* [Buildroot] [PATCH v2 01/14] package/iwd: add SELinux module
2020-12-28 16:11 [Buildroot] [PATCH v2 00/14] packages: Add SELinux modules to some packages Maxime Chevallier
@ 2020-12-28 16:11 ` Maxime Chevallier
2020-12-28 16:11 ` [Buildroot] [PATCH v2 02/14] package/network-manager: " Maxime Chevallier
` (14 subsequent siblings)
15 siblings, 0 replies; 18+ messages in thread
From: Maxime Chevallier @ 2020-12-28 16:11 UTC (permalink / raw)
To: buildroot
Support for iwd and its configuration files is added by the
services/networkmanager module in the SELinux refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
package/iwd/iwd.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/iwd/iwd.mk b/package/iwd/iwd.mk
index b1841b5476..b164970196 100644
--- a/package/iwd/iwd.mk
+++ b/package/iwd/iwd.mk
@@ -11,6 +11,7 @@ IWD_LICENSE = LGPL-2.1+
IWD_LICENSE_FILES = COPYING
# sources from git, no configure script provided
IWD_AUTORECONF = YES
+IWD_SELINUX_MODULES = networkmanager
IWD_CONF_OPTS = \
--disable-manual-pages \
--
2.25.4
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [Buildroot] [PATCH v2 02/14] package/network-manager: add SELinux module
2020-12-28 16:11 [Buildroot] [PATCH v2 00/14] packages: Add SELinux modules to some packages Maxime Chevallier
2020-12-28 16:11 ` [Buildroot] [PATCH v2 01/14] package/iwd: add SELinux module Maxime Chevallier
@ 2020-12-28 16:11 ` Maxime Chevallier
2020-12-28 16:11 ` [Buildroot] [PATCH v2 03/14] package/wpa_supplicant: " Maxime Chevallier
` (13 subsequent siblings)
15 siblings, 0 replies; 18+ messages in thread
From: Maxime Chevallier @ 2020-12-28 16:11 UTC (permalink / raw)
To: buildroot
Support for NetworkManager is added by the services/networkmanager
module in the SELinux refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
package/network-manager/network-manager.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/network-manager/network-manager.mk b/package/network-manager/network-manager.mk
index 3dc3188f32..4b2ade5b9b 100644
--- a/package/network-manager/network-manager.mk
+++ b/package/network-manager/network-manager.mk
@@ -13,6 +13,7 @@ NETWORK_MANAGER_DEPENDENCIES = host-pkgconf udev gnutls libglib2 \
libgcrypt wireless_tools util-linux host-intltool readline libndp
NETWORK_MANAGER_LICENSE = GPL-2.0+ (app), LGPL-2.1+ (libnm)
NETWORK_MANAGER_LICENSE_FILES = COPYING COPYING.LGPL CONTRIBUTING
+NETWORK_MANAGER_SELINUX_MODULES = networkmanager
NETWORK_MANAGER_CONF_ENV = \
ac_cv_path_LIBGCRYPT_CONFIG=$(STAGING_DIR)/usr/bin/libgcrypt-config \
--
2.25.4
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [Buildroot] [PATCH v2 03/14] package/wpa_supplicant: add SELinux module
2020-12-28 16:11 [Buildroot] [PATCH v2 00/14] packages: Add SELinux modules to some packages Maxime Chevallier
2020-12-28 16:11 ` [Buildroot] [PATCH v2 01/14] package/iwd: add SELinux module Maxime Chevallier
2020-12-28 16:11 ` [Buildroot] [PATCH v2 02/14] package/network-manager: " Maxime Chevallier
@ 2020-12-28 16:11 ` Maxime Chevallier
2020-12-28 16:11 ` [Buildroot] [PATCH v2 04/14] package/ebtables: " Maxime Chevallier
` (12 subsequent siblings)
15 siblings, 0 replies; 18+ messages in thread
From: Maxime Chevallier @ 2020-12-28 16:11 UTC (permalink / raw)
To: buildroot
Support for wpa_supplicant is added by the services/networkmanager
module in the SELinux refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
