Re: [yocto] [meta-selinux][PATCH] policycoreutils: remove oe_filter_out

2018-04-23 Thread wenzong fan
Jackie has sent a patch on 02/07/2018 for this: [yocto] [meta-selinux][PATCH] policycoreutils.inc: use oe.utils.str_filter_out It's still not merged yet. Thanks Wenzong On 04/15/2018 06:33 AM, Armin Kuster wrote: bb.data_smart.ExpansionError: Failure expanding variable WARN_QA[:=],

Re: [yocto] [meta-selinux][PATCH] systemd: create /var/lib/systemd/backlight in advance

2018-04-19 Thread wenzong fan
On 04/19/2018 10:05 PM, akuster808 wrote: On 04/19/2018 12:15 AM, wenzong@windriver.com wrote: From: Wenzong Fan <wenzong@windriver.com> The systemd-backlight@.service which called after selinux-init.service will create /var/lib/systemd/backlight with incorrect security

Re: [yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)

2017-09-18 Thread wenzong fan
On 09/14/2017 09:33 PM, Mark Hatle wrote: On 9/14/17 5:31 AM, wenzong fan wrote: On 09/14/2017 08:07 AM, Mark Hatle wrote: On 9/12/17 9:19 PM, Mark Hatle wrote: On 9/12/17 9:06 PM, wenzong fan wrote: On 09/12/2017 06:59 PM, Chanho Park wrote: Hi, I can't apply this patch on top

Re: [yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)

2017-09-14 Thread wenzong fan
On 09/14/2017 08:07 AM, Mark Hatle wrote: On 9/12/17 9:19 PM, Mark Hatle wrote: On 9/12/17 9:06 PM, wenzong fan wrote: On 09/12/2017 06:59 PM, Chanho Park wrote: Hi, I can't apply this patch on top of the master branch. Which revision did you make the patches? Oops, that's my fault. I

Re: [yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)

2017-09-12 Thread wenzong fan
o changed the removed patch files in libsemanage. I'll send v2. Thanks Wenzong Best Regards, Chanho Park On Tue, 5 Sep 2017 at 3:05 PM <wenzong@windriver.com <mailto:wenzong@windriver.com>> wrote: From: Wenzong Fan <wenzong@windriver.com <mailto:wenzong

Re: [yocto] [meta-selinux] What's the point of refpolicy-minimum?

2017-01-11 Thread wenzong fan
I don't have much experience on using the refpolicy-minimum as well. But from the original logs it should be "minimum targeted policy". commit 65675f02e33f5da31ec5dbac7a45849f4952569b Author: Wenzong Fan <wenzong@windriver.com> Date: Mon Mar 24 21:07:50 2014 -0400 refpo

Re: [yocto] [meta-selinux][PATCH 0/2] uprev refpolicy to 2.20161023

2017-01-11 Thread wenzong fan
On 01/11/2017 09:51 PM, Joe MacDonald wrote: [Re: [yocto] [meta-selinux][PATCH 0/2] uprev refpolicy to 2.20161023] On 17.01.11 (Wed 10:24) wenzong fan wrote: On 01/10/2017 10:25 PM, Joe MacDonald wrote: [[yocto] [meta-selinux][PATCH 0/2] uprev refpolicy to 2.20161023] On 17.01.10 (Tue 00:54

Re: [yocto] [meta-selinux][PATCH 0/2] uprev refpolicy to 2.20161023

2017-01-10 Thread wenzong fan
On 01/10/2017 10:25 PM, Joe MacDonald wrote: [[yocto] [meta-selinux][PATCH 0/2] uprev refpolicy to 2.20161023] On 17.01.10 (Tue 00:54) wenzong@windriver.com wrote: From: Wenzong Fan <wenzong@windriver.com> Uprev refpolicy to 2.20161023 and fix build errors for refpolicy-m

Re: [yocto] [PATCH][meta-selinux] refpolicy-minimum: port changes for prepare_policy_store

2016-04-18 Thread wenzong fan
On 04/18/2016 05:02 AM, Philip Tricca wrote: Hello Wenzong, On 04/08/2016 01:19 AM, wenzong@windriver.com wrote: From: Wenzong Fan <wenzong@windriver.com> Apply the changes to refpolicy-minimum_2.20151208.bb: commit bfaf278116e6c3a04bb82c9f8a4f8629a0a85df8 Author: Wenzo

Re: [yocto] [meta-selinux][PATCH 2/3] Integrate selinux-config into refpolicy_common.

2016-04-13 Thread wenzong fan
On 04/12/2016 10:05 PM, Joe MacDonald wrote: Philip / Wenzong, [Re: [yocto] [meta-selinux][PATCH 2/3] Integrate selinux-config into refpolicy_common.] On 16.04.12 (Tue 13:54) wenzong fan wrote: On 04/12/2016 11:55 AM, Philip Tricca wrote: Hello, On 04/11/2016 05:54 AM, Joe MacDonald wrote

Re: [yocto] [meta-selinux][PATCH 2/3] Integrate selinux-config into refpolicy_common.

