.4.bb}
(86%)
diff --git a/recipes-security/selinux/restorecond_3.3
Refresh patches.
Signed-off-by: Yi Zhao
---
.../selinux/mcstrans/mcstrans-de-bashify.patch | 6 +++---
.../mcstrans/mcstrans-fix-the-init-script.patch | 4 ++--
.../selinux/{mcstrans_3.3.bb => mcstrans_3.4.bb} | 12 ++--
3 files changed, 11 insertions(+), 11 deleti
Refresh patch.
Signed-off-by: Yi Zhao
---
.../policycoreutils-fixfiles-de-bashify.patch | 14 ++--
...oreutils_3.3.bb => policycoreutils_3.4.bb} | 72 +--
2 files changed, 43 insertions(+), 43 deletions(-)
rename recipes-security/selinux/{policycoreutils_3.3
Use precise license BSD-2-Clause instead of license BSD.
Signed-off-by: Yi Zhao
---
recipes-security/selinux/{secilc_3.3.bb => secilc_3.4.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename recipes-security/selinux/{secilc_3.3.bb => secilc_3.4.bb} (85%)
diff --git a/r
Signed-off-by: Yi Zhao
---
.../selinux/{checkpolicy_3.3.bb => checkpolicy_3.4.bb} | 5 +
1 file changed, 1 insertion(+), 4 deletions(-)
rename recipes-security/selinux/{checkpolicy_3.3.bb => checkpolicy_3.4.bb}
(84%)
diff --git a/recipes-security/selinux/checkpolicy_3.3
Refresh patches.
Signed-off-by: Yi Zhao
---
.../libsemanage-Fix-execve-segfaults-on-Ubuntu.patch | 10 +-
.../libsemanage-allow-to-disable-audit-support.patch | 8
...bsemanage-disable-expand-check-on-policy-load.patch | 8
.../selinux/{libsemanage_3.3.bb
Use libpcre2 instead of libpcre.
Signed-off-by: Yi Zhao
---
.../selinux/{libselinux_3.3.bb => libselinux_3.4.bb} | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
rename recipes-security/selinux/{libselinux_3.3.bb => libselinux_3.4.bb} (77%)
diff --git a/recipes-se
* Use libpcre2 instead of libpcre.
* Refresh patches.
Signed-off-by: Yi Zhao
---
...linux-python_3.3.bb => libselinux-python_3.4.bb} | 13 +++--
...ix-python-modules-install-path-for-multili.patch | 8
...PYCEXT-and-rely-on-the-installed-file-nam.patch} | 8
3 fi
Signed-off-by: Yi Zhao
---
.../selinux/{libsepol_3.3.bb => libsepol_3.4.bb}| 6 +-
1 file changed, 1 insertion(+), 5 deletions(-)
rename recipes-security/selinux/{libsepol_3.3.bb => libsepol_3.4.bb} (80%)
diff --git a/recipes-security/selinux/libsepol_3.3.bb
b/recipes-se
Signed-off-by: Yi Zhao
---
recipes-security/selinux/selinux_common.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/recipes-security/selinux/selinux_common.inc
b/recipes-security/selinux/selinux_common.inc
index 8bdf8ad..86c748f 100644
--- a/recipes-security/selinux
Fix typo:
RDPENDS_${PN} -> RDEPENDS:${PN}
Signed-off-by: Yi Zhao
---
recipes-ids/aide/aide_0.17.4.bb | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/recipes-ids/aide/aide_0.17.4.bb b/recipes-ids/aide/aide_0.17.4.bb
index 6bc2bfe..ebd6ac3 100644
--- a/recipes-ids/a
-transition-for-systemd-networkd-run.patch
systemd-add-missing-file-context-for-run-systemd-net.patch
systemd-add-file-contexts-for-systemd-network-genera.patch
systemd-udev-allow-udev-to-read-systemd-networkd-run.patch
Signed-off-by: Yi Zhao
---
...emd-resolved-is-linked-to-libselinux.patch | 33
Add file context for findfs alternative which is provided by util-linux.
