* [meta-selinux][PATCH 00/17] selinux: upgrade 3.0 -> 3.1
@ 2021-01-07 3:43 Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 01/17] audit: enable arm/aarch64 processor support by default Yi Zhao
` (16 more replies)
0 siblings, 17 replies; 18+ messages in thread
From: Yi Zhao @ 2021-01-07 3:43 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
auditd: upgrade 2.8.5 -> 3.0
selinux: upgrade 3.0 -> 3.1
Yi Zhao (17):
audit: enable arm/aarch64 processor support by default
audit: upgrade 2.8.5 -> 3.0
selinux: upgrade inc files to 3.1 (20200710)
libsepol: upgrade to 3.1 (20200710)
libselinux: upgrade to 3.1 (20200710)
libselinux-python: upgrade to 3.1 (20200710)
libsemanage: upgrade to 3.1 (20200710)
checkpolicy: upgrade to 3.0 (20191204)
secilc: upgrade to 3.1 (20200710)
policycoreutils: upgrade to 3.1 (20200710)
mcstrans: upgrade to 3.1 (20200710)
restorecond: upgrade to 3.1 (20200710)
selinux-python: upgrade to 3.1 (20200710)
selinux-dbus: upgrade to 3.1 (20200710)
selinux-sandbox: upgrade to 3.1 (20200710)
selinux-gui: upgrade to 3.1 (20200710)
semodule-utils: upgrade to 3.1 (20200710)
...ns-need-to-be-external-when-building.patch | 28 -
...001-lib-i386_table.h-add-new-syscall.patch | 42 --
...tue-functions-for-strndupa-rawmemchr.patch | 133 -----
.../Fixed-swig-host-contamination-issue.patch | 12 +-
recipes-security/audit/audit/auditd.service | 26 +-
.../audit/{audit_2.8.5.bb => audit_3.0.bb} | 32 +-
...ckpolicy-remove-unused-te_assertions.patch | 45 --
recipes-security/selinux/checkpolicy_3.0.bb | 11 -
recipes-security/selinux/checkpolicy_3.1.bb | 7 +
...python_3.0.bb => libselinux-python_3.1.bb} | 13 +-
...T-and-rely-on-the-installed-file-nam.patch | 12 +-
...ainst-musl-and-uClibc-libc-libraries.patch | 38 --
...hon-modules-install-path-for-multili.patch | 12 +-
...elinux-do-not-define-gettid-for-musl.patch | 47 ++
...nux-drop-Wno-unused-but-set-variable.patch | 26 -
recipes-security/selinux/libselinux_3.0.bb | 15 -
recipes-security/selinux/libselinux_3.1.bb | 17 +
...anage-allow-to-disable-audit-support.patch | 12 +-
...age-drop-Wno-unused-but-set-variable.patch | 28 -
...{libsemanage_3.0.bb => libsemanage_3.1.bb} | 7 +-
...IL_KEY_-build-errors-with-fno-common.patch | 530 ------------------
...e-leftovers-of-cil_mem_error_handler.patch | 65 ---
recipes-security/selinux/libsepol_3.0.bb | 12 -
recipes-security/selinux/libsepol_3.1.bb | 8 +
recipes-security/selinux/mcstrans.inc | 6 +-
recipes-security/selinux/mcstrans_3.0.bb | 7 -
recipes-security/selinux/mcstrans_3.1.bb | 7 +
.../selinux/policycoreutils_3.0.bb | 7 -
.../selinux/policycoreutils_3.1.bb | 7 +
recipes-security/selinux/restorecond.inc | 14 +-
recipes-security/selinux/restorecond_3.0.bb | 7 -
recipes-security/selinux/restorecond_3.1.bb | 7 +
recipes-security/selinux/secilc_3.0.bb | 7 -
recipes-security/selinux/secilc_3.1.bb | 7 +
recipes-security/selinux/selinux-dbus_3.0.bb | 7 -
recipes-security/selinux/selinux-dbus_3.1.bb | 7 +
recipes-security/selinux/selinux-gui_3.0.bb | 7 -
recipes-security/selinux/selinux-gui_3.1.bb | 7 +
.../fix-sepolicy-install-path.patch | 12 +-
.../selinux/selinux-python_3.0.bb | 7 -
.../selinux/selinux-python_3.1.bb | 7 +
.../selinux/selinux-sandbox_3.0.bb | 7 -
.../selinux/selinux-sandbox_3.1.bb | 7 +
...inux_20191204.inc => selinux_20200710.inc} | 2 +-
recipes-security/selinux/selinux_common.inc | 3 +-
.../selinux/semodule-utils_3.0.bb | 7 -
.../selinux/semodule-utils_3.1.bb | 7 +
47 files changed, 233 insertions(+), 1108 deletions(-)
delete mode 100644 recipes-security/audit/audit/0001-Header-definitions-need-to-be-external-when-building.patch