2016-04-11 Thread wenzong fan
On 04/12/2016 11:55 AM, Philip Tricca wrote: Hello, On 04/11/2016 05:54 AM, Joe MacDonald wrote: This causes do_populate_sysroot error if build two or more types of refpolicy: $ bitbake refpolicy-minimum && bitbake refpolicy-mls ERROR: refpolicy-mls-git-r0 do_populate_sysroot: The recipe

Re: [yocto] [meta-selinux][PATCH 2/3] Integrate selinux-config into refpolicy_common.

2016-04-08 Thread wenzong fan
This causes do_populate_sysroot error if build two or more types of refpolicy: $ bitbake refpolicy-minimum && bitbake refpolicy-mls ERROR: refpolicy-mls-git-r0 do_populate_sysroot: The recipe refpolicy-mls is trying to install files into a shared area when those files already exist. Those

Re: [yocto] [PATCH][meta-selinux] libselinux, libsepol: depends on coreutils-native

2016-01-21 Thread wenzong fan
Ping ... Could it be merged? Thanks Wenzong On 11/24/2015 09:48 AM, Chris Patterson wrote: On 10/21/2015 05:49 AM, Khem Raj wrote: On Oct 20, 2015, at 2:49 AM,wenzong.fan at windriver.com wrote: From: Wenzong Fan 'ln --relative' doesn't work on Ubuntu 12.04 that has ln 8.13

Re: [yocto] [PATCH][meta-selinux] libselinux, libsepol: depends on coreutils-native

2015-10-25 Thread wenzong fan
On 10/21/2015 05:49 AM, Khem Raj wrote: On Oct 20, 2015, at 2:49 AM, wenzong@windriver.com wrote: From: Wenzong Fan <wenzong@windriver.com> 'ln --relative' doesn't work on Ubuntu 12.04 that has ln 8.13. The OE-Core has lnr script you can use that. It's good to know this.

Re: [yocto] [meta-selinux][PATCH 1/1] refpolicy: SRCREV_FORMAT needed

2015-10-07 Thread wenzong fan
On 10/08/2015 07:36 AM, Joe Slater wrote: Signed-off-by: Joe Slater --- recipes-security/refpolicy/refpolicy_git.inc |1 + 1 file changed, 1 insertion(+) diff --git a/recipes-security/refpolicy/refpolicy_git.inc b/recipes-security/refpolicy/refpolicy_git.inc

Re: [yocto] [PATCH][meta-selinux] audit/auvirt: get inline functions work with C99

2015-09-14 Thread wenzong fan
The "extern inline" will fail to build with gcc 4.x, but "static inline" work with both gcc 4 & 5. I'll send V2 patch for make the change. Please ignore this one. Thanks Wenzong On 09/11/2015 05:50 PM, wenzong@windriver.com wrote: From: Wenzong Fan <wenzong

Re: [yocto] [meta-selinux][PATCH] Use the SELinux project release tarballs.

2015-08-24 Thread wenzong fan
On 08/22/2015 12:01 AM, Philip Tricca wrote: Greetings Wenzong, On 08/21/2015 02:09 AM, wenzong fan wrote: On 08/21/2015 10:48 AM, Philip Tricca wrote: Any opinions / thoughts on this one? I've got an upgrade for the toolstack (2.3 - 2.4) ready to go but I've based it on the release URIs from

Re: [yocto] [meta-selinux][PATCH] Use the SELinux project release tarballs.

2015-08-21 Thread wenzong fan
On 08/21/2015 10:48 AM, Philip Tricca wrote: Any opinions / thoughts on this one? I've got an upgrade for the toolstack (2.3 - 2.4) ready to go but I've based it on the release URIs from the wiki so it depends on this patch. Hi Philip, Good to know you have made the selinux toolstack upgrade

Re: [yocto] [meta-selinux] How about remove libcap-ng from meta-selinux?

2015-08-18 Thread wenzong fan
On 08/18/2015 10:28 AM, Randy MacLeod wrote: On 2015-08-14 02:41 AM, wenzong fan wrote: On 08/12/2015 09:05 PM, Joe MacDonald wrote: [[yocto] [meta-selinux] How about remove libcap-ng from meta-selinux?] On 15.08.12 (Wed 17:08) wenzong fan wrote: Hi All, There's a libcap-ng in meta-oe layer

Re: [yocto] [meta-selinux] How about remove libcap-ng from meta-selinux?

