[yocto] [Yocto pyro] username adding via recipe in capital letters allowed?

Hi , I am using yocto pyro and for creating users via recipe using inherit useradd, followed http://git.yoctoproject.org/cgit/cgit.cgi/poky/tree/meta-skeleton/recipes-skeleton/useradd/useradd-example.bb?h=pyro with lowercase I am able to create user e.g user as expected. but just want to check

Re: [yocto] SELinux with Busybox on morty

Hi Marco, On similar lines, as Joe suggested please try with refpolicy 2.20151208 from morty, also I would like to recommend start with refpolicy-minimum policy variant, then you can explore other variants like refpolicy-targeted. On Mon, Jul 24, 2017 at 1:15 PM, Marco Ostini

Re: [yocto] [meta-selinux] What's the point of refpolicy-minimum?

Hi Joe, On Thu, Jan 12, 2017 at 8:57 PM, Joe MacDonald wrote: > > Hi guys, > > [Re: [meta-selinux] What's the point of refpolicy-minimum?] On 17.01.12 (Thu 12:57) wenzong fan wrote: > > > On 01/10/2017 10:48 PM, Joe MacDonald wrote: > > >Wenzong / Shrikant, > > > > > >I

Re: [yocto] [meta-selinux] What's the point of refpolicy-minimum?

Hi Joe, On Tue, Jan 10, 2017 at 8:18 PM, Joe MacDonald wrote: > > Wenzong / Shrikant, > > I thought I knew the answer to the above question, and maybe my > understanding is still correct, but I think I need to ask it now anyway. > > I don't use refpolicy-minimum for

[yocto] [meta-selinux][PATCH 3/3] refpolicy_2.20151208/git: restrict systemd related patches

From: Shrikant Bobade <shrikant_bob...@mentor.com> restrict systemd related patches based on distro feature. Signed-off-by: Shrikant Bobade <shrikant_bob...@mentor.com> --- recipes-security/refpolicy/refpolicy_2.20151208.inc | 2 +- recipes-security/refpolicy/refpolicy_git.inc

[yocto] [meta-selinux][PATCH 2/3] cleanup 'virtual/refpolicy' & switch to 'refpolicy'

From: Shrikant Bobade <shrikant_bob...@mentor.com> this change drop complete use of 'virtual/refpolicy' & switch to 'refpolicy' use, the mix use of both results in mismatching policy varient selection. with use of 'virtual/refpolicy' at config. level, when we try to switch to ot

[yocto] [meta-selinux][PATCH 1/3] selinux-initsh.inc: selinux-init/autorelabel: add force reboot

From: Shrikant Bobade <shrikant_bob...@mentor.com> Add force reboot during SELinux init and autorelabel, required for smooth auto-reboot functionality with sysvinit as init manager. It is required only for sysvinit, so restricting only for sysvinit and not for systemd. Signed-off-by: Sh

[yocto] [meta-selinux] [PATCH 9/9] refpolicy-minimum: systemd: fix for syslog

From: Shrikant Bobade <shrikant_bob...@mentor.com> syslog & getty related allow rules required to fix the syslog mixup with boot log, while using systemd as init manager. Signed-off-by: Shrikant Bobade <shrikant_bob...@mentor.com> --- ...-refpolicy-minimum-systemd-fix-for-s

[yocto] [meta-selinux] [PATCH 8/9] refpolicy-minimum: systemd: fix for systemd tmp-files services

From: Shrikant Bobade <shrikant_bob...@mentor.com> fix for systemd tmp files setup services: systemd-journal-flush.service & systemd-logind.service. Signed-off-by: Shrikant Bobade <shrikant_bob...@mentor.com> --- ...inimum-systemd-fix-for-systemd-tmp-fi

[yocto] [meta-selinux] [PATCH 5/9] refpolicy-minimum: init: fix reboot with systemd as init manager.

