[Buildroot] [PATCH 00/15] packages: Add SELinux modules to some packages

[Buildroot] [PATCH 00/15] packages: Add SELinux modules to some packages

[Maxime Chevallier]

Hello everyone,

Following the recent support for the SELinux refpolicy and the ability for
packages to select their own SELinux module in the refpolicy [1], this series
adds a first batch of matching between packages and their respective module.

This series focuses on the tools that are impacted by the following
modules in the refpolicy [2] :

  - services/networkmanager, which adds support for :
    - dhcp
    - iwd
    - network-manager
    - wpa_supplicant

  - system/ipatbles, which adds support for :
    - ebtables
    - ipset
    - iptables
    - nftables

  - admin/netutils, which adds support for :
    - fping
    - iputils
    - mtr
    - nmap
    - tcpdump

  - services/entropyd, which adds support for :
    - haveged
    - jitterentropy-library

With this series, the above-mentionned tools can now be used on systems
that have SELinux enabled.

This series was split per-package, which generates lots of one-liner
patches. Due to the nature of the changes, I expect more patches like
that to follow, so we might also use a "one package per module" approach
if you want.

Thanks,

Maxime

[1] : 0228f521d6 package/refpolicy: allow packages to select SELinux modules
[2] : https://github.com/SELinuxProject/refpolicy

Maxime Chevallier (15):
  packages/dhcp: add SELinux module
  package/iwd: add SELinux module
  package/network-manager: add SELinux module
  package/wpa_supplicant: add SELinux module
  package/ebtables: add SELinux module
  package/ipset: add SELinux module
  package/iptables: add SELinux module
  package/nftables: add SELinux module
  package/fping: add SELinux module
  package/iputils: add SELinux module
  package/mtr: add SELinux module
  package/nmap: add SELinux module
  package/tcpdump: add SELinux module
  package/haveged: add SELinux module
  package/jitterentropy-library: add SELinux module

 package/dhcp/dhcp.mk                                   | 1 +
 package/ebtables/ebtables.mk                           | 1 +
 package/fping/fping.mk                                 | 1 +
 package/haveged/haveged.mk                             | 1 +
 package/ipset/ipset.mk                                 | 1 +
 package/iptables/iptables.mk                           | 2 ++
 package/iputils/iputils.mk                             | 1 +
 package/iwd/iwd.mk                                     | 1 +
 package/jitterentropy-library/jitterentropy-library.mk | 1 +
 package/mtr/mtr.mk                                     | 1 +
 package/network-manager/network-manager.mk             | 1 +
 package/nftables/nftables.mk                           | 1 +
 package/nmap/nmap.mk                                   | 1 +
 package/tcpdump/tcpdump.mk                             | 1 +
 package/wpa_supplicant/wpa_supplicant.mk               | 1 +
 15 files changed, 16 insertions(+)

-- 
2.25.4

[Buildroot] [PATCH 01/15] packages/dhcp: add SELinux module

[Maxime Chevallier]

Support for dhcp is added by the services/networkmanager module in the
SELinux repolicy.

Add this information so that dhcp can be used when SELinux is enabled on
the system.

Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
 package/dhcp/dhcp.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package/dhcp/dhcp.mk b/package/dhcp/dhcp.mk
index ad59804d3b..e5d7fb9b90 100644
--- a/package/dhcp/dhcp.mk
+++ b/package/dhcp/dhcp.mk
@@ -10,6 +10,7 @@ DHCP_INSTALL_STAGING = YES
 DHCP_LICENSE = MPL-2.0
 DHCP_LICENSE_FILES = LICENSE
 DHCP_DEPENDENCIES = bind
+DHCP_SELINUX_MODULES = networkmanager
 
 # use libtool-enabled configure.ac
 define DHCP_LIBTOOL_AUTORECONF
-- 
2.25.4

[Buildroot] [PATCH 02/15] package/iwd: add SELinux module

[Maxime Chevallier]

Support for iwd and its configuration files is added by the
services/networkmanager module in the SELinux refpolicy.

Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
 package/iwd/iwd.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package/iwd/iwd.mk b/package/iwd/iwd.mk
index b1841b5476..b164970196 100644
--- a/package/iwd/iwd.mk
+++ b/package/iwd/iwd.mk
@@ -11,6 +11,7 @@ IWD_LICENSE = LGPL-2.1+
 IWD_LICENSE_FILES = COPYING
 # sources from git, no configure script provided
 IWD_AUTORECONF = YES
+IWD_SELINUX_MODULES = networkmanager
 
 IWD_CONF_OPTS = \
 	--disable-manual-pages \
-- 
2.25.4

[Buildroot] [PATCH 03/15] package/network-manager: add SELinux module

[Maxime Chevallier]

Support for NetworkManager is added by the services/networkmanager
module in the SELinux refpolicy.

Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
 package/network-manager/network-manager.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package/network-manager/network-manager.mk b/package/network-manager/network-manager.mk
index 3dc3188f32..4b2ade5b9b 100644
--- a/package/network-manager/network-manager.mk
+++ b/package/network-manager/network-manager.mk
@@ -13,6 +13,7 @@ NETWORK_MANAGER_DEPENDENCIES = host-pkgconf udev gnutls libglib2 \
 	libgcrypt wireless_tools util-linux host-intltool readline libndp
 NETWORK_MANAGER_LICENSE = GPL-2.0+ (app), LGPL-2.1+ (libnm)
 NETWORK_MANAGER_LICENSE_FILES = COPYING COPYING.LGPL CONTRIBUTING
+NETWORK_MANAGER_SELINUX_MODULES = networkmanager
 
 NETWORK_MANAGER_CONF_ENV = \
 	ac_cv_path_LIBGCRYPT_CONFIG=$(STAGING_DIR)/usr/bin/libgcrypt-config \
-- 
2.25.4

[Buildroot] [PATCH 04/15] package/wpa_supplicant: add SELinux module

[Maxime Chevallier]

Support for wpa_supplicant is added by the services/networkmanager
module in the SELinux refpolicy.

Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
 package/wpa_supplicant/wpa_supplicant.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package/wpa_supplicant/wpa_supplicant.mk b/package/wpa_supplicant/wpa_supplicant.mk
index 7170db0d07..38af11625a 100644
--- a/package/wpa_supplicant/wpa_supplicant.mk
+++ b/package/wpa_supplicant/wpa_supplicant.mk
@@ -14,6 +14,7 @@ WPA_SUPPLICANT_DBUS_OLD_SERVICE = fi.epitest.hostap.WPASupplicant
 WPA_SUPPLICANT_DBUS_NEW_SERVICE = fi.w1.wpa_supplicant1
 WPA_SUPPLICANT_CFLAGS = $(TARGET_CFLAGS) -I$(STAGING_DIR)/usr/include/libnl3/
 WPA_SUPPLICANT_LDFLAGS = $(TARGET_LDFLAGS)
+WPA_SUPPLICANT_SELINUX_MODULES = networkmanager
 
 # 0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
 WPA_SUPPLICANT_IGNORE_CVES += CVE-2019-16275
-- 
2.25.4

[Buildroot] [PATCH 05/15] package/ebtables: add SELinux module

[Maxime Chevallier]

Support for ebtables is added in the system/iptables module in the
SELinux refpolicy.

Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
 package/ebtables/ebtables.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package/ebtables/ebtables.mk b/package/ebtables/ebtables.mk
index e8b982206c..93af5085ec 100644
--- a/package/ebtables/ebtables.mk
+++ b/package/ebtables/ebtables.mk
@@ -8,6 +8,7 @@ EBTABLES_VERSION = 2.0.11
 EBTABLES_SITE = http://ftp.netfilter.org/pub/ebtables
 EBTABLES_LICENSE = GPL-2.0+
 EBTABLES_LICENSE_FILES = COPYING
+EBTABLES_SELINUX_MODULES = iptables
 
 ifeq ($(BR2_PACKAGE_EBTABLES_UTILS_SAVE),y)
 define EBTABLES_INSTALL_TARGET_UTILS_SAVE
-- 
2.25.4

[Buildroot] [PATCH 06/15] package/ipset: add SELinux module

[Maxime Chevallier]

Support for ipset is added by the system/iptables module in the SELinux
refpolicy.

Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
 package/ipset/ipset.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package/ipset/ipset.mk b/package/ipset/ipset.mk
index 869763d322..03ef1667f4 100644
--- a/package/ipset/ipset.mk
+++ b/package/ipset/ipset.mk
@@ -12,5 +12,6 @@ IPSET_CONF_OPTS = --with-kmod=no
 IPSET_LICENSE = GPL-2.0
 IPSET_LICENSE_FILES = COPYING
 IPSET_INSTALL_STAGING = YES
+IPSET_SELINUX_MODULES = iptables
 
 $(eval $(autotools-package))
-- 
2.25.4

[Buildroot] [PATCH 07/15] package/iptables: add SELinux module

[Maxime Chevallier]

Support for iptables is adde by the system/iptables module in the
SELinux refpolicy.

Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
 package/iptables/iptables.mk | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/package/iptables/iptables.mk b/package/iptables/iptables.mk
index 442639f159..eb0f0f60a4 100644
--- a/package/iptables/iptables.mk
+++ b/package/iptables/iptables.mk
@@ -12,6 +12,8 @@ IPTABLES_DEPENDENCIES = host-pkgconf \
 	$(if $(BR2_PACKAGE_LIBNETFILTER_CONNTRACK),libnetfilter_conntrack)
 IPTABLES_LICENSE = GPL-2.0
 IPTABLES_LICENSE_FILES = COPYING
+IPTABLES_SELINUX_MODULES = iptables
+
 # Building static causes ugly warnings on some plugins
 IPTABLES_CONF_OPTS = --libexecdir=/usr/lib --with-kernel=$(STAGING_DIR)/usr \
 	$(if $(BR2_STATIC_LIBS),,--disable-static)
-- 
2.25.4

[Buildroot] [PATCH 08/15] package/nftables: add SELinux module

[Maxime Chevallier]

Support for nft is added by the system/iptables module in the SELinux
refpolicy.

Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
 package/nftables/nftables.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package/nftables/nftables.mk b/package/nftables/nftables.mk
index 8a003a5e34..f9468c5250 100644
--- a/package/nftables/nftables.mk
+++ b/package/nftables/nftables.mk
@@ -11,6 +11,7 @@ NFTABLES_DEPENDENCIES = libmnl libnftnl host-pkgconf $(TARGET_NLS_DEPENDENCIES)
 NFTABLES_LICENSE = GPL-2.0
 NFTABLES_LICENSE_FILES = COPYING
 NFTABLES_CONF_OPTS = --disable-man-doc --disable-pdf-doc
+NFTABLES_SELINUX_MODULES = iptables
 
 ifeq ($(BR2_PACKAGE_GMP),y)
 NFTABLES_DEPENDENCIES += gmp
-- 
2.25.4

[Buildroot] [PATCH 09/15] package/fping: add SELinux module

[Maxime Chevallier]

Support for fping is added by the admin/netutils module in the SELinux
refpolicy.

Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
 package/fping/fping.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package/fping/fping.mk b/package/fping/fping.mk
index 24aca32367..0a03c1dfdc 100644
--- a/package/fping/fping.mk
+++ b/package/fping/fping.mk
@@ -8,5 +8,6 @@ FPING_VERSION = 5.0
 FPING_SITE = http://fping.org/dist
 FPING_LICENSE = BSD-like
 FPING_LICENSE_FILES = COPYING
+FPING_SELINUX_MODULES = netutils
 
 $(eval $(autotools-package))
-- 
2.25.4

[Buildroot] [PATCH 10/15] package/iputils: add SELinux module

[Maxime Chevallier]

Support for the iputils is added by the admin/netutils module in the
SELinux refpolicy.

Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
 package/iputils/iputils.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package/iputils/iputils.mk b/package/iputils/iputils.mk
index 4f8d9cb768..38e3cd03e8 100644
--- a/package/iputils/iputils.mk
+++ b/package/iputils/iputils.mk
@@ -16,6 +16,7 @@ IPUTILS_SITE = $(call github,iputils,iputils,s$(IPUTILS_VERSION))
 IPUTILS_LICENSE = GPL-2.0+, BSD-3-Clause
 IPUTILS_LICENSE_FILES = LICENSE Documentation/LICENSE.BSD3 Documentation/LICENSE.GPL2
 IPUTILS_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES)
+IPUTILS_SELINUX_MODULES = netutils
 
 # Selectively build binaries
 IPUTILS_CONF_OPTS += \
-- 
2.25.4

[Buildroot] [PATCH 11/15] package/mtr: add SELinux module

[Maxime Chevallier]

Support for mtr is added by the admin/netutils module in the SELinux
refpolicy.

Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
 package/mtr/mtr.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package/mtr/mtr.mk b/package/mtr/mtr.mk
index 7a4b140267..263482534e 100644
--- a/package/mtr/mtr.mk
+++ b/package/mtr/mtr.mk
@@ -11,5 +11,6 @@ MTR_CONF_OPTS = --without-gtk
 MTR_DEPENDENCIES = host-pkgconf $(if $(BR2_PACKAGE_NCURSES),ncurses)
 MTR_LICENSE = GPL-2.0
 MTR_LICENSE_FILES = COPYING
+MTR_SELINUX_MODULES = netutils
 
 $(eval $(autotools-package))
-- 
2.25.4

[Buildroot] [PATCH 12/15] package/nmap: add SELinux module

[Maxime Chevallier]

Support for nmap is added by the admin/netutils module in the SELinux
refpolicy.

Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
 package/nmap/nmap.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package/nmap/nmap.mk b/package/nmap/nmap.mk
index a719b268c8..38050fbd45 100644
--- a/package/nmap/nmap.mk
+++ b/package/nmap/nmap.mk
@@ -12,6 +12,7 @@ NMAP_CONF_OPTS = --without-liblua --without-zenmap \
 	--with-libdnet=included
 NMAP_LICENSE = nmap license
 NMAP_LICENSE_FILES = COPYING
+NMAP_SELINUX_MODULES = netutils
 
 # needed by libpcap
 NMAP_LIBS_FOR_STATIC_LINK += `$(STAGING_DIR)/usr/bin/pcap-config --static --additional-libs`
-- 
2.25.4

[Buildroot] [PATCH 13/15] package/tcpdump: add SELinux module

[Maxime Chevallier]

Support for tcpdump is added by the admin/netutils module in the SELinux
refpolicy.

Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
 package/tcpdump/tcpdump.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package/tcpdump/tcpdump.mk b/package/tcpdump/tcpdump.mk
index 8db35694ea..23e9333a8f 100644
--- a/package/tcpdump/tcpdump.mk
+++ b/package/tcpdump/tcpdump.mk
@@ -17,6 +17,7 @@ TCPDUMP_CONF_OPTS = \
 	--with-system-libpcap \
 	$(if $(BR2_PACKAGE_TCPDUMP_SMB),--enable-smb,--disable-smb)
 TCPDUMP_DEPENDENCIES = libpcap
+TCPDUMP_SELINUX_MODULES = netutils
 
 # 0001-PPP-When-un-escaping-don-t-allocate-a-too-large-buffer.patch
 TCPDUMP_IGNORE_CVES += CVE-2020-8037
-- 
2.25.4

[Buildroot] [PATCH 14/15] package/haveged: add SELinux module

[Maxime Chevallier]

Support for haveged is added by the services/entropyd module in the
SELinux refpolicy.

Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
 package/haveged/haveged.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package/haveged/haveged.mk b/package/haveged/haveged.mk
index 924b499fa9..3980f80132 100644
--- a/package/haveged/haveged.mk
+++ b/package/haveged/haveged.mk
@@ -8,6 +8,7 @@ HAVEGED_VERSION = 1.9.13
 HAVEGED_SITE = $(call github,jirka-h,haveged,v$(HAVEGED_VERSION))
 HAVEGED_LICENSE = GPL-3.0+
 HAVEGED_LICENSE_FILES = COPYING
+HAVEGED_SELINUX_MODULES = entropyd
 
 ifeq ($(BR2_sparc_v8)$(BR2_sparc_leon3),y)
 HAVEGED_CONF_OPTS += --enable-clock_gettime=yes
-- 
2.25.4

[Buildroot] [PATCH 15/15] package/jitterentropy-library: add SELinux module

[Maxime Chevallier]

Support for the jitterentropy lib is added by the services/entropyd
module in the SELinux refpolicy.

Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
 package/jitterentropy-library/jitterentropy-library.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package/jitterentropy-library/jitterentropy-library.mk b/package/jitterentropy-library/jitterentropy-library.mk
index 3db04b27d3..d9dc031c35 100644
--- a/package/jitterentropy-library/jitterentropy-library.mk
+++ b/package/jitterentropy-library/jitterentropy-library.mk
@@ -10,6 +10,7 @@ JITTERENTROPY_LIBRARY_LICENSE = GPL-2.0 or BSD-3-Clause
 JITTERENTROPY_LIBRARY_LICENSE_FILES = COPYING COPYING.bsd COPYING.gplv2
 JITTERENTROPY_LIBRARY_INSTALL_STAGING = YES
 JITTERENTROPY_LIBRARY_INSTALL_TARGETS = install-includes
+JITTERENTROPY_LIBRARY_SELINUX_MODULES = entropyd
 
 ifeq ($(BR2_STATIC_LIBS)$(BR2_SHARED_STATIC_LIBS),y)
 JITTERENTROPY_LIBRARY_BUILD_TARGETS += jitterentropy-static
-- 
2.25.4

[Buildroot] [PATCH 00/15] packages: Add SELinux modules to some packages

[Antoine Tenart]

Hi Maxime,

Quoting Maxime Chevallier (2020-12-22 16:07:21)
> 
> Following the recent support for the SELinux refpolicy and the ability
> for packages to select their own SELinux module in the refpolicy [1],
> this series adds a first batch of matching between packages and their
> respective module.

Nice to see packages using this feature :)

> This series focuses on the tools that are impacted by the following
> modules in the refpolicy [2] :
> 
>   - services/networkmanager, which adds support for :
>     - dhcp

I'm not sure about this one. When looking at the module definitions
dhclient and dhcpcd seem to be supported by system/sysnetwork rather
than than by services/networkmanager. (Haven't built an image to test
though).

>     - iwd
>     - network-manager
>     - wpa_supplicant
> 
>   - system/ipatbles, which adds support for :
>     - ebtables
>     - ipset
>     - iptables
>     - nftables
> 
>   - admin/netutils, which adds support for :
>     - fping
>     - iputils

iputils can install lots of utilities based on the configuration, many
of which are supported by admin/netutils. Some are not supported in the
refpolicy, and some by other modules, such as rdisc or tftpd.

I think the selinux module selection should be conditional depending on
the utilities installed by the iputils package, to avoid installing an
unused selinux module and to fix the support of others.

>     - mtr
>     - nmap
>     - tcpdump
> 
>   - services/entropyd, which adds support for :
>     - haveged
>     - jitterentropy-library

The other selinux module selections LGTM.

> With this series, the above-mentionned tools can now be used on systems
> that have SELinux enabled.
> 
> This series was split per-package, which generates lots of one-liner
> patches. Due to the nature of the changes, I expect more patches like
> that to follow, so we might also use a "one package per module" approach
> if you want.

