From: Wenzong Fan
Remove patches that included by upstream:
- poky-fc-nscd.patch
- poky-fc-ftpwho-dir.patch
- refpolicy-update-for_systemd.patch
- 0005-refpolicy-minimum-init-fix-reboot-with-systemd-as-in.patch
Rebase patches:
- poky-fc-clock.patch
-
From: Wenzong Fan
v2 changes:
* Update patch for Yocto Compat - don't change layer's hash
The systemd-backlight@.service which called after selinux-init.service
will create /var/lib/systemd/backlight with incorrect
From: Wenzong Fan
The systemd-backlight@.service which called after selinux-init.service
will create /var/lib/systemd/backlight with incorrect security labels,
this causes the systemd-backlight service fails to start and stop.
Creating /var/lib/systemd/backlight in
From: Wenzong Fan
Signed-off-by: Wenzong Fan
---
recipes-security/xmlsec1/xmlsec1_1.2.25.bb | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/recipes-security/xmlsec1/xmlsec1_1.2.25.bb
From: Wenzong Fan
Add Ethernet TEAM drivers for supporting libteam:
The Team softdev Linux driver provides a mechanism to team multiple
NICs (ports) into a single logical one (teamdev) at L2 layer.
This process is called "channel bonding", "Ethernet bonding", "channel
From: Wenzong Fan
* Allow kernel_t to lower file level
* Allow kernel_t to set process level
Signed-off-by: Wenzong Fan
---
...-kernel_t-mls-trusted-for-lowering-file-l.patch | 74 ++
From: Wenzong Fan
* make pam and audit support configurable;
* remove INITDIR from EXTRA_OEMAKE, the variable is not supported now.
Signed-off-by: Wenzong Fan
---
recipes-security/selinux/policycoreutils.inc | 21 ++---
1
From: Wenzong Fan
Update definition of AUDITH, PAMH according to the upstream changes
for Makefiles:
commit 89ce96cac6ce5eeed78cb39c58514cd68494d7aa
...
-ifeq ($(PAMH), /usr/include/security/pam_appl.h)
+ifeq ($(PAMH), y)
...
-ifeq ($(AUDITH),
From: Wenzong Fan
Update patch to fix build error with systemd:
* replace below statements with 'init_dbus_chat(initrc_t)':
allow initrc_t init_t:dbus send_msg;
allow init_t initrc_t:dbus send_msg;
* declare class 'dbus' and 'acquire_svc' for:
allow init_t
From: Wenzong Fan
Backport upstream patches:
- 0001-refpolicy-Define-getrlimit-permission-for-class-proc.patch
- 0002-refpolicy-Define-smc_socket-security-class.patch
This fixes the runtime issues:
$ load_policy
SELinux: Permission getrlimit in class process
From: Wenzong Fan
Rebase and apply the patches for 2.20170204:
- refpolicy-fix-optional-issue-on-sysadm-module.patch
- refpolicy-unconfined_u-default-user.patch
Signed-off-by: Wenzong Fan
---
From: Wenzong Fan
Fix the warnings if ${libdir} = '/usr/lib64':
WARNING: selinux-python-2.7-r0 do_package: QA Issue: selinux-python: \
Files/directories were installed but not shipped in any package:
/usr/lib/python2.7/site-packages/sepolicy-1.1.egg-info
From: Wenzong Fan
SETools v4 is a rewrite of SETools in Python, details refer to:
https://github.com/TresysTechnology/setools/wiki/Changes-Since-SETools-v3
Changes for upreving:
* removed setools_3.3.8.bb and all useless patch
* add patches to fix cross-compiling
From: Wenzong Fan
Signed-off-by: Wenzong Fan
---
recipes-security/selinux/selinux-python.inc | 1 +
1 file changed, 1 insertion(+)
diff --git a/recipes-security/selinux/selinux-python.inc
b/recipes-security/selinux/selinux-python.inc
From: Wenzong Fan
Some new packages added after SELinux uprev to 2.7, sync the package
names accordingly:
policycoreutils-audit2allow -> selinux-python-audit2allow
policycoreutils-chcat-> selinux-python-chcat
policycoreutils-python ->
From: Wenzong Fan
Remove setools from DEPENDS/RDEPENDS, it was required by sepolicy,
sepolgen, semanage which have been moved to python/*.