package/wpa_supplicant/wpa_supplicant.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/wpa_supplicant/wpa_supplicant.mk b/package/wpa_supplicant/wpa_supplicant.mk
index 7170db0d07..38af11625a 100644
--- a/package/wpa_supplicant/wpa_supplicant.mk
+++ b/package/wpa_supplicant/wpa_supplicant.mk
@@ -14,6 +14,7 @@ WPA_SUPPLICANT_DBUS_OLD_SERVICE = fi.epitest.hostap.WPASupplicant
WPA_SUPPLICANT_DBUS_NEW_SERVICE = fi.w1.wpa_supplicant1
WPA_SUPPLICANT_CFLAGS = $(TARGET_CFLAGS) -I$(STAGING_DIR)/usr/include/libnl3/
WPA_SUPPLICANT_LDFLAGS = $(TARGET_LDFLAGS)
+WPA_SUPPLICANT_SELINUX_MODULES = networkmanager
# 0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
WPA_SUPPLICANT_IGNORE_CVES += CVE-2019-16275
--
2.25.4
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [Buildroot] [PATCH v2 04/14] package/ebtables: add SELinux module
2020-12-28 16:11 [Buildroot] [PATCH v2 00/14] packages: Add SELinux modules to some packages Maxime Chevallier
` (2 preceding siblings ...)
2020-12-28 16:11 ` [Buildroot] [PATCH v2 03/14] package/wpa_supplicant: " Maxime Chevallier
@ 2020-12-28 16:11 ` Maxime Chevallier
2020-12-28 16:11 ` [Buildroot] [PATCH v2 05/14] package/ipset: " Maxime Chevallier
` (11 subsequent siblings)
15 siblings, 0 replies; 18+ messages in thread
From: Maxime Chevallier @ 2020-12-28 16:11 UTC (permalink / raw)
To: buildroot
Support for ebtables is added in the system/iptables module in the
SELinux refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
package/ebtables/ebtables.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/ebtables/ebtables.mk b/package/ebtables/ebtables.mk
index e8b982206c..93af5085ec 100644
--- a/package/ebtables/ebtables.mk
+++ b/package/ebtables/ebtables.mk
@@ -8,6 +8,7 @@ EBTABLES_VERSION = 2.0.11
EBTABLES_SITE = http://ftp.netfilter.org/pub/ebtables
EBTABLES_LICENSE = GPL-2.0+
EBTABLES_LICENSE_FILES = COPYING
+EBTABLES_SELINUX_MODULES = iptables
ifeq ($(BR2_PACKAGE_EBTABLES_UTILS_SAVE),y)
define EBTABLES_INSTALL_TARGET_UTILS_SAVE
--
2.25.4
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [Buildroot] [PATCH v2 05/14] package/ipset: add SELinux module
2020-12-28 16:11 [Buildroot] [PATCH v2 00/14] packages: Add SELinux modules to some packages Maxime Chevallier
` (3 preceding siblings ...)
2020-12-28 16:11 ` [Buildroot] [PATCH v2 04/14] package/ebtables: " Maxime Chevallier
@ 2020-12-28 16:11 ` Maxime Chevallier
2020-12-28 16:11 ` [Buildroot] [PATCH v2 06/14] package/iptables: " Maxime Chevallier
` (10 subsequent siblings)
15 siblings, 0 replies; 18+ messages in thread
From: Maxime Chevallier @ 2020-12-28 16:11 UTC (permalink / raw)
To: buildroot
Support for ipset is added by the system/iptables module in the SELinux
refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
package/ipset/ipset.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/ipset/ipset.mk b/package/ipset/ipset.mk
index 869763d322..03ef1667f4 100644
--- a/package/ipset/ipset.mk
+++ b/package/ipset/ipset.mk
@@ -12,5 +12,6 @@ IPSET_CONF_OPTS = --with-kmod=no
IPSET_LICENSE = GPL-2.0
IPSET_LICENSE_FILES = COPYING
IPSET_INSTALL_STAGING = YES
+IPSET_SELINUX_MODULES = iptables
$(eval $(autotools-package))
--
2.25.4
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [Buildroot] [PATCH v2 06/14] package/iptables: add SELinux module
2020-12-28 16:11 [Buildroot] [PATCH v2 00/14] packages: Add SELinux modules to some packages Maxime Chevallier
` (4 preceding siblings ...)