> Maxime Chevallier (15):
>   packages/dhcp: add SELinux module

Nitpick: s/packages/package/

>   package/iwd: add SELinux module
>   package/network-manager: add SELinux module
>   package/wpa_supplicant: add SELinux module
>   package/ebtables: add SELinux module
>   package/ipset: add SELinux module
>   package/iptables: add SELinux module
>   package/nftables: add SELinux module
>   package/fping: add SELinux module
>   package/iputils: add SELinux module
>   package/mtr: add SELinux module
>   package/nmap: add SELinux module
>   package/tcpdump: add SELinux module
>   package/haveged: add SELinux module
>   package/jitterentropy-library: add SELinux module

Thanks!
Antoine

[Buildroot] [PATCH 00/15] packages: Add SELinux modules to some packages

[Maxime Chevallier]

Hi Antoine,

Thanks for the review !

On Tue, 22 Dec 2020 16:54:55 +0100
Antoine Tenart <atenart@kernel.org> wrote:

>Hi Maxime,
>
>Quoting Maxime Chevallier (2020-12-22 16:07:21)
>> 
>> Following the recent support for the SELinux refpolicy and the ability
>> for packages to select their own SELinux module in the refpolicy [1],
>> this series adds a first batch of matching between packages and their
>> respective module.  
>
>Nice to see packages using this feature :)
>
>> This series focuses on the tools that are impacted by the following
>> modules in the refpolicy [2] :
>> 
>>   - services/networkmanager, which adds support for :
>>     - dhcp  
>
>I'm not sure about this one. When looking at the module definitions
>dhclient and dhcpcd seem to be supported by system/sysnetwork rather
>than than by services/networkmanager. (Haven't built an image to test
>though).

You're correct, I'll remove that from the list for now. It does seem
that services/networkmanager also references some files in /etc/dhcp,
hence the confusion. 

>>     - iwd
>>     - network-manager
>>     - wpa_supplicant
>> 
>>   - system/ipatbles, which adds support for :
>>     - ebtables
>>     - ipset
>>     - iptables
>>     - nftables
>> 
>>   - admin/netutils, which adds support for :
>>     - fping
>>     - iputils  
>
>iputils can install lots of utilities based on the configuration, many
>of which are supported by admin/netutils. Some are not supported in the
>refpolicy, and some by other modules, such as rdisc or tftpd.
>
>I think the selinux module selection should be conditional depending on
>the utilities installed by the iputils package, to avoid installing an
>unused selinux module and to fix the support of others.

You're right, I'll add the conditionnals :)

>>     - mtr
>>     - nmap
>>     - tcpdump
>> 
>>   - services/entropyd, which adds support for :
>>     - haveged
>>     - jitterentropy-library  
>
>The other selinux module selections LGTM.

Thanks for the thourough review !

Maxime

>> With this series, the above-mentionned tools can now be used on systems
>> that have SELinux enabled.
>> 
>> This series was split per-package, which generates lots of one-liner
>> patches. Due to the nature of the changes, I expect more patches like
>> that to follow, so we might also use a "one package per module" approach
>> if you want.  
>
>> Maxime Chevallier (15):
>>   packages/dhcp: add SELinux module  
>
>Nitpick: s/packages/package/
>
>>   package/iwd: add SELinux module
>>   package/network-manager: add SELinux module
>>   package/wpa_supplicant: add SELinux module
>>   package/ebtables: add SELinux module
>>   package/ipset: add SELinux module
>>   package/iptables: add SELinux module
>>   package/nftables: add SELinux module
>>   package/fping: add SELinux module
>>   package/iputils: add SELinux module
>>   package/mtr: add SELinux module
>>   package/nmap: add SELinux module
>>   package/tcpdump: add SELinux module
>>   package/haveged: add SELinux module
>>   package/jitterentropy-library: add SELinux module  
>
>Thanks!
>Antoine



-- 
Maxime Chevallier, Bootlin
Embedded Linux and kernel engineering
https://bootlin.com