Rebase patch:
- policycoreutils-fixfiles-de-bashify.patch
Drop useless patch:
- policycoreutils-loadpolicy-symlink.patch
From: Wenzong Fan
Those tools have been moved from policycoreutils to semodule-utils:
semodule_deps, semodule_expand, semodule_link, semodule_package
Signed-off-by: Wenzong Fan
---
recipes-security/refpolicy/refpolicy_common.inc | 2 +-
From: Wenzong Fan
Move policycoreutils/gui to gui and cleanup policycoreutils.inc.
Signed-off-by: Wenzong Fan
---
recipes-security/selinux/policycoreutils.inc | 7 ---
recipes-security/selinux/selinux-gui.inc | 15 +++
From: Wenzong Fan
Move packages to python/*:
- policycoreutils/semanage -> python/semanage
- policycoreutils/audit2allow-> python/audit2allow
- policycoreutils/sepolgen-ifgen -> python/audit2allow/sepolgen-ifgen
- policycoreutils/sepolicy ->
From: Wenzong Fan
Move policycoreutils/sepolicy/dbus to dbus.
Signed-off-by: Wenzong Fan
---
recipes-security/selinux/selinux-dbus.inc| 14 ++
recipes-security/selinux/selinux-dbus_2.7.bb | 7 +++
2 files changed, 21
From: Wenzong Fan
Move policycoreutils/semodule_* to semodule-utils/*:
- policycoreutils/semodule_deps-> semodule-utils/semodule_deps
- policycoreutils/semodule_expand -> semodule-utils/semodule_expand
- policycoreutils/semodule_link->
From: Wenzong Fan
Move policycoreutils/mcstrans to mcstrans:
* Move and rebase patches:
- mcstrans-de-bashify.patch
- 0001-mcstrans-fix-the-init-script.patch
* Remove useless patch:
- enable-mcstrans.patch
* Cleanup policycoreutils_2.7.bb and
From: Wenzong Fan
Uprev the recipe file as is.
Some packages have been moved out from policycoreutils, they will be
added as new packages and the policycoreutils.inc need to be cleaned
up from later commits accordingly.
Moved packages:
From:
From: Wenzong Fan
Move policycoreutils/sandbox to sandbox:
* Move and rebase patch:
- policycoreutils-sandbox-de-bashify.patch
* Cleanup policycoreutils.inc
Signed-off-by: Wenzong Fan
---
recipes-security/selinux/policycoreutils.inc
From: Wenzong Fan
Move policycoreutils/restorecond to restorecond:
* Move and rebase patch:
- policycoreutils-make-O_CLOEXEC-optional.patch
* Cleanup policycoreutils_2.7.bb.
Signed-off-by: Wenzong Fan
---
From: Wenzong Fan
The package has been moved to selinux-python/sepolgen.
Signed-off-by: Wenzong Fan
---
recipes-security/selinux/sepolgen.inc| 34
recipes-security/selinux/sepolgen_2.6.bb | 7 ---
From: Wenzong Fan
Remove patches that included by new version:
- 0001-libsemanage-simplify-string-utilities-functions.patch
- 0002-libsemanage-add-semanage_str_replace-utility-functio.patch
- 0003-libsemanage-genhomedircon-drop-ustr-dependency.patch
-
From: Wenzong Fan
Remove patch that included by new version:
- checkpolicy-Do-not-link-against-libfl.patch
Specify LIBSEPOLA to fix build error:
make[1]: *** No rule to make target `/usr/lib/libsepol.a'
Signed-off-by: Wenzong Fan
---
From: Wenzong Fan
Signed-off-by: Wenzong Fan
---
recipes-security/selinux/{selinux_20161014.inc => selinux_20170804.inc} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename recipes-security/selinux/{selinux_20161014.inc =>
From: Wenzong Fan
Signed-off-by: Wenzong Fan
---
recipes-security/selinux/secilc_2.6.bb | 7 ---
recipes-security/selinux/secilc_2.7.bb | 7 +++
2 files changed, 7 insertions(+), 7 deletions(-)
delete mode 100644
From: Wenzong Fan
Specify LIBSEPOLA to fix build error:
make[1]: *** No rule to make target `/usr/lib/libsepol.a',
needed by `python-2.7audit2why.so'. Stop.