From: Shrikant Bobade <shrikant_bob...@mentor.com> add allow rule to fix avc denial during system reboot. Signed-off-by: Shrikant Bobade <shrikant_bob...@mentor.com> --- ...inimum-init-fix-reboot-with-systemd-as-in.patch | 36 ++ .../refpolicy/refpolicy-minimum_2

[yocto] [meta-selinux] [PATCH 4/9] refpolicy-minimum: locallogin: add allow rules for type local_login_t

From: Shrikant Bobade <shrikant_bob...@mentor.com> add allow rules for locallogin module avc denials. Signed-off-by: Shrikant Bobade <shrikant_bob...@mentor.com> --- ...inimum-locallogin-add-allow-rules-for-typ.patch | 53 ++ .../refpolicy/refpolicy-minimum_2

[yocto] [meta-selinux] [PATCH 3/9] refpolicy-minimum: systemd: mount: logging: authlogin: add allow rules

From: Shrikant Bobade <shrikant_bob...@mentor.com> add allow rules for avc denails for systemd, mount, logging & authlogin modules. without this change we are getting avc. denials from these modules. Signed-off-by: Shrikant Bobade <shrikant_bob...@mentor.com> --- ...inim

[yocto] [meta-selinux] [PATCH 2/9] refpolicy-minimum: audit: logging: getty: audit related allow rules

From: Shrikant Bobade <shrikant_bob...@mentor.com> add allow rules for audit.log file & resolve dependent avc denials. Signed-off-by: Shrikant Bobade <shrikant_bob...@mentor.com> --- ...inimum-audit-logging-getty-audit-related-.patch | 67 ++ .../ref

[yocto] [meta-selinux] [PATCH 1/9] refpolicy-minimum: systemd:unconfined:lib: add systemd services allow rules

From: Shrikant Bobade <shrikant_bob...@mentor.com> systemd allow rules for systemd service file operations: start, stop, restart & allow rule for unconfined systemd service. without this change we are geting avc denials and access denied to perform operations on service file.

Re: [yocto] [meta-selinux][PATCH 1/5] selinux-initsh.inc: add systemd support

Hi, @Ping, Thanks Shrikant On Mon, Aug 22, 2016 at 6:36 PM, Shrikant Bobade <bobadeshrik...@gmail.com> wrote: > From: Shrikant Bobade <shrikant_bob...@mentor.com> > > add support for systemd service file and handling of script required by > systemd service file. >

[yocto] [meta-selinux][PATCH] packagegroup-core-selinux: add auditd support for audit log

From: Shrikant Bobade <shrikant_bob...@mentor.com> this change provide dependency required by audit log file, to prepare it at /var/log/audit/audit.log and get cleaner boot log. without this change all avc denial messages mix with the boot log & it is difficult for avc denial analysi

[yocto] [meta-selinux][PATCH 5/5] refpolicy_common.inc: add refpolicy minimum banner at selinux config.

From: Shrikant Bobade <shrikant_bob...@mentor.com> Signed-off-by: Shrikant Bobade <shrikant_bob...@mentor.com> --- recipes-security/refpolicy/refpolicy_common.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-securi

[yocto] [meta-selinux][PATCH 4/5] selinux-labeldev: add systemd service file support

From: Shrikant Bobade <shrikant_bob...@mentor.com> add systemd service file for handling selinux labeldev, this change improves handling of systemd service functionality like:status check, debug etc. compared to sysvinit compatibility mode scripts. Signed-off-by: Shrikant Bobade <shr

[yocto] [meta-selinux][PATCH 3/5] selinux-autorelabel: add systemd service file support

From: Shrikant Bobade <shrikant_bob...@mentor.com> add systemd service file for handling selinux autorelabel, this change improves handling of systemd service functionality like:status check, re-run, debug etc. compared to sysvinit compatibility mode scripts. Signed-off-by: Shrikant

[yocto] [meta-selinux][PATCH 2/5] selinux-init: add systemd service file support

From: Shrikant Bobade <shrikant_bob...@mentor.com> add systemd service file for handling selinux initialization, this change improves handling of systemd service functionality like:status check, debug etc. compared to sysvinit compatibility mode scripts. Signed-off-by: Shrikant

[yocto] [meta-selinux][PATCH 1/5] selinux-initsh.inc: add systemd support

From: Shrikant Bobade <shrikant_bob...@mentor.com> add support for systemd service file and handling of script required by systemd service file. Signed-off-by: Shrikant Bobade <shrikant_bob...@mentor.com> --- recipes-security/selinux/selinux-initsh.inc | 12 +++- 1 file