2020-12-28 16:11 ` [Buildroot] [PATCH v2 05/14] package/ipset: " Maxime Chevallier
@ 2020-12-28 16:11 ` Maxime Chevallier
2020-12-28 16:11 ` [Buildroot] [PATCH v2 07/14] package/nftables: " Maxime Chevallier
` (9 subsequent siblings)
15 siblings, 0 replies; 18+ messages in thread
From: Maxime Chevallier @ 2020-12-28 16:11 UTC (permalink / raw)
To: buildroot
Support for iptables is adde by the system/iptables module in the
SELinux refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
package/iptables/iptables.mk | 2 ++
1 file changed, 2 insertions(+)
diff --git a/package/iptables/iptables.mk b/package/iptables/iptables.mk
index f83165edb9..60b91efb3b 100644
--- a/package/iptables/iptables.mk
+++ b/package/iptables/iptables.mk
@@ -12,6 +12,8 @@ IPTABLES_DEPENDENCIES = host-pkgconf \
$(if $(BR2_PACKAGE_LIBNETFILTER_CONNTRACK),libnetfilter_conntrack)
IPTABLES_LICENSE = GPL-2.0
IPTABLES_LICENSE_FILES = COPYING
+IPTABLES_SELINUX_MODULES = iptables
+
# Building static causes ugly warnings on some plugins
IPTABLES_CONF_OPTS = --libexecdir=/usr/lib --with-kernel=$(STAGING_DIR)/usr \
$(if $(BR2_STATIC_LIBS),,--disable-static)
--
2.25.4
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [Buildroot] [PATCH v2 07/14] package/nftables: add SELinux module
2020-12-28 16:11 [Buildroot] [PATCH v2 00/14] packages: Add SELinux modules to some packages Maxime Chevallier
` (5 preceding siblings ...)
2020-12-28 16:11 ` [Buildroot] [PATCH v2 06/14] package/iptables: " Maxime Chevallier
@ 2020-12-28 16:11 ` Maxime Chevallier
2020-12-28 16:11 ` [Buildroot] [PATCH v2 08/14] package/fping: " Maxime Chevallier
` (8 subsequent siblings)
15 siblings, 0 replies; 18+ messages in thread
From: Maxime Chevallier @ 2020-12-28 16:11 UTC (permalink / raw)
To: buildroot
Support for nft is added by the system/iptables module in the SELinux
refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
package/nftables/nftables.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/nftables/nftables.mk b/package/nftables/nftables.mk
index 8a003a5e34..f9468c5250 100644
--- a/package/nftables/nftables.mk
+++ b/package/nftables/nftables.mk
@@ -11,6 +11,7 @@ NFTABLES_DEPENDENCIES = libmnl libnftnl host-pkgconf $(TARGET_NLS_DEPENDENCIES)
NFTABLES_LICENSE = GPL-2.0
NFTABLES_LICENSE_FILES = COPYING
NFTABLES_CONF_OPTS = --disable-man-doc --disable-pdf-doc
+NFTABLES_SELINUX_MODULES = iptables
ifeq ($(BR2_PACKAGE_GMP),y)
NFTABLES_DEPENDENCIES += gmp
--
2.25.4
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [Buildroot] [PATCH v2 08/14] package/fping: add SELinux module
2020-12-28 16:11 [Buildroot] [PATCH v2 00/14] packages: Add SELinux modules to some packages Maxime Chevallier
` (6 preceding siblings ...)
