- Sep 07, 2018
-
-
Yi Zhao authored
Signed-off-by:
Yi Zhao <yi.zhao@windriver.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
Yi Zhao authored
Signed-off-by:
Yi Zhao <yi.zhao@windriver.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
Yi Zhao authored
Rebase patch: 0001-src-Makefile-fix-includedir-in-libselinux.pc.patch Signed-off-by:
Yi Zhao <yi.zhao@windriver.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
Yi Zhao authored
Rebase patch: 0001-src-Makefile-fix-includedir-in-libselinux.pc.patch Signed-off-by:
Yi Zhao <yi.zhao@windriver.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
Yi Zhao authored
Rebase patch: 0001-src-Makefile-fix-includedir-in-libsepol.pc.patch Signed-off-by:
Yi Zhao <yi.zhao@windriver.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
Yi Zhao authored
Signed-off-by:
Yi Zhao <yi.zhao@windriver.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
Mingli Yu authored
When usrmerge enabled in DISTRO_FEATURES, the binary actually installed under ${base_sbindir}, so cannot remove ${D}${base_sbindir} when usrmerge enabled. Signed-off-by:
Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
Mingli Yu authored
Set SBINDIR to ${base_sbindir} to fix below issue when usrmerge enabled in DISTRO_FEATURES | ERROR: QA Issue: policycoreutils-dbg package is not obeying usrmerge distro feature. /sbin should be relocated to /usr. [usrmerge] | WARNING: policycoreutils-2.7-r0 do_package: QA Issue: policycoreutils: Files/directories were installed but not shipped in any package: /sbin/restorecon /sbin/setfiles /sbin/load_policy /sbin/restorecon_xattr /sbin/fixfiles Signed-off-by:
Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
- Aug 17, 2018
-
-
Mingli Yu authored
Add SBINDIR=${D}/${base_sbindir} to EXTRA_OEMAKE to fix below error when usrmerge enabled in DISTRO_FEATURES. ERROR: QA Issue: mcstrans-dbg package is not obeying usrmerge distro feature. /sbin should be relocated to /usr. [usrmerge] Signed-off-by:
Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
Wenzong Fan authored
* make pam and audit support configurable; * remove INITDIR from EXTRA_OEMAKE, the variable is not supported now. Signed-off-by:
Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by:
Yi Zhao <yi.zhao@windriver.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
Wenzong Fan authored
Fix the QA errors when enable multilib: ERROR: selinux-python-2.7-r0 do_package: QA Issue: selinux-python: Files/directories were installed but not shipped in any package: /usr/lib /usr/lib/python2.7 /usr/lib/python2.7/site-packages /usr/lib/python2.7/site-packages/sepolicy-1.1.egg-info [snip] Signed-off-by:
Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by:
Yi Zhao <yi.zhao@windriver.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
- Aug 16, 2018
-
-
Khem Raj authored
When setting preferred version for a given refpolicy we also need to set the PV for refpolicy recipe since its part of the selinux packagegroup and will silently use git version Signed-off-by:
Khem Raj <raj.khem@gmail.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
- Aug 14, 2018
-
-
Yi Zhao authored
The _virtclass-native is obsolete. Replace it with _class-native. Signed-off-by:
Yi Zhao <yi.zhao@windriver.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
Yi Zhao authored
The _virtclass-native is obsolete and replaced by _class-native. In recent oe-core commit c5aa33ac483618bc23fbaccb0a18853186f9155d the _virtclass-native override was dropped entirely which caused refpolicy-mls do_install failed: libsemanage.get_home_dirs: Error while fetching users. Returning list so far. libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned error code 1. (No such file or directory). Signed-off-by:
Yi Zhao <yi.zhao@windriver.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
- Aug 13, 2018
-
-
Yi Zhao authored
Refresh patches with devtool command to fix do_patch warning Signed-off-by:
Yi Zhao <yi.zhao@windriver.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
Joe MacDonald authored
Based on the discussion here: https://www.mail-archive.com/yocto@yoctoproject.org/msg40561.html This should fix the error encountered when building an SDK: nothing provides semodule-utils = 2.7-r0 needed by semodule-utils-dev-2.7-r0.core2-32 Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
Ioan-Adrian Ratiu authored
If DISTRO_FEATURES contains usrmerge then busybox binaries are installed under /usr/bin not /bin so use ${base_bindir} to support both paths and avoid QA errors. Signed-off-by:
Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
Jeremy Puhlman authored
Signed-off-by:
Jeremy Puhlman <jpuhlman@mvista.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
George McCollister authored
Use -m to prevent non-seclabel mounts from being excluded from labeling. After the following commit setfiles will no longer label files on a mount other than / if it doesn't have seclabel listed in /proc/mounts: https://github.com/SELinuxProject/selinux/commit/f2e77865e144ab2e1313aa78d99b969f8f48695e#diff-2de9aefdd8fc5bc6a8740533e5d1cc2e Signed-off-by:
George McCollister <george.mccollister@gmail.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
Ioan-Adrian Ratiu authored
Recent versions of bitbake starting with sumo issue warnings if patches are applied with fuzz (in the future these will be errors). Regenerated patches using: devtool modify <recipe> devtool finish --force-patch-refresh <recipe> <layer_path> Signed-off-by:
Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
Ioan-Adrian Ratiu authored
Recent versions of bitbake starting with sumo issue a warning if patches are applied with any fuzz (in the future it will be an errer). Patches were regenerated using: devtool modify <recipe> devtool finish --force-patch-refresh <recipe> <layer_path> Signed-off-by:
Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
Joe MacDonald authored
Moving the python components to their own package removes a hard dependency on all of libsemanage but requires an explicit runtime dependency on python. Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
Jed authored
Just moving the python script to the -python package. This allows using libsemanage without requiring python. Signed-off-by:
Jed <jed.openxt@gmail.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
- May 17, 2018
-
-
Joe MacDonald authored
Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
- May 08, 2018
-
-
Kai Kang authored
After upgrade to 4.14.1, iproute2 changes it way to create configure output file config.mk which is also renamed from 'Config'. With RSS, the workaround for iproute2 is not needed any more. Signed-off-by:
Kai Kang <kai.kang@windriver.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
Kai Kang authored
enable-audit.bbclass is only used by systemd. And systemd has adapted to use build tool meson and implement PACKAGECONFIG audit in recipe file of systemd in oe-core. So remove implement of PACKAGECONFIG audit from enable-audit.bbclass. Signed-off-by:
Kai Kang <kai.kang@windriver.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
Kai Kang authored
Because 'libdir' is set with ${base_libdir} in recipe file of audit, package config files(.pc) are installed to ${base_libdir}/pkgconfig that variable pkgconfigdir is set with ${libdir}/pkgconfig in makefile. Set pkgconfigdir directly to install .pc files to right directory. And remove setting of FILES_${PN}-dev which has been done in bitbake.conf in oe-core. Signed-off-by:
Kai Kang <kai.kang@windriver.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
Armin Kuster authored
Signed-off-by:
Armin Kuster <akuster@mvista.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
Wenzong Fan authored
v2 changes: * Update patch for Yocto Compat - don't change layer's hash ============================================ The systemd-backlight@.service which called after selinux-init.service will create /var/lib/systemd/backlight with incorrect security labels, this causes the systemd-backlight service fails to start and stop. Creating /var/lib/systemd/backlight in advance to make sure it could always be relabelled by selinux-init while first booting. Signed-off-by:
Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
Armin Kuster authored
bb.data_smart.ExpansionError: Failure expanding variable WARN_QA[:=], expression was ${@oe_filter_out('unsafe-references-in-scripts', 'ldflags useless-rpaths rpaths staticdev libdir xorg-driver-abi textrel already-stripped incompatible-license files-invalid installed-vs-shipped compile-host-path install-host-path pn-overrides infodir build-deps unknown-configure-option symlink-to-sysroot multilib invalid-packageconfig host-user-contaminated uppercase-pn ', d)} which triggered exception NameError: name 'oe_filter_out' is not defined Signed-off-by:
Armin Kuster <akuster@mvista.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
Armin Kuster authored
Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'restorecond', 'libselinux', 'python-importlib'] Signed-off-by:
Armin Kuster <akuster@mvista.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
- Jan 19, 2018
-
-
Sajjad Ahmed authored
* audit_2.7.6.bb : fix error [gzip: stdin: not in gzip format] and checksum * refpolicy-minimum_git.bb : fix [Failed to resolve typeattributeset statement], dependency for "fsadm" in init.pp * refpolicy-targeted_2.20170204.bb : added version dependent patches * patches : separate patches for release 2.20170204 version and 2.20170805+git version Signed-off-by:
Sajjad Ahmed <sajjad_ahmed@mentor.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com>
-
- Sep 15, 2017
-
-
Mark Hatle authored
Bring in a patch from https://github.com/vorlonofportland/setools , commit id 790d7a538f515d27d2390f1ef56c9871b107a346. Fixes an issue where setools fails with: error: '%04zd' directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=] snprintf(buff, 9, "@ttr%04zd", i + 1); Signed-off-by:
Mark Hatle <mark.hatle@windriver.com>
-
- Sep 14, 2017
-
-
Mark Hatle authored
The functional call may not always work as specified, be sure to include the () to make sure the shell knows this is a function. Also add both findutils and grep as necessary for fixfiles to run properly in a minimal environment. Busybox is not adequate at this time. Signed-off-by:
Mark Hatle <mark.hatle@windriver.com>
-
Mark Hatle authored
Signed-off-by:
Mark Hatle <mark.hatle@windriver.com>
-
Mark Hatle authored
Resolve warning: ${COREBASE}/LICENSE is not a valid license file, please use '${COMMON_LICENSE_DIR}/MIT' for a MIT License file in LIC_FILES_CHKSUM. Also remove the obsolete PR number. Signed-off-by:
Mark Hatle <mark.hatle@windriver.com>
-
Mark Hatle authored
We want to give the users some basic information to be able to run the compiled system with SE Linux enabled, but not in enforcing mode. This will allow a knowledgable user to update the reference policy for their configuration. Signed-off-by:
Mark Hatle <mark.hatle@windriver.com>
-
Mark Hatle authored
Change the references to check for the distribution flag of 'selinux' being set before taking any action within the bbappends. This prevents the signature from being modified. Also remove PR changes, as they are no longer allowed. Signed-off-by:
Mark Hatle <mark.hatle@windriver.com>
-
Mark Hatle authored
Remove distros, instead of specifying an oe or poky example distribution, we are moving to enabling the components using DISTRO_FEATURES. This will make it easier for a user to enable selinux on a custom distribution, or on a project specific basis. Signed-off-by:
Mark Hatle <mark.hatle@windriver.com>
-
Mark Hatle authored
Signed-off-by:
Mark Hatle <mark.hatle@windriver.com>
-