Re: [yocto] [meta-selinux] Regarding "systemd" support with refpolicy-minimum v20151208

ta-poky meta-yocto-bsp= "master:039f47ad197a9a53109c9f3deadd9c35e62c056d" meta-selinux = "master:d0f889259b610c3365962775c6e96a7cba407177" Please advice, It will be a great help ! Thanks Shrikant On Fri, Jul 1, 2016 at 7:13 PM, Shrikant Bobade <bobadeshrik...@gmail.com> wrote: &

[yocto] [meta-selinux][RFC 8/8] systemd: fix for systemd tmp-files services

From: Shrikant Bobade <shrikant_bob...@mentor.com> fix for systemd tmp files setup services: systemd-journal-flush.service & systemd-logind.service. Signed-off-by: Shrikant Bobade <shrikant_bob...@mentor.com> --- ...ystemd-fix-for-systemd-tmp-files-serv

[yocto] [meta-selinux][RFC 7/8] systemd: fix for login & journal service

From: Shrikant Bobade <shrikant_bob...@mentor.com> 1. fix for systemd services: login & journal wile using refpolicy-minimum and systemd as init manager. 2. fix login duration after providing root password. Signed-off-by: Shrikant Bobade <shrikant_bob...@mentor.com> --- ..

[yocto] [meta-selinux][RFC 6/8] systemd: mount: enable requiried refpolicy booleans

From: Shrikant Bobade <shrikant_bob...@mentor.com> enable required refpolicy booleans for these modules mount: allow_mount_anyfile & systemd:systemd_tmpfiles_manage_all Signed-off-by: Shrikant Bobade <shrikant_bob...@mentor.com> --- ...mount-enable-requiried-refpolicy-boo

[yocto] [meta-selinux][RFC 5/8] init: fix reboot with systemd as init manager.

From: Shrikant Bobade <shrikant_bob...@mentor.com> add allow rule to fix avc denial during system reboot. Signed-off-by: Shrikant Bobade <shrikant_bob...@mentor.com> --- ...t-fix-reboot-with-systemd-as-init-manager.patch | 35 ++ .../refpolicy/refpolicy_2.

[yocto] [meta-selinux][RFC 4/8] locallogin: add allow rules for type local_login_t

From: Shrikant Bobade <shrikant_bob...@mentor.com> add allow rules for locallogin module avc denials. Signed-off-by: Shrikant Bobade <shrikant_bob...@mentor.com> --- ...in-add-allow-rules-for-type-local_login_t.patch | 52 ++ .../refpolicy/refpolicy_2.

[yocto] [meta-selinux][RFC 2/8] audit: logging: getty: audit related allow rules

From: Shrikant Bobade <shrikant_bob...@mentor.com> add allow rules for audit.log file & resolve dependent avc denials. Signed-off-by: Shrikant Bobade <shrikant_bob...@mentor.com> --- ...t-logging-getty-audit-related-allow-rules.patch | 66 +

[yocto] [meta-selinux][RFC 3/8] systemd: mount: logging: authlogin: add allow rules

From: Shrikant Bobade <shrikant_bob...@mentor.com> add allow rules for avc denails for systemd, mount, logging & authlogin modules. without this change we are getting avc. denials from these modules. Signed-off-by: Shrikant Bobade <shrikant_bob...@mentor.com> --- ...d-mount-l

[yocto] [meta-selinux][RFC 1/8] systemd:unconfined:lib: add systemd services allow rules

From: Shrikant Bobade <shrikant_bob...@mentor.com> systemd allow rules for systemd service file operations: start, stop, restart & allow rule for unconfined systemd service. without this change we are geting avc denials and access denied to perform operations service file.