2020-12-28 16:11 ` [Buildroot] [PATCH v2 07/14] package/nftables: " Maxime Chevallier
@ 2020-12-28 16:11 ` Maxime Chevallier
2020-12-28 16:11 ` [Buildroot] [PATCH v2 09/14] package/iputils: " Maxime Chevallier
` (7 subsequent siblings)
15 siblings, 0 replies; 18+ messages in thread
From: Maxime Chevallier @ 2020-12-28 16:11 UTC (permalink / raw)
To: buildroot
Support for fping is added by the admin/netutils module in the SELinux
refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
package/fping/fping.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/fping/fping.mk b/package/fping/fping.mk
index 24aca32367..0a03c1dfdc 100644
--- a/package/fping/fping.mk
+++ b/package/fping/fping.mk
@@ -8,5 +8,6 @@ FPING_VERSION = 5.0
FPING_SITE = http://fping.org/dist
FPING_LICENSE = BSD-like
FPING_LICENSE_FILES = COPYING
+FPING_SELINUX_MODULES = netutils
$(eval $(autotools-package))
--
2.25.4
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [Buildroot] [PATCH v2 09/14] package/iputils: add SELinux module
2020-12-28 16:11 [Buildroot] [PATCH v2 00/14] packages: Add SELinux modules to some packages Maxime Chevallier
` (7 preceding siblings ...)
2020-12-28 16:11 ` [Buildroot] [PATCH v2 08/14] package/fping: " Maxime Chevallier
@ 2020-12-28 16:11 ` Maxime Chevallier
2020-12-29 14:09 ` Yann E. MORIN
2020-12-28 16:11 ` [Buildroot] [PATCH v2 10/14] package/mtr: " Maxime Chevallier
` (6 subsequent siblings)
15 siblings, 1 reply; 18+ messages in thread
From: Maxime Chevallier @ 2020-12-28 16:11 UTC (permalink / raw)
To: buildroot
Support for the iputils is added by the admin/netutils module in the
SELinux refpolicy for the following tools :
- arping
- ping
- tracepath
- traceroute6
Support for rdisc is added by services/rdisc.
Support for tftpd is added by services/tftp.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
V1 -> V2: Use a per-tool module selection, for rdisc and tftpd,
according to Antoine's review
package/iputils/iputils.mk | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/package/iputils/iputils.mk b/package/iputils/iputils.mk
index 4f8d9cb768..b1d71b38f2 100644
--- a/package/iputils/iputils.mk
+++ b/package/iputils/iputils.mk
@@ -27,6 +27,22 @@ IPUTILS_CONF_OPTS += \
-DBUILD_TRACEROUTE6=$(if $(BR2_PACKAGE_IPUTILS_TRACEROUTE6),true,false) \
-DBUILD_NINFOD=$(if $(BR2_PACKAGE_IPUTILS_NINFOD),true,false)
+# Selectively select the appropriate SELinux refpolicy modules
+ifneq ($(BR2_PACKAGE_IPUTILS_ARPING)\
+ $(BR2_PACKAGE_IPUTILS_PING)\
+ $(BR2_PACKAGE_IPUTILS_TRACEPATH)\
+ $(BR2_PACKAGE_IPUTILS_TRACEROUTE6),)
+IPUTILS_SELINUX_MODULES += netutils
+endif
+
+ifeq ($(BR2_PACKAGE_IPUTILS_RDISC),y)
+IPUTILS_SELINUX_MODULES += rdisc
+endif
+
+ifeq ($(BR2_PACKAGE_IPUTILS_TFTPD),y)
+IPUTILS_SELINUX_MODULES += tftp
+endif
+
#
# arping
#
--
2.25.4
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [Buildroot] [PATCH v2 09/14] package/iputils: add SELinux module
2020-12-28 16:11 ` [Buildroot] [PATCH v2 09/14] package/iputils: " Maxime Chevallier
@ 2020-12-29 14:09 ` Yann E. MORIN
0 siblings, 0 replies; 18+ messages in thread
From: Yann E. MORIN @ 2020-12-29 14:09 UTC (permalink / raw)
To: buildroot
Maxime, All,
On 2020-12-28 17:11 +0100, Maxime Chevallier spake thusly:
> Support for the iputils is added by the admin/netutils module in the
> SELinux refpolicy for the following tools :
> - arping
> - ping
> - tracepath
> - traceroute6
>
> Support for rdisc is added by services/rdisc.
>
> Support for tftpd is added by services/tftp.