Add python-importlib to RDEPENDS_${PN}-python.
Signed-off-by: Wenzong Fan
---
From: Wenzong Fan
Signed-off-by: Wenzong Fan
---
recipes-security/selinux/{libsepol_2.6.bb => libsepol_2.7.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename recipes-security/selinux/{libsepol_2.6.bb => libsepol_2.7.bb}
From: Wenzong Fan
V2 changes:
* fix incorrect 'Subject' in patches
* apply patches base on mgh/master-next:
- drop applied patch: refpolicy: fix a typo in RDEPENDS
The following changes since commit ae9553c0d22bc079947aa31170dbe096b20f9de6:
systemd: Remove
From: Wenzong Fan
SETools v4 is a rewrite of SETools in Python, details refer to:
https://github.com/TresysTechnology/setools/wiki/Changes-Since-SETools-v3
Changes for upreving:
* removed setools_3.3.8.bb and all useless patch
* add patches to fix cross-compiling
From: Wenzong Fan
Signed-off-by: Wenzong Fan
---
recipes-security/selinux/selinux-python.inc | 1 +
1 file changed, 1 insertion(+)
diff --git a/recipes-security/selinux/selinux-python.inc
b/recipes-security/selinux/selinux-python.inc
From: Wenzong Fan
Some new packages added after SELinux uprev to 2.7, sync the package
names accordingly:
policycoreutils-audit2allow -> selinux-python-audit2allow
policycoreutils-chcat-> selinux-python-chcat
policycoreutils-python ->
From: Wenzong Fan
Those tools have been moved from policycoreutils to semodule-utils:
semodule_deps, semodule_expand, semodule_link, semodule_package
Signed-off-by: Wenzong Fan
---
recipes-security/refpolicy/refpolicy_common.inc | 2 +-
From: Jackie Huang
Underscore ("_") should be used for variable overrides.
Signed-off-by: Jackie Huang
---
recipes-security/refpolicy/refpolicy_common.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
From: Wenzong Fan
Remove setools from DEPENDS/RDEPENDS, it was required by sepolicy,
sepolgen, semanage which have been moved to python/*.
Rebase patch:
- policycoreutils-fixfiles-de-bashify.patch
Drop useless patch:
- policycoreutils-loadpolicy-symlink.patch
From: Wenzong Fan
Move policycoreutils/gui to gui and cleanup policycoreutils.inc.
Signed-off-by: Wenzong Fan
---
recipes-security/selinux/policycoreutils.inc | 7 ---
recipes-security/selinux/selinux-gui.inc | 15 +++
From: Wenzong Fan
Move policycoreutils/sandbox to sandbox:
* Move and rebase patch:
- policycoreutils-sandbox-de-bashify.patch
* Cleanup policycoreutils.inc
Signed-off-by: Wenzong Fan
---
recipes-security/selinux/policycoreutils.inc
From: Wenzong Fan
Move policycoreutils/restorecond to restorecond:
* Move and rebase patch:
- policycoreutils-make-O_CLOEXEC-optional.patch
* Cleanup policycoreutils_2.7.bb.
Signed-off-by: Wenzong Fan
---
From: Wenzong Fan
Move policycoreutils/sepolicy/dbus to dbus.