delete mode 100644 recipes-security/audit/audit/0001-lib-i386_table.h-add-new-syscall.patch
delete mode 100644 recipes-security/audit/audit/Add-substitue-functions-for-strndupa-rawmemchr.patch
rename recipes-security/audit/{audit_2.8.5.bb => audit_3.0.bb} (78%)
delete mode 100644 recipes-security/selinux/checkpolicy/0001-checkpolicy-remove-unused-te_assertions.patch
delete mode 100644 recipes-security/selinux/checkpolicy_3.0.bb
create mode 100644 recipes-security/selinux/checkpolicy_3.1.bb
rename recipes-security/selinux/{libselinux-python_3.0.bb => libselinux-python_3.1.bb} (66%)
delete mode 100644 recipes-security/selinux/libselinux/0001-Fix-building-against-musl-and-uClibc-libc-libraries.patch
create mode 100644 recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch
delete mode 100644 recipes-security/selinux/libselinux/libselinux-drop-Wno-unused-but-set-variable.patch
delete mode 100644 recipes-security/selinux/libselinux_3.0.bb
create mode 100644 recipes-security/selinux/libselinux_3.1.bb
delete mode 100644 recipes-security/selinux/libsemanage/libsemanage-drop-Wno-unused-but-set-variable.patch
rename recipes-security/selinux/{libsemanage_3.0.bb => libsemanage_3.1.bb} (60%)
delete mode 100644 recipes-security/selinux/libsepol/0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch
delete mode 100644 recipes-security/selinux/libsepol/0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch
delete mode 100644 recipes-security/selinux/libsepol_3.0.bb
create mode 100644 recipes-security/selinux/libsepol_3.1.bb
delete mode 100644 recipes-security/selinux/mcstrans_3.0.bb
create mode 100644 recipes-security/selinux/mcstrans_3.1.bb
delete mode 100644 recipes-security/selinux/policycoreutils_3.0.bb
create mode 100644 recipes-security/selinux/policycoreutils_3.1.bb
delete mode 100644 recipes-security/selinux/restorecond_3.0.bb
create mode 100644 recipes-security/selinux/restorecond_3.1.bb
delete mode 100644 recipes-security/selinux/secilc_3.0.bb
create mode 100644 recipes-security/selinux/secilc_3.1.bb
delete mode 100644 recipes-security/selinux/selinux-dbus_3.0.bb
create mode 100644 recipes-security/selinux/selinux-dbus_3.1.bb
delete mode 100644 recipes-security/selinux/selinux-gui_3.0.bb
create mode 100644 recipes-security/selinux/selinux-gui_3.1.bb
delete mode 100644 recipes-security/selinux/selinux-python_3.0.bb
create mode 100644 recipes-security/selinux/selinux-python_3.1.bb
delete mode 100644 recipes-security/selinux/selinux-sandbox_3.0.bb
create mode 100644 recipes-security/selinux/selinux-sandbox_3.1.bb
rename recipes-security/selinux/{selinux_20191204.inc => selinux_20200710.inc} (90%)
delete mode 100644 recipes-security/selinux/semodule-utils_3.0.bb
create mode 100644 recipes-security/selinux/semodule-utils_3.1.bb
--
2.25.1
^ permalink raw reply [flat|nested] 18+ messages in thread
* [meta-selinux][PATCH 01/17] audit: enable arm/aarch64 processor support by default
2021-01-07 3:43 [meta-selinux][PATCH 00/17] selinux: upgrade 3.0 -> 3.1 Yi Zhao
@ 2021-01-07 3:43 ` Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 02/17] audit: upgrade 2.8.5 -> 3.0 Yi Zhao
` (15 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Yi Zhao @ 2021-01-07 3:43 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
We encountered a runtime error for auditctl on lib32 image for aarch64:
root@xilinx-zynqmp:~# auditctl -a always,exit -F arch=b32 -S adjtimex -k TEST-time-change
arch elf mapping not found
The root cause is the aarch64 processor support is not enabled for arm
build. Refer to Debian[1] and Fedora[2], actually we can enable
arm/aarch64 processor support unconditionally.