>
> Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
> ---
> V1 -> V2: Use a per-tool module selection, for rdisc and tftpd,
> according to Antoine's review
>
> package/iputils/iputils.mk | 16 ++++++++++++++++
> 1 file changed, 16 insertions(+)
>
> diff --git a/package/iputils/iputils.mk b/package/iputils/iputils.mk
> index 4f8d9cb768..b1d71b38f2 100644
> --- a/package/iputils/iputils.mk
> +++ b/package/iputils/iputils.mk
> @@ -27,6 +27,22 @@ IPUTILS_CONF_OPTS += \
> -DBUILD_TRACEROUTE6=$(if $(BR2_PACKAGE_IPUTILS_TRACEROUTE6),true,false) \
> -DBUILD_NINFOD=$(if $(BR2_PACKAGE_IPUTILS_NINFOD),true,false)
>
> +# Selectively select the appropriate SELinux refpolicy modules
> +ifneq ($(BR2_PACKAGE_IPUTILS_ARPING)\
I am not ver fond of negative logic, especially as the following related
conditions do use positive logic.
So, I've taken advantage of the fact that the refpolicy modules are
$(sort)ed in the end, and so it does not matter that they are listed
more than once, to come up with this simpler solution:
IPUTILS_SELINUX_MODULES = \
$(if $(BR2_PACKAGE_IPUTILS_ARPING),netutils) \
$(if $(BR2_PACKAGE_IPUTILS_PING),netutils) \
$(if $(BR2_PACKAGE_IPUTILS_TRACEPATH),netutils) \
$(if $(BR2_PACKAGE_IPUTILS_TRACEROUTE6),netutils) \
$(if $(BR2_PACKAGE_IPUTILS_RDISC),rdisc) \
$(if $(BR2_PACKAGE_IPUTILS_TFTPD),tftp)
Applied with this change. Thanks!
Regards,
Yann E. MORIN.
> + $(BR2_PACKAGE_IPUTILS_PING)\
> + $(BR2_PACKAGE_IPUTILS_TRACEPATH)\
> + $(BR2_PACKAGE_IPUTILS_TRACEROUTE6),)
> +IPUTILS_SELINUX_MODULES += netutils
> +endif
> +
> +ifeq ($(BR2_PACKAGE_IPUTILS_RDISC),y)
> +IPUTILS_SELINUX_MODULES += rdisc
> +endif
> +
> +ifeq ($(BR2_PACKAGE_IPUTILS_TFTPD),y)
> +IPUTILS_SELINUX_MODULES += tftp
> +endif
> +
> #
> # arping
> #
> --
> 2.25.4
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Buildroot] [PATCH v2 10/14] package/mtr: add SELinux module
2020-12-28 16:11 [Buildroot] [PATCH v2 00/14] packages: Add SELinux modules to some packages Maxime Chevallier
` (8 preceding siblings ...)
2020-12-28 16:11 ` [Buildroot] [PATCH v2 09/14] package/iputils: " Maxime Chevallier
@ 2020-12-28 16:11 ` Maxime Chevallier
2020-12-28 16:11 ` [Buildroot] [PATCH v2 11/14] package/nmap: " Maxime Chevallier
` (5 subsequent siblings)
15 siblings, 0 replies; 18+ messages in thread
From: Maxime Chevallier @ 2020-12-28 16:11 UTC (permalink / raw)
To: buildroot
Support for mtr is added by the admin/netutils module in the SELinux
refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
package/mtr/mtr.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/mtr/mtr.mk b/package/mtr/mtr.mk
index 7a4b140267..263482534e 100644
--- a/package/mtr/mtr.mk
+++ b/package/mtr/mtr.mk
@@ -11,5 +11,6 @@ MTR_CONF_OPTS = --without-gtk
MTR_DEPENDENCIES = host-pkgconf $(if $(BR2_PACKAGE_NCURSES),ncurses)
MTR_LICENSE = GPL-2.0
MTR_LICENSE_FILES = COPYING
+MTR_SELINUX_MODULES = netutils
$(eval $(autotools-package))
--
2.25.4
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [Buildroot] [PATCH v2 11/14] package/nmap: add SELinux module
2020-12-28 16:11 [Buildroot] [PATCH v2 00/14] packages: Add SELinux modules to some packages Maxime Chevallier
` (9 preceding siblings ...)