Signed-off-by: Wenzong Fan
---
recipes-security/selinux/selinux-dbus.inc| 14 ++
recipes-security/selinux/selinux-dbus_2.7.bb | 7 +++
2 files changed, 21
From: Wenzong Fan
Move policycoreutils/semodule_* to semodule-utils/*:
- policycoreutils/semodule_deps-> semodule-utils/semodule_deps
- policycoreutils/semodule_expand -> semodule-utils/semodule_expand
- policycoreutils/semodule_link->
From: Wenzong Fan
Move policycoreutils/mcstrans to mcstrans:
* Move and rebase patches:
- mcstrans-de-bashify.patch
- 0001-mcstrans-fix-the-init-script.patch
* Remove useless patch:
- enable-mcstrans.patch
* Cleanup policycoreutils_2.7.bb and
From: Wenzong Fan
The package has been moved to selinux-python/sepolgen.
Signed-off-by: Wenzong Fan
---
recipes-security/selinux/sepolgen.inc| 34
recipes-security/selinux/sepolgen_2.6.bb | 7 ---
From: Wenzong Fan
Uprev the recipe file as is.
Some packages have been moved out from policycoreutils, they will be
added as new packages and the policycoreutils.inc need to be cleaned
up from later commits accordingly.
Moved packages:
From:
From: Wenzong Fan
Remove patch that included by new version:
- checkpolicy-Do-not-link-against-libfl.patch
Specify LIBSEPOLA to fix build error:
make[1]: *** No rule to make target `/usr/lib/libsepol.a'
Signed-off-by: Wenzong Fan
---
From: Wenzong Fan
Signed-off-by: Wenzong Fan
---
recipes-security/selinux/{secilc_2.6.bb => secilc_2.7.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename recipes-security/selinux/{secilc_2.6.bb => secilc_2.7.bb} (35%)
From: Wenzong Fan
Remove patches that included by new version:
- 0001-libsemanage-simplify-string-utilities-functions.patch
- 0002-libsemanage-add-semanage_str_replace-utility-functio.patch
- 0003-libsemanage-genhomedircon-drop-ustr-dependency.patch
-
From: Wenzong Fan
Specify LIBSEPOLA to fix build error:
make[1]: *** No rule to make target `/usr/lib/libsepol.a',
needed by `python-2.7audit2why.so'. Stop.
Add python-importlib to RDEPENDS_${PN}-python.
Signed-off-by: Wenzong Fan
---
From: Wenzong Fan
Signed-off-by: Wenzong Fan
---
recipes-security/selinux/{libsepol_2.6.bb => libsepol_2.7.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename recipes-security/selinux/{libsepol_2.6.bb => libsepol_2.7.bb}
From: Wenzong Fan
Signed-off-by: Wenzong Fan
---
recipes-security/selinux/{selinux_20161014.inc => selinux_20170804.inc} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename recipes-security/selinux/{selinux_20161014.inc =>
From: Wenzong Fan
To avoid conflict with the one from oe-core:
oe-core/meta/recipes-kernel/linux/linux-yocto.inc
Signed-off-by: Wenzong Fan
---
recipes-kernel/linux/linux-intel_4.%.bbappend | 2 +-
From: Wenzong Fan
To avoid conflict with the one from oe-core:
oe-core/meta/recipes-kernel/linux/linux-yocto.inc
Signed-off-by: Wenzong Fan
---
recipes-kernel/linux/linux-intel_4.%.bbappend| 2 +-
From: Wenzong Fan
Fixing labels after local-fs.target to make sure all mounted
filesystems labeled correctly.
Signed-off-by: Wenzong Fan
---
recipes-security/selinux/selinux-init/selinux-init.service | 1 +
1 file changed, 1 insertion(+)
From: Wenzong Fan
Signed-off-by: Wenzong Fan
---
recipes-security/libseccomp/files/run-ptest | 4
recipes-security/libseccomp/libseccomp.bb | 24
2 files changed, 16 insertions(+), 12 deletions(-)
create
From: Wenzong Fan
Fix build errors:
| policy/modules/system/init.te:1120:ERROR 'class dbus is not within scope' at
token ';' on line 40246:
| allow initrc_t init_t:dbus send_msg;
| allow init_t initrc_t:dbus { send_msg acquire_svc };
Signed-off-by: Wenzong Fan
From: Wenzong Fan
Signed-off-by: Wenzong Fan
---
.../ftp-add-ftpd_t-to-mlsfilewrite.patch | 0
.../poky-fc-clock.patch | 0
.../poky-fc-corecommands.patch
From: Wenzong Fan
Uprev refpolicy to 2.20161023 and fix build errors for refpolicy-minimum.