[yocto] [meta-selinux] Regarding "systemd" support with refpolicy-minimum v20151208

Hi, Using refpolicy-minimum v20151208 with systemd as init manager, I am facing few issues during enforcing mode, 1. systemd service status check, start & stop 2. auditd logfile error, so it is mixing with the boot log. 3. also other avc denials related to tmpfs & other types etc.. setup

[yocto] [meta-selinux][PATCH] eudev: add wildcard version

From: Shrikant Bobade <shrikant_bob...@mentor.com> eudev version at poky updated to v3.2 from v3.1.5, so moving it to use wildcard in order to fix the parsing error. Signed-off-by: Shrikant Bobade <shrikant_bob...@mentor.com> --- recipes-core/eudev/eudev_%.bbappend | 3 +++

[yocto] [meta-selinux][PATCH] packagegroup-selinux-policycoreutils: add policycoreutils-hll

From: Shrikant Bobade <shrikant_bob...@mentor.com> we need policycoreutils-hll to insert custom policy module/package, without it semodule install fail with error: libsemanage.semanage_pipe_data: Unable to execute /usr/libexec/selinux/hll/ pp : No such file or dir

[yocto] [meta-selinux][PATCH] iproute2: fix qa warning by using with-selinux

From: Shrikant Bobade <shrikant_bob...@mentor.com> WARNING: iproute2-4.6.0-r0 do_package_qa: QA Issue: iproute2-ss rdepends on libselinux, but it isn't a build dependency, missing libselinux in DEPENDS or PACKAGECONFIG? [build-deps] Signed-off-by: Shrikant Bobade <shrikant_bob...@m

[yocto] [meta-selinux][PATCH] libselinux_git: fix warnings of unavailable patches

From: Shrikant Bobade <shrikant_bob...@mentor.com> Drop unavailable patches entry to fix the warning, even we are using libselinux v2.5 these warnings pop-up during recipes parsing. WARNING:..libselinux_git.bb: Unable to get checksum for libselinux SRC_URI entry libselinux-get-pywrap-d

[yocto] [meta-selinux][PATCH] refpolicy-minimum_git: add systemd dependent policy modules

From: Shrikant Bobade <shrikant_bob...@mentor.com> with systemd enabled refpolicy-minimum build breaks due to missing dependent policy modules, so add the dependent modules: clock, systemd, udev conditionally based on DISTRO_FEATURES. dependent systemd policy modules needed to fix these

[yocto] [meta-selinux][PATCH 2/2] refpolicy-minimum_2.20151208: add systemd dependent policy modules

From: Shrikant Bobade <shrikant_bob...@mentor.com> with systemd enabled refpolicy-minimum build breaks due to missing dependent policy modules, so add the dependent modules: clock, systemd, udev conditionally based on DISTRO_FEATURES. dependent systemd policy modules needed to fix these

[yocto] [meta-selinux][PATCH 1/2] refpolicy_common.inc: enable conditional systemd support

From: Shrikant Bobade <shrikant_bob...@mentor.com> refpolicy now introduced systemd support using POLICY_SYSTEMD variable, with systemd enabled setup we need the refpolicy with systemd support, so enable systemd support based on DISTRO_FEATURES. Signed-off-by: Shrikant Bobade <shr

Re: [yocto] [meta-selinux] Jethro branch

Checked jethro branch, image booting successfully, policy loads well & label file-system thanks ! used distro : poky-selinux & image: core-image-selinux meta-yocto-bsp= "branch_jethro:b1f23d1254682866236bfaeb843c0d8aa332efc2" meta-selinux =

Re: [yocto] [meta-selinux][PATCH] audit: fix qa warning of unrecognised config

-selinux = master:684ee9401f33db7c9d5b183988d89c688c9dd0be Thanks Shrikant On Fri, Aug 14, 2015 at 2:16 PM, Shrikant Bobade bobadeshrik...@gmail.com wrote: From: Shrikant Bobade shrikant_bob...@mentor.com remove --with-armeb=yes to fix the configure unrecognised option qa warning. Signed

[yocto] [meta-selinux][PATCH] audit: fix qa warning of unrecognised config

From: Shrikant Bobade shrikant_bob...@mentor.com remove --with-armeb=yes to fix the configure unrecognised option qa warning. Signed-off-by: Shrikant Bobade shrikant_bob...@mentor.com --- recipes-security/audit/audit_2.4.3.bb |1 - 1 file changed, 1 deletion(-) diff --git a/recipes