2020-12-28 16:11 ` [Buildroot] [PATCH v2 10/14] package/mtr: " Maxime Chevallier
@ 2020-12-28 16:11 ` Maxime Chevallier
2020-12-28 16:11 ` [Buildroot] [PATCH v2 12/14] package/tcpdump: " Maxime Chevallier
` (4 subsequent siblings)
15 siblings, 0 replies; 18+ messages in thread
From: Maxime Chevallier @ 2020-12-28 16:11 UTC (permalink / raw)
To: buildroot
Support for nmap is added by the admin/netutils module in the SELinux
refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
package/nmap/nmap.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/nmap/nmap.mk b/package/nmap/nmap.mk
index 46ffd5aef4..aed278ccba 100644
--- a/package/nmap/nmap.mk
+++ b/package/nmap/nmap.mk
@@ -12,6 +12,7 @@ NMAP_CONF_OPTS = --without-liblua --without-zenmap \
--with-libdnet=included
NMAP_LICENSE = nmap license
NMAP_LICENSE_FILES = LICENSE
+NMAP_SELINUX_MODULES = netutils
# needed by libpcap
NMAP_LIBS_FOR_STATIC_LINK += `$(STAGING_DIR)/usr/bin/pcap-config --static --additional-libs`
--
2.25.4
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [Buildroot] [PATCH v2 12/14] package/tcpdump: add SELinux module
2020-12-28 16:11 [Buildroot] [PATCH v2 00/14] packages: Add SELinux modules to some packages Maxime Chevallier
` (10 preceding siblings ...)
2020-12-28 16:11 ` [Buildroot] [PATCH v2 11/14] package/nmap: " Maxime Chevallier
@ 2020-12-28 16:11 ` Maxime Chevallier
2020-12-28 16:11 ` [Buildroot] [PATCH v2 13/14] package/haveged: " Maxime Chevallier
` (3 subsequent siblings)
15 siblings, 0 replies; 18+ messages in thread
From: Maxime Chevallier @ 2020-12-28 16:11 UTC (permalink / raw)
To: buildroot
Support for tcpdump is added by the admin/netutils module in the SELinux
refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
package/tcpdump/tcpdump.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/tcpdump/tcpdump.mk b/package/tcpdump/tcpdump.mk
index 8db35694ea..23e9333a8f 100644
--- a/package/tcpdump/tcpdump.mk
+++ b/package/tcpdump/tcpdump.mk
@@ -17,6 +17,7 @@ TCPDUMP_CONF_OPTS = \
--with-system-libpcap \
$(if $(BR2_PACKAGE_TCPDUMP_SMB),--enable-smb,--disable-smb)
TCPDUMP_DEPENDENCIES = libpcap
+TCPDUMP_SELINUX_MODULES = netutils
# 0001-PPP-When-un-escaping-don-t-allocate-a-too-large-buffer.patch
TCPDUMP_IGNORE_CVES += CVE-2020-8037
--
2.25.4
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [Buildroot] [PATCH v2 13/14] package/haveged: add SELinux module
2020-12-28 16:11 [Buildroot] [PATCH v2 00/14] packages: Add SELinux modules to some packages Maxime Chevallier
` (11 preceding siblings ...)