The following changes since commit bae51859f0dbcdde9fd563d15128a6dbbb816801:
audit: upgrade 2.6.6 -> 2.7 (2017-01-09 08:59:55 -0500)
are available in the git repository at:
From: Wenzong Fan
Signed-off-by: Wenzong Fan
---
recipes-security/audit/{audit_2.6.6.bb => audit_2.7.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename recipes-security/audit/{audit_2.6.6.bb => audit_2.7.bb} (96%)
diff
From: Wenzong Fan
Some variables are exported by top Makefile and updated from sub
Makefile (such as PCRE_LDFLAGS, DISABLE_FLAGS ...).
The '-e' option prevents those variables from updating in the sub
Makefile and causes libselinux build errors:
|
From: Wenzong Fan
Signed-off-by: Wenzong Fan
---
recipes-security/selinux/secilc_2.5.bb | 7 ---
recipes-security/selinux/secilc_2.6.bb | 7 +++
2 files changed, 7 insertions(+), 7 deletions(-)
delete mode 100644
From: Wenzong Fan
Signed-off-by: Wenzong Fan
---
recipes-security/selinux/sepolgen_1.2.3.bb | 7 ---
recipes-security/selinux/sepolgen_2.6.bb | 7 +++
2 files changed, 7 insertions(+), 7 deletions(-)
delete mode 100644
From: Wenzong Fan
Signed-off-by: Wenzong Fan
---
recipes-security/selinux/{libsepol_2.5.bb => libsepol_2.6.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename recipes-security/selinux/{libsepol_2.5.bb => libsepol_2.6.bb}
From: Wenzong Fan
* rebase patch:
- policycoreutils-process-ValueError-for-sepolicy-seobject.patch
Signed-off-by: Wenzong Fan
---
...-process-ValueError-for-sepolicy-seobject.patch | 34 --
...licycoreutils_2.5.bb =>
From: Wenzong Fan
Signed-off-by: Wenzong Fan
---
recipes-security/selinux/checkpolicy_2.5.bb | 7 ---
recipes-security/selinux/checkpolicy_2.6.bb | 7 +++
2 files changed, 7 insertions(+), 7 deletions(-)
delete mode 100644
From: Wenzong Fan
Signed-off-by: Wenzong Fan
---
recipes-security/selinux/{libsemanage_2.5.bb => libsemanage_2.6.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename recipes-security/selinux/{libsemanage_2.5.bb =>
From: Wenzong Fan
Signed-off-by: Wenzong Fan
---
recipes-security/selinux/{selinux_20160223.inc => selinux_20161014.inc} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename recipes-security/selinux/{selinux_20160223.inc =>
From: Wenzong Fan
Uprev selinux packages to 2.6 (20161014) and fix build issues.
The following changes since commit 02602ac9c1f3e61f11d90053c578575254fa6323:
iproute2: make packageconfig selinux work (2016-11-01 09:20:37 -0400)
are available in the git repository
From: Joe Slater
paxctl-native is needed to build paxtest.
Do not use the install target in Makefile for paxctl-native, it will
fail with error:
install: cannot change ownership of '.../sbin/paxctl': \
Operation not permitted
Signed-off-by: Joe Slater
From: Wenzong Fan
Both selinux 2.5 and kernel 4.8 support Max Policy Version 30.