Re: [yocto] [meta-selinux][PATCH] audit: fix qa warning of unrecognised config

On Fri, Aug 14, 2015 at 2:29 PM, Khem Raj raj.k...@gmail.com wrote: On Fri, Aug 14, 2015 at 1:53 AM, Shrikant Bobade bobadeshrik...@gmail.com wrote: Hi, observed: WARNING: QA Issue: audit: configure was passed unrecognised options: --with-armeb [unknown-configure-option] on core-image

[yocto] [meta-selinux][PATCH v2] audit: fix qa warning, update config option

From: Shrikant Bobade shrikant_bob...@mentor.com update config option '--with-armeb' to '--with-arm' for audit qa warning fix. Signed-off-by: Shrikant Bobade shrikant_bob...@mentor.com --- recipes-security/audit/audit_2.4.3.bb |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git

Re: [yocto] [meta-selinux][PATCH v1] libpam: use wildcard for version and cleanup

Hi Philip, On Tue, Aug 11, 2015 at 10:39 AM, Philip Tricca fl...@twobit.us wrote: Hey Shrikant, On 07/30/2015 02:31 AM, Shrikant Bobade wrote: This patch provides green build for core-image-selinux (meta-selinux:master poky:master) against libpam upgrade from 1.1.6 to 1.2.1, image

[yocto] [meta-selinux][PATCH 1/8] refpolicy git: update refpolicy to git repository

From: Shrikant Bobade shrikant_bob...@mentor.com A straight update from refpolicy 2.20140311 to refpolicy git repository for the core policy variants and forward-porting of policy patches as appropriate. This approach is useful for building refpolicy refpolicy-contrib directly from the git

[yocto] [meta-selinux][PATCH 3/8] refpolicy-targeted: update base refpolicy to git repo

From: Shrikant Bobade shrikant_bob...@mentor.com A simple forward-port of refpolicy-targeted to use the refpolicy from git repository. Signed-off-by: Shrikant Bobade shrikant_bob...@mentor.com --- .../refpolicy/refpolicy-targeted_git.bb| 20 1 file changed, 20

[yocto] [meta-selinux][PATCH 4/8] refpolicy-mcs: update base refpolicy to git repo

From: Shrikant Bobade shrikant_bob...@mentor.com A simple forward-port of refpolicy-mcs to use the refpolicy from git repository. Signed-off-by: Shrikant Bobade shrikant_bob...@mentor.com --- recipes-security/refpolicy/refpolicy-mcs_git.bb | 11 +++ 1 file changed, 11 insertions

[yocto] [meta-selinux][PATCH 6/8] refpolicy-standard: update base refpolicy to git repo

From: Shrikant Bobade shrikant_bob...@mentor.com A simple forward-port of refpolicy-standard to use the refpolicy from git repository. Signed-off-by: Shrikant Bobade shrikant_bob...@mentor.com --- .../refpolicy/refpolicy-standard_git.bb|8 1 file changed, 8 insertions

[yocto] [meta-selinux][PATCH 5/8] refpolicy-mls: update base refpolicy to git repo

From: Shrikant Bobade shrikant_bob...@mentor.com A simple forward-port of refpolicy-mls to use the refpolicy from git repository. Signed-off-by: Shrikant Bobade shrikant_bob...@mentor.com --- recipes-security/refpolicy/refpolicy-mls_git.bb | 10 ++ 1 file changed, 10 insertions

[yocto] [meta-selinux][PATCH 8/8] README : update supported refpolicy version details

From: Shrikant Bobade shrikant_bob...@mentor.com README updated with the supported refpolicy version details and information of refpolicy building from git repository. Signed-off-by: Shrikant Bobade shrikant_bob...@mentor.com --- README | 15 +++ 1 file changed, 15 insertions

[yocto] [meta-selinux][PATCH 2/8] refpolicy git: rebase patches with code base

From: Shrikant Bobade shrikant_bob...@mentor.com During forward-port of these patches from refpolicy 20140311, requires rebase with the refpolicy git repos head master code base,in order to resolve the patch conflicts. Signed-off-by: Shrikant Bobade shrikant_bob...@mentor.com --- .../refpolicy

[yocto] [meta-selinux][PATCH 7/8] refpolicy-minimum: update base refpolicy to git repo