2020-12-28 16:11 ` [Buildroot] [PATCH v2 12/14] package/tcpdump: " Maxime Chevallier
@ 2020-12-28 16:11 ` Maxime Chevallier
2020-12-28 16:11 ` [Buildroot] [PATCH v2 14/14] package/jitterentropy-library: " Maxime Chevallier
` (2 subsequent siblings)
15 siblings, 0 replies; 18+ messages in thread
From: Maxime Chevallier @ 2020-12-28 16:11 UTC (permalink / raw)
To: buildroot
Support for haveged is added by the services/entropyd module in the
SELinux refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
package/haveged/haveged.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/haveged/haveged.mk b/package/haveged/haveged.mk
index 924b499fa9..3980f80132 100644
--- a/package/haveged/haveged.mk
+++ b/package/haveged/haveged.mk
@@ -8,6 +8,7 @@ HAVEGED_VERSION = 1.9.13
HAVEGED_SITE = $(call github,jirka-h,haveged,v$(HAVEGED_VERSION))
HAVEGED_LICENSE = GPL-3.0+
HAVEGED_LICENSE_FILES = COPYING
+HAVEGED_SELINUX_MODULES = entropyd
ifeq ($(BR2_sparc_v8)$(BR2_sparc_leon3),y)
HAVEGED_CONF_OPTS += --enable-clock_gettime=yes
--
2.25.4
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [Buildroot] [PATCH v2 14/14] package/jitterentropy-library: add SELinux module
2020-12-28 16:11 [Buildroot] [PATCH v2 00/14] packages: Add SELinux modules to some packages Maxime Chevallier
` (12 preceding siblings ...)
2020-12-28 16:11 ` [Buildroot] [PATCH v2 13/14] package/haveged: " Maxime Chevallier
@ 2020-12-28 16:11 ` Maxime Chevallier
2020-12-29 10:30 ` [Buildroot] [PATCH v2 00/14] packages: Add SELinux modules to some packages Antoine Tenart
2020-12-29 14:05 ` Yann E. MORIN
15 siblings, 0 replies; 18+ messages in thread
From: Maxime Chevallier @ 2020-12-28 16:11 UTC (permalink / raw)
To: buildroot
Support for the jitterentropy lib is added by the services/entropyd
module in the SELinux refpolicy.
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
---
package/jitterentropy-library/jitterentropy-library.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/jitterentropy-library/jitterentropy-library.mk b/package/jitterentropy-library/jitterentropy-library.mk
index 3db04b27d3..d9dc031c35 100644
--- a/package/jitterentropy-library/jitterentropy-library.mk
+++ b/package/jitterentropy-library/jitterentropy-library.mk
@@ -10,6 +10,7 @@ JITTERENTROPY_LIBRARY_LICENSE = GPL-2.0 or BSD-3-Clause
JITTERENTROPY_LIBRARY_LICENSE_FILES = COPYING COPYING.bsd COPYING.gplv2
JITTERENTROPY_LIBRARY_INSTALL_STAGING = YES
JITTERENTROPY_LIBRARY_INSTALL_TARGETS = install-includes
+JITTERENTROPY_LIBRARY_SELINUX_MODULES = entropyd
ifeq ($(BR2_STATIC_LIBS)$(BR2_SHARED_STATIC_LIBS),y)
JITTERENTROPY_LIBRARY_BUILD_TARGETS += jitterentropy-static
--
2.25.4
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [Buildroot] [PATCH v2 00/14] packages: Add SELinux modules to some packages
2020-12-28 16:11 [Buildroot] [PATCH v2 00/14] packages: Add SELinux modules to some packages Maxime Chevallier
` (13 preceding siblings ...)
2020-12-28 16:11 ` [Buildroot] [PATCH v2 14/14] package/jitterentropy-library: " Maxime Chevallier
@ 2020-12-29 10:30 ` Antoine Tenart
2020-12-29 14:05 ` Yann E. MORIN
15 siblings, 0 replies; 18+ messages in thread
From: Antoine Tenart @ 2020-12-29 10:30 UTC (permalink / raw)
To: buildroot
Hi Maxime,
Quoting Maxime Chevallier (2020-12-28 17:11:20)
> Hello everyone,
>
> This is the second iteration of the series adding matching between
> packages and the SELinux refpolicy module that supports them.
>
> This series focuses on the tools that are impacted by the following
> modules in the refpolicy [2] :
>
> - services/networkmanager, which adds support for :
> - iwd
> - network-manager
> - wpa_supplicant
>
> - system/ipatbles, which adds support for :
> - ebtables
> - ipset
> - iptables
> - nftables
>
> - admin/netutils, which adds support for :
> - fping
> - Some of the iputils tools :
> - arping
> - ping
> - tracepath
> - traceroute6
> - mtr
> - nmap
> - tcpdump
>
> - services/entropyd, which adds support for :
> - haveged
> - jitterentropy-library
>
> With this series, the above-mentionned tools can now be used on systems
> that have SELinux enabled.