Signed-off-by: Wenzong Fan
---
recipes-security/refpolicy/refpolicy_common.inc | 2 +-
recipes-security/selinux/libsemanage.inc| 2 +-
2 files
From: Wenzong Fan
oe-core commit:
a162416119ec9deee9fef53455d1281abe573681
dhcpd: create dhcpd user for dhcp dameon
Signed-off-by: Wenzong Fan
---
recipes-connectivity/dhcp/files/init-server | 2 +-
1 file changed, 1 insertion(+), 1
From: Wenzong Fan
Remove duplicate type rules from init_t to init_script_file_type,
they have been included by systemd policies. This also fixes the
errors while installing modules for refpolicy-targeted if systemd
support is enabled:
| Conflicting type rules
| Binary
From: Wenzong Fan
Apply the changes to refpolicy-minimum_2.20151208.bb:
commit bfaf278116e6c3a04bb82c9f8a4f8629a0a85df8
Author: Wenzong Fan
Date: Tue Oct 27 06:25:04 2015 -0400
refpolicy-minimum: update prepare_policy_store
From: Wenzong Fan
Update git repos rev to latest stable release and use PV to indicate
the exact release version just like all of the *_git.bb recipes has
been done in oe-core.
ref: https://github.com/TresysTechnology/refpolicy/wiki
Signed-off-by: Wenzong Fan
From: Wenzong Fan
* rebase patch audit-python-configure.patch
* 2.4.4 includes CVE-2015-5186 and bug fixes, detials refer to:
http://people.redhat.com/sgrubb/audit/ChangeLog
Signed-off-by: Wenzong Fan
---
From: Wenlin Kang
The patch fixes the login fails for ssh -o Batchmode=yes when passwords is
empty and without authorized_keys file even if set "PermitEmptyPasswords yes"
in sshd_config file.
Signed-off-by: Wenlin Kang
Signed-off-by:
From: Wenzong Fan
rebase patches against latest git sources:
* refpolicy-fix-optional-issue-on-sysadm-module.patch
* refpolicy-unconfined_u-default-user.patch
Signed-off-by: Wenzong Fan
---
From: Wenzong Fan
* update prepare_policy_store() for supporting SELinux 2.4 & CIL, the
logic is from refpolicy_common.inc but with minimum set of policy
modules;
* add extra policy modules that required by sysnetwork, without those
modules the install process
From: Wenzong Fan
'ln --relative' doesn't work on Ubuntu 12.04 that has ln 8.13. The
changes involved by SELinux commit:
commit 71393a181d63c9baae5fe8dcaeb9411d1f253998
Author: Steve Lawrence
Date: Mon Oct 20 15:46:17 2014 -0400
From: Wenzong Fan
'bzip2 -qt $moudle_name.pp' has different exit codes on different
distributions, for example:
* On Redhat/CentOS/Fedora, OpenSUSE:
$ bzip2 -qt /tmp/tor.pp
bzip2: /tmp/tor.pp: bad magic number (file not created by bzip2)
$ echo $?
0
This
From: Wenzong Fan
swig 3.0.6 has been added to oe-croe:
66923c6776da13bd4513a73c3f7c5e60d74eb0f3
No change need to port.
Signed-off-by: Wenzong Fan
---
recipes-devtools/swig/swig.inc | 59 --
From: Wenzong Fan
libcap-ng 0.7.7 has been added to oe-core:
ad509d7644803ff9386affefe2ec1a3664027074
No change need to port.
Signed-off-by: Wenzong Fan
---
recipes-security/libcap-ng/libcap-ng/python.patch | 58 ---
From: Wenzong Fan
They have been added to oe-core.
The following changes since commit 463f97bfd1180475540b7d91e3fec6a2b33966bd:
audit/auvirt: get inline functions work with both gnu89 & gnu11 (2015-09-21
10:42:27 -0400)
are available in the git repository at:
From: Wenzong Fan
After gcc upgraded to gcc5, and if the codes are compiled without
optimization (-O0), and the below error will happen:
auvirt.c:484: undefined reference to `copy_str'
auvirt.c:667: undefined reference to `is_resource'
collect2: error: ld
From: Wenzong Fan
This fixes link errors:
auvirt.c:484: undefined reference to `copy_str'
auvirt.c:667: undefined reference to `is_resource'
As gcc5 doc about "Different semantics for inline functions":
> C99 extern inline: An externally visible function is
From: Wenzong Fan wenzong@windriver.com
* Port changes from meta-oe:
commit bce4dba5546480c8e43c6442959ac7d0a4ef32f6
Author: Li xin lixin.f...@cn.fujitsu.com
Date: Thu Jul 23 15:29:31 2015 +0800
libcap-ng: upgrade 0.7.4 - 0.7.7
Update python.patch,since the contents has
From: Wenzong Fan wenzong@windriver.com
* update SRC_URI checksums
* remove PKG-INFO that is not in 0.83
Signed-off-by: Wenzong Fan wenzong@windriver.com
---
recipes-devtools/python/{python-ipy_0.81.bb = python-ipy_0.83.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
From: Wenzong Fan wenzong@windriver.com
The selinux.py will be installed as selinux/__init__.py, just make sure
it has been generated completely while starting make install-pywrap.