From: Shrikant Bobade shrikant_bob...@mentor.com A simple forward-port of refpolicy-minimum to use the refpolicy from git repository. Signed-off-by: Shrikant Bobade shrikant_bob...@mentor.com --- .../refpolicy/refpolicy-minimum_git.bb | 48 1 file changed, 48

[yocto] [meta-selinux][PATCH 2/7] refpolicy 20141203: rebase patches with code base

From: Shrikant Bobade shrikant_bob...@mentor.com During forward-port of these patches from refpolicy 2014120311, requires rebase with the refpolicy 20141203 code base, in order to resolve the patch conflicts. Signed-off-by: Shrikant Bobade shrikant_bob...@mentor.com --- .../refpolicy-2.20141203

[yocto] [meta-selinux][PATCH 6/7] refpolicy-standard: update base refpolicy 20141203

From: Shrikant Bobade shrikant_bob...@mentor.com A simple forward-port of refpolicy-standard to use the 20141203 base refpolicy. Signed-off-by: Shrikant Bobade shrikant_bob...@mentor.com --- .../refpolicy/refpolicy-standard_2.20141203.bb |8 1 file changed, 8 insertions

[yocto] [meta-selinux][PATCH 1/7] refpolicy: update refpolicy to 20141203 release

From: Shrikant Bobade shrikant_bob...@mentor.com A straight update from refpolicy 2.20140311 to 2.20141203 for the core policy variants and forward-porting of policy patches as appropriate. ref: https://github.com/TresysTechnology/refpolicy/wiki Signed-off-by: Shrikant Bobade shrikant_bob

[yocto] [meta-selinux][PATCH 4/7] refpolicy-mcs: update base refpolicy 20141203

From: Shrikant Bobade shrikant_bob...@mentor.com A simple forward-port of refpolicy-mcs to use the 20141203 base refpolicy. Signed-off-by: Shrikant Bobade shrikant_bob...@mentor.com --- .../refpolicy/refpolicy-mcs_2.20141203.bb | 11 +++ 1 file changed, 11 insertions

[yocto] [meta-selinux][PATCH 7/7] refpolicy-minimum: update base refpolicy 20141203

From: Shrikant Bobade shrikant_bob...@mentor.com A simple forward-port of refpolicy-minimum to use the 20141203 base refpolicy. Signed-off-by: Shrikant Bobade shrikant_bob...@mentor.com --- .../refpolicy/refpolicy-minimum_2.20141203.bb | 48 1 file changed, 48

[yocto] [meta-selinux][PATCH 5/7] refpolicy-mls: update base refpolicy 20141203

From: Shrikant Bobade shrikant_bob...@mentor.com A simple forward-port of refpolicy-mls to use the 20141203 base refpolicy. Signed-off-by: Shrikant Bobade shrikant_bob...@mentor.com --- .../refpolicy/refpolicy-mls_2.20141203.bb | 10 ++ 1 file changed, 10 insertions

[yocto] [meta-selinux][PATCH 3/7] refpolicy-targeted: update base refpolicy 20141203

From: Shrikant Bobade shrikant_bob...@mentor.com A simple forward-port of refpolicy-targeted to use the 20141203 base refpolicy. Signed-off-by: Shrikant Bobade shrikant_bob...@mentor.com --- .../refpolicy/refpolicy-targeted_2.20141203.bb | 20 1 file changed, 20

[yocto] [meta-selinux][PATCH v1] libpam: use wildcard for version and cleanup

From: Shrikant Bobade shrikant_bob...@mentor.com use wildcard for version: adopting libpam upgrade from 1.1.6 to 1.2.1, cleanup older recipe and remove patch sepermit-add-DESTDIR-prefix.patch since the changes already available with latest source. Signed-off-by: Shrikant Bobade shrikant_bob

Re: [yocto] [meta-selinux][PATCH v1] libpam: use wildcard for version and cleanup

the login issue appears even with disabled selinux support (selinux=0). Thanks Shrikant Bobade On Thu, Jul 30, 2015 at 2:55 PM, Shrikant Bobade bobadeshrik...@gmail.com wrote: From: Shrikant Bobade shrikant_bob...@mentor.com use wildcard for version: adopting libpam upgrade from 1.1.6 to 1.2.1