2015-08-14 Thread wenzong fan
On 08/12/2015 09:05 PM, Joe MacDonald wrote: [[yocto] [meta-selinux] How about remove libcap-ng from meta-selinux?] On 15.08.12 (Wed 17:08) wenzong fan wrote: Hi All, There's a libcap-ng in meta-oe layer, it has been updated to 0.7.7 and the one in meta-selinux is 0.7.3. How about removing

Re: [yocto] [oe] [meta-selinux] Re: meta-selinux updates for oe-core-1.9 -- resend to right list.

2015-08-14 Thread wenzong fan
I just sent uprev patches for: libcap-ng 0.7.3 - 0.7.7 python-ipy 0.81 - 0.83 The remaining list that need to be updated: selinux: - libsemanage 2.3 2.4 - sepolgen 1.2.1 1.2.2 - checkpolicy 2.3 2.4 - libselinux 2.3 2.4 - libsepol 2.3 2.4 -

[yocto] [meta-selinux] How about remove libcap-ng from meta-selinux?

2015-08-12 Thread wenzong fan
Hi All, There's a libcap-ng in meta-oe layer, it has been updated to 0.7.7 and the one in meta-selinux is 0.7.3. How about removing the one in meta-selinux and get this layer depends on meta-oe? Any suggestions? Thanks Wenzong -- ___ yocto

Re: [yocto] [PATCH][meta-selinux] findutils/gnulib:drop the error output of 'ls' command

2015-07-24 Thread wenzong fan
Ping ... On 04/02/2015 10:26 AM, rongqing...@windriver.com wrote: From: Roy Li rongqing...@windriver.com The ls command is used to check if the file exists, and it is normal that the checked file does not exist, so drop the ls error ouput: ls: cannot access ./doc/fdl.texi: No such

Re: [yocto] [PATCH][meta-selinux] findutils/gnulib:drop the error output of 'ls' command

2015-07-07 Thread wenzong fan
Ping... On 04/02/2015 10:26 AM, rongqing...@windriver.com wrote: From: Roy Li rongqing...@windriver.com The ls command is used to check if the file exists, and it is normal that the checked file does not exist, so drop the ls error ouput: ls: cannot access ./doc/fdl.texi: No such file

Re: [yocto] [PATCH v2][meta-selinux] udev: restorecon /run to allow mdadm creating /run/mdadm

2015-07-07 Thread wenzong fan
Ping ... On 03/23/2015 03:40 PM, wenzong@windriver.com wrote: From: Wenzong Fan wenzong@windriver.com This change bases on the factors during bootup: a. the default type for /run is var_run_t; b. the type for /run will be changed to tmpfs_t after tmpfs mounted; c. the type for /run

Re: [yocto] [PATCH][meta-selinux] policycoreutils: enable mcstransd

2015-07-07 Thread wenzong fan
Ping ... On 01/26/2015 03:38 PM, rongqing...@windriver.com wrote: From: Roy Li rongqing...@windriver.com mcstransd is a daemon to translate SELinux MCS/MLS sensitivity labels, policycoreutils includes mcstransd whose version is newer than that from http://mcstrans.sourcearchive.com/

Re: [yocto] [PATCH][meta-selinux] udev: restorecon /run to allow mdadm creating /run/mdadm

2015-03-23 Thread wenzong fan
On 03/23/2015 03:29 PM, wenzong@windriver.com wrote: From: Wenzong Fan wenzong@windriver.com This change bases on the factors during bootup: a. the default type for /run is var_run_t; b. the type for /run will be changed to tmpfs_t after tmpfs mounted; c. the type for /run

Re: [yocto] [meta-selinux][PATCH 0/2] dhcp: restorecon for dhcpd*.leases from initscript

2014-06-12 Thread wenzong fan
Recall this patch since the dhcp in oe-core has been updated to 4.3.0. I'll send v2 after fixed the version number for bbappend. Sorry for the inconvenience. // Wenzong On 06/06/2014 06:00 PM, wenzong@windriver.com wrote: From: Wenzong Fan wenzong@windriver.com dhcp-server fails

Re: [yocto] [meta-selinux][PATCH 0/4] add targeted/minimum policy and some updates

2014-04-04 Thread wenzong fan
On 04/04/2014 02:57 PM, Pascal Ouyang wrote: 于 14-4-4 上午3:20, Joe MacDonald 写道: Hey Wenzong, I merged two of these four. [[yocto] [meta-selinux][PATCH 0/4] add targeted/minimum policy and some updates] On 14.03.24 (Mon 21:07) wenzong@windriver.com wrote: From: Wenzong Fan wenzong

Re: [yocto] [meta-selinux][PATCH 1/1] selinux: set policy-version to 28

2014-01-27 Thread wenzong fan
On 01/27/2014 04:12 PM, Pascal Ouyang wrote: 于 14-1-27 下午2:52, wenzong@windriver.com 写道: From: Wenzong Fan wenzong@windriver.com The default policy version of new selinux toolchains is 29, to fit kernel 3.10.x, set it to 28. --- recipes-security/refpolicy/refpolicy_common.inc