Signed-off-by: Yi Zhao
---
...s-apply-policy-to-findfs-alternative.patch | 29 +++
.../refpolicy/refpolicy_common.inc| 1 +
2 files changed, 30 insertions(+)
create mode 100644
recipes
Add RDEPENDS on python3-multiprocessing for selinux-python-sepolicy to
fix runtime error:
$ sepolicy
Traceback (most recent call last):
File "/usr/bin/sepolicy", line 28, in
from multiprocessing import Pool
ModuleNotFoundError: No module named 'multiprocessing'
Signed-off-b
Signed-off-by: Yi Zhao
---
recipes-ids/samhain/samhain.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/recipes-ids/samhain/samhain.inc b/recipes-ids/samhain/samhain.inc
index 97f5f2d..077e118 100644
--- a/recipes-ids/samhain/samhain.inc
+++ b/recipes-ids/samhain
Signed-off-by: Yi Zhao
---
...{checkpolicy_3.2.bb => checkpolicy_3.3.bb} | 0
...python_3.2.bb => libselinux-python_3.3.bb} | 0
.../{libselinux_3.2.bb => libselinux_3.3.bb} | 0
...{libsemanage_3.2.bb => libsemanage_3.3.bb} | 0
.../selinux/libsepol/CVE-2021-36084.pat
File "/usr/lib/python3.9/site-packages/seobject.py", line 2481, in __add
self.mylog.log_change("resrc=fcontext op=add %s ftype=%s
tcontext=%s:%s:%s:%s"
% (audit.audit_encode_nv_string("tglob", target, 0),
ftype_to_audit[ftype],)
NameError: name 'audi
Signed-off-by: Yi Zhao
---
.../selinux-autorelabel/selinux-autorelabel.service | 0
.../selinux-autorelabel/selinux-autorelabel.sh| 0
.../{selinux => selinux-scripts}/selinux-autorelabel_0.1.bb | 0
.../selinux-init/selinux-init.serv
-tools
INFO: Current version: 1.8.6
INFO: Latest version: 1.8.7
INFO: Latest version's commit: 80a60d697d9052d3f196a932df3d1fb5f0df52d6
Signed-off-by: Yi Zhao
---
meta-cgl-common/recipes-cgl/ocfs2-tools/ocfs2-tools_1.8.6.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta-cgl-common
cluster-glue
INFO: Current version: 1.0.12
INFO: Latest version: 1.0.12
INFO: Latest version's commit: 1bc77825c0cfb0c80f9c82a061af7ede68676cb4
Signed-off-by: Yi Zhao
---
meta-cgl-common/recipes-cgl/cluster-glue/cluster-glue_1.0.12.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta-cgl
resource-agents
INFO: Current version: 4.5.0
INFO: Latest version: 4.10.0
INFO: Latest version's commit: fd0720f73a06042ad0a5475a3398096b2912cf5f
Signed-off-by: Yi Zhao
---
.../cluster-resource-agents/resource-agents_4.5.0.bb| 2 ++
1 file changed, 2 insertions(+)
diff --git
a/meta
Drop backport CVE patches.
Signed-off-by: Yi Zhao
---
...{checkpolicy_3.2.bb => checkpolicy_3.3.bb} | 0
...python_3.2.bb => libselinux-python_3.3.bb} | 0
.../{libselinux_3.2.bb => libselinux_3.3.bb} | 0
...{libsemanage_3.2.bb => libsemanage_3.3.bb} | 0
.../selinux/libse
File "/usr/lib/python3.9/site-packages/seobject.py", line 2481, in __add
self.mylog.log_change("resrc=fcontext op=add %s ftype=%s
tcontext=%s:%s:%s:%s"
% (audit.audit_encode_nv_string("tglob", target, 0),
ftype_to_audit[ftype],)
NameError: name 'audi
There are too many recipes in recipes-security/selinux. Keep the selinux
userspace recipes and move selinux scripts to selinux-scripts directory
to make the directory hierarchy clearer.
Signed-off-by: Yi Zhao
---
.../selinux-autorelabel/selinux-autorelabel.service | 0
.../selinux
Signed-off-by: Yi Zhao
---
meta-parsec/README.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta-parsec/README.md b/meta-parsec/README.md
index c5635d3..bb4c2b9 100644
--- a/meta-parsec/README.md
+++ b/meta-parsec/README.md
@@ -80,7 +80,7 @@ Manual testing
Fixes:
WARNING: openssl-tpm-engine_0.5.0.bb: CFLAGS:append += is not a
recommended operator combination, please replace it.
Signed-off-by: Yi Zhao
---
.../openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb| 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git
a/meta-tpm
Update SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls.
Signed-off-by: Yi Zhao
---
meta-cgl-common/recipes-cgl/cluster-glue/cluster-glue_1.0.12.bb | 2 +-
.../cluster-resource-agents/resource-agents_4.5.0.bb| 2 +-
meta
Update SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls.
Signed-off-by: Yi Zhao
---
recipes-security/refpolicy/refpolicy_git.inc | 2 +-
recipes-security/selinux/selinux_common.inc | 2 +-
recipes-security/setools/setools_4.4.0.bb
This file is not needed anymore as bind daemon will create them by
itself.
Signed-off-by: Yi Zhao
---
recipes-connectivity/bind/bind_selinux.inc| 7 ---
recipes-connectivity/bind/files/volatiles.04_bind | 4
2 files changed, 11 deletions(-)
delete mode 100644 recipes
The sysvinit in oe-core has been upgraded to 3.0. Update the bbappend to
adapt it.
Signed-off-by: Yi Zhao
---
.../{sysvinit_2.9%.bbappend => sysvinit_3.%.bbappend} | 0
recipes-core/sysvinit/sysvinit_selinux.inc| 4
2 files changed, 4 deletions(-)
ren
: Current version: 4.3.1
INFO: Latest version: 4.3.1
INFO: Latest version's commit: 00ec69054edecd068deda54c6184c0385d90ebd2
Signed-off-by: Yi Zhao
---
meta-cgl-common/recipes-cgl/crmsh/crmsh_4.3.1.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta-cgl-common/recipes-cgl/crmsh
ctions.MutableSet):
AttributeError: module 'collections' has no attribute 'MutableSet'
Signed-off-by: Yi Zhao
---
...x-deprecation-on-collections.Mutable.patch | 52 +++
.../recipes-cgl/crmsh/crmsh_4.3.1.bb | 1 +
2 files changed, 53 insertions(+)
create mode 100644
me
-perl/0.29-r2/temp/run.do_configure.27951: autoreconf: not found
libsocket6-perl/0.29-r2/temp/run.do_configure.27951: oefatal: not found
Signed-off-by: Yi Zhao
---
meta-cgl-common/recipes-perl/perl/libsocket6-perl_0.29.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta-cgl
1 - 100 of 251 matches
Mail list logo