[yocto] [meta-selinux][PATCH] libpam: use wildcard for version and cleanup

From: Shrikant Bobade shrikant_bob...@mentor.com use wildcard for version: adopting libpam upgrade from 1.6.1 to 1.2.1, cleanup older recipe and remove patch sepermit-add-DESTDIR-prefix.patch since the changes already available with latest source. Signed-off-by: Shrikant Bobade shrikant_bob

[yocto] [meta-selinux][PATCH 1/2] linux-yocto: enable selinux support for kernel v4.1

From: Shrikant Bobade shrikant_bob...@mentor.com The default kernel is now v4.1. So we need the selinux support for kernel v4.1, inorder to get selinux enabled images out of box. Signed-off-by: Shrikant Bobade shrikant_bob...@mentor.com --- recipes-kernel/linux/linux-yocto_4.1.bbappend |8

[yocto] [meta-selinux][PATCH 2/2] README: update supported linux-yocto versions

From: Shrikant Bobade shrikant_bob...@mentor.com README updated with the list of supported linux-yocto versions and details to use it while preparing selinux enabled images. Signed-off-by: Shrikant Bobade shrikant_bob...@mentor.com --- README | 10 ++ 1 file changed, 10 insertions

[yocto] [meta-selinux][PATCH] linux-yocto: enable selinux support for kernel v3.19

From: Shrikant Bobade shrikant_bob...@mentor.com The default kernel is now v3.19. So we need the selinux support for kernel v3.19, inorder to get selinux enabled images out of box. Signed-off-by: Shrikant Bobade shrikant_bob...@mentor.com --- recipes-kernel/linux/linux-yocto_3.19.bbappend

Re: [yocto] [meta-selinux][PATCH 1/3] V2 refpolicy:20140311 update for systemd

Hello, Please provide review comments or feedback if any, It will be a great help. @Ping. Thanks Shrikant On Wed, Nov 19, 2014 at 1:43 PM, Shrikant Bobade bobadeshrik...@gmail.com wrote: From: Shrikant Bobade shrikant_bob...@mentor.com Systemd init type and related allow rules updated

Re: [yocto] [meta-selinux][PATCH 3/3] pkggrp-core-selinux: coreutils addition

Hello, Please provide review comments or feedback if any, It will be a great help. @Ping. Thanks Shrikant On Wed, Nov 19, 2014 at 1:46 PM, Shrikant Bobade bobadeshrik...@gmail.com wrote: From: Shrikant Bobade shrikant_bob...@mentor.com To add coreutils to packagegroup-core-selinux inorder

[yocto] [meta-selinux][PATCH 1/3] V2 refpolicy:20140311 update for systemd

From: Shrikant Bobade shrikant_bob...@mentor.com Systemd init type and related allow rules updated for refpolicy. Signed-off-by: Shrikant Bobade shrikant_bob...@mentor.com --- .../refpolicy-update-for_systemd.patch | 46 .../refpolicy/refpolicy_2.20140311.inc

[yocto] [meta-selinux][PATCH 2/3] selinux-init: update for systemd

From: Shrikant Bobade shrikant_bob...@mentor.com selinux-init.sh updated to reboot system normally to fix the labelling during systemd execution. Due to force reboot labelling won't be proper and system continuously reboot to label it like first time boot. Signed-off-by: Shrikant Bobade

[yocto] [meta-selinux][PATCH 3/3] pkggrp-core-selinux: coreutils addition

From: Shrikant Bobade shrikant_bob...@mentor.com To add coreutils to packagegroup-core-selinux inorder to get chcon avaibility. Signed-off-by: Shrikant Bobade shrikant_bob...@mentor.com --- .../packagegroups/packagegroup-core-selinux.bb |1 + 1 file changed, 1 insertion(+) diff --git

[yocto] [meta-selinux][PATCH] refpolicy:20140311 update for systemd

From: Shrikant Bobade shrikant_bob...@mentor.com Systemd init type and related allow rules updated for refpolicy. Signed-off-by: Shrikant Bobade shrikant_bob...@mentor.com --- .../refpolicy-update-for_systemd.patch | 50 .../refpolicy/refpolicy_2.20140311.inc