This fixes below errors that caused by an empty selinux/__init__.py
on target:
$ /usr/sbin/semanage -h
From: Wenzong Fan wenzong@windriver.com
The gen_xxx used for generating sources at compile-time, they are
built by native C compiler but may involve cross-compilation options
via CFLAGS, just use CFLAGS_FOR_BUILD to remove the issue.
Signed-off-by: Wenzong Fan wenzong@windriver.com
---
From: Wenzong Fan wenzong@windriver.com
The option has been replaced by --with-arm:
$ ./configure -h
--with-arm enable Arm eabi processor support
Signed-off-by: Wenzong Fan wenzong@windriver.com
---
recipes-security/audit/audit_2.4.3.bb | 2 +-
1 file changed, 1 insertion(+), 1
From: Wenzong Fan wenzong@windriver.com
After the PV updated, it's safe to clean the PR and get PRSERVER
manage it.
Signed-off-by: Wenzong Fan wenzong@windriver.com
---
recipes-security/audit/audit_2.4.3.bb | 1 -
1 file changed, 1 deletion(-)
diff --git
From: Wenzong Fan wenzong@windriver.com
This dir is required for running command:
$ semanage permissive [OPTS]
Signed-off-by: Wenzong Fan wenzong@windriver.com
---
recipes-security/selinux/policycoreutils.inc | 6 ++
1 file changed, 6 insertions(+)
diff --git
From: Wenzong Fan wenzong@windriver.com
The sepolgen.conf should be installed with devel package to correct
the default value of SELINUX_DEVEL_PATH, Makefile will be searched from
that path while building policies on target.
Signed-off-by: Wenzong Fan wenzong@windriver.com
---
From: Wenzong Fan wenzong@windriver.com
Restore contexts for /etc/{resolv.conf, adjtime}, they are created
dynamically and the incorrect contexts maybe prevent some programs
from valid accessing.
/etc/resolv.conf: etc_t:SystemHigh - etc_t:SystemLow
/etc/adjtime: etc_t:SystemHigh -
From: Wenzong Fan wenzong@windriver.com
The tar_1.28.bb has defined this:
PACKAGECONFIG[acl] = --with-posix-acls, --without-posix-acls, acl,
Signed-off-by: Wenzong Fan wenzong@windriver.com
---
recipes-extended/tar/tar_%.bbappend | 6 --
1 file changed, 6 deletions(-)
diff --git
From: Wenzong Fan wenzong@windriver.com
This change bases on the factors during bootup:
a. the default type for /run is var_run_t;
b. the type for /run will be changed to tmpfs_t after tmpfs mounted;
c. the type for /run will be fixed after populate-volatile.sh run.
udev service is started
From: Wenzong Fan wenzong@windriver.com
This change bases on the factors during bootup:
a. the default type for /run is var_run_t;
b. the type for /run will be changed to tmpfs_t after tmpfs mounted;
c. the type for /run will be fixed after populate-volatile.sh run.
udev service is started
From: Wenzong Fan wenzong@windriver.com
This config file was created by postinstall or initscript, the correct
label should be etc_t, run restorecon /etc/iscsi/initiatorname.iscsi
to fix it and remove below avc denied issues:
avc: denied { read } for pid=6094 comm=iscsid \
1 - 100 of 157 matches
Mail list logo