>
> Since V1, the main changes were the removal of the dhcp package which
> will be part of another series, and the rework of the iputils package
> according to Antoine Tenart's review.
The series looks good to me.
Thanks!
Antoine
> Maxime Chevallier (14):
> package/iwd: add SELinux module
> package/network-manager: add SELinux module
> package/wpa_supplicant: add SELinux module
> package/ebtables: add SELinux module
> package/ipset: add SELinux module
> package/iptables: add SELinux module
> package/nftables: add SELinux module
> package/fping: add SELinux module
> package/iputils: add SELinux module
> package/mtr: add SELinux module
> package/nmap: add SELinux module
> package/tcpdump: add SELinux module
> package/haveged: add SELinux module
> package/jitterentropy-library: add SELinux module
>
> package/ebtables/ebtables.mk | 1 +
> package/fping/fping.mk | 1 +
> package/haveged/haveged.mk | 1 +
> package/ipset/ipset.mk | 1 +
> package/iptables/iptables.mk | 2 ++
> package/iputils/iputils.mk | 16 ++++++++++++++++
> package/iwd/iwd.mk | 1 +
> .../jitterentropy-library.mk | 1 +
> package/mtr/mtr.mk | 1 +
> package/network-manager/network-manager.mk | 1 +
> package/nftables/nftables.mk | 1 +
> package/nmap/nmap.mk | 1 +
> package/tcpdump/tcpdump.mk | 1 +
> package/wpa_supplicant/wpa_supplicant.mk | 1 +
> 14 files changed, 30 insertions(+)
>
> --
> 2.25.4
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
>
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Buildroot] [PATCH v2 00/14] packages: Add SELinux modules to some packages
2020-12-28 16:11 [Buildroot] [PATCH v2 00/14] packages: Add SELinux modules to some packages Maxime Chevallier
` (14 preceding siblings ...)
2020-12-29 10:30 ` [Buildroot] [PATCH v2 00/14] packages: Add SELinux modules to some packages Antoine Tenart
@ 2020-12-29 14:05 ` Yann E. MORIN
15 siblings, 0 replies; 18+ messages in thread
From: Yann E. MORIN @ 2020-12-29 14:05 UTC (permalink / raw)
To: buildroot
Maxime, All,
On 2020-12-28 17:11 +0100, Maxime Chevallier spake thusly:
> This is the second iteration of the series adding matching between
> packages and the SELinux refpolicy module that supports them.
Series applied to master, thanks. I did some tweaks to one patch, I'll
be replying separately to that one.
Regards,
Yann E. MORIN.
> Maxime
>
> Maxime Chevallier (14):
> package/iwd: add SELinux module
> package/network-manager: add SELinux module
> package/wpa_supplicant: add SELinux module
> package/ebtables: add SELinux module
> package/ipset: add SELinux module
> package/iptables: add SELinux module
> package/nftables: add SELinux module
> package/fping: add SELinux module
> package/iputils: add SELinux module
> package/mtr: add SELinux module
> package/nmap: add SELinux module
> package/tcpdump: add SELinux module
> package/haveged: add SELinux module
> package/jitterentropy-library: add SELinux module
>
> package/ebtables/ebtables.mk | 1 +
> package/fping/fping.mk | 1 +
> package/haveged/haveged.mk | 1 +
> package/ipset/ipset.mk | 1 +
> package/iptables/iptables.mk | 2 ++
> package/iputils/iputils.mk | 16 ++++++++++++++++
> package/iwd/iwd.mk | 1 +
> .../jitterentropy-library.mk | 1 +
> package/mtr/mtr.mk | 1 +
> package/network-manager/network-manager.mk | 1 +
> package/nftables/nftables.mk | 1 +
> package/nmap/nmap.mk | 1 +
> package/tcpdump/tcpdump.mk | 1 +
> package/wpa_supplicant/wpa_supplicant.mk | 1 +
> 14 files changed, 30 insertions(+)
>
> --
> 2.25.4
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 18+ messages in thread