[1] https://salsa.debian.org/debian/audit/-/commit/8c6b2049bafb52712ca981e73d5b79d5bd97e08e
[2] https://src.fedoraproject.org/rpms/audit/blob/master/f/audit.spec
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/audit/audit_2.8.5.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/recipes-security/audit/audit_2.8.5.bb b/recipes-security/audit/audit_2.8.5.bb
index e3e5ddd..e2e0352 100644
--- a/recipes-security/audit/audit_2.8.5.bb
+++ b/recipes-security/audit/audit_2.8.5.bb
@@ -41,9 +41,9 @@ EXTRA_OECONF += "--without-prelude \
--without-python \
--without-golang \
--disable-zos-remote \
+ --with-arm=yes \
+ --with-aarch64=yes \
"
-EXTRA_OECONF_append_arm = " --with-arm=yes"
-EXTRA_OECONF_append_aarch64 = " --with-aarch64=yes"
EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' \
PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [meta-selinux][PATCH 02/17] audit: upgrade 2.8.5 -> 3.0
2021-01-07 3:43 [meta-selinux][PATCH 00/17] selinux: upgrade 3.0 -> 3.1 Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 01/17] audit: enable arm/aarch64 processor support by default Yi Zhao
@ 2021-01-07 3:43 ` Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 03/17] selinux: upgrade inc files to 3.1 (20200710) Yi Zhao
` (14 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Yi Zhao @ 2021-01-07 3:43 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
* Drop backported patches:
0001-Header-definitions-need-to-be-external-when-building.patch
0001-lib-i386_table.h-add-new-syscall.patch
Add-substitue-functions-for-strndupa-rawmemchr.patch
* Refresh patch:
Fixed-swig-host-contamination-issue.patch
* Update auditd.service.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
...ns-need-to-be-external-when-building.patch | 28 ----
...001-lib-i386_table.h-add-new-syscall.patch | 42 ------
...tue-functions-for-strndupa-rawmemchr.patch | 133 ------------------
.../Fixed-swig-host-contamination-issue.patch | 12 +-
recipes-security/audit/audit/auditd.service | 26 ++--
.../audit/{audit_2.8.5.bb => audit_3.0.bb} | 28 ++--
6 files changed, 35 insertions(+), 234 deletions(-)
delete mode 100644 recipes-security/audit/audit/0001-Header-definitions-need-to-be-external-when-building.patch
delete mode 100644 recipes-security/audit/audit/0001-lib-i386_table.h-add-new-syscall.patch
delete mode 100644 recipes-security/audit/audit/Add-substitue-functions-for-strndupa-rawmemchr.patch
rename recipes-security/audit/{audit_2.8.5.bb => audit_3.0.bb} (80%)
diff --git a/recipes-security/audit/audit/0001-Header-definitions-need-to-be-external-when-building.patch b/recipes-security/audit/audit/0001-Header-definitions-need-to-be-external-when-building.patch
deleted file mode 100644
index 65ea478..0000000
--- a/recipes-security/audit/audit/0001-Header-definitions-need-to-be-external-when-building.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 017e6c6ab95df55f34e339d2139def83e5dada1f Mon Sep 17 00:00:00 2001
-From: Steve Grubb <sgrubb@redhat.com>
-Date: Fri, 10 Jan 2020 21:13:50 -0500
-Subject: [PATCH] Header definitions need to be external when building with
- -fno-common (which is default in GCC 10) - Tony Jones
-
-Upstream-Status: Backport
-Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
----
- src/ausearch-common.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/ausearch-common.h b/src/ausearch-common.h
-index 6669203664ec..3040547afe95 100644
---- a/src/ausearch-common.h
-+++ b/src/ausearch-common.h
-@@ -50,7 +50,7 @@ extern pid_t event_pid;
- extern int event_exact_match;
- extern uid_t event_uid, event_euid, event_loginuid;
- extern const char *event_tuid, *event_teuid, *event_tauid;
--slist *event_node_list;
-+extern slist *event_node_list;
- extern const char *event_comm;
- extern const char *event_filename;
- extern const char *event_hostname;
---
-2.17.1
-
diff --git a/recipes-security/audit/audit/0001-lib-i386_table.h-add-new-syscall.patch b/recipes-security/audit/audit/0001-lib-i386_table.h-add-new-syscall.patch
deleted file mode 100644
index 6e1827c..0000000
--- a/recipes-security/audit/audit/0001-lib-i386_table.h-add-new-syscall.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From df878b92e01f4d1c3de7f7d8229cea6a431509eb Mon Sep 17 00:00:00 2001
-From: Mingli Yu <mingli.yu@windriver.com>
-Date: Wed, 19 Feb 2020 15:23:40 +0800
-Subject: [PATCH] lib/i386_table.h: add new syscall
-
-On 32bit system,
-After upgrade glibc to 2.31
- # strace -o /tmp/test.log date -s 09:16:45
- # tail -f /tmp/test.log
- close(3) = 0
- stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=114, ...}) = 0
- clock_settime64(CLOCK_REALTIME, {tv_sec=1582103805, tv_nsec=0}) = 0
- fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(0x4, 0x40), ...}) = 0
- ioctl(1, TCGETS, {B115200 opost isig icanon echo ...}) = 0
- write(1, "Wed Feb 19 09:16:45 UTC 2020\n", 29) = 29
- close(1) = 0
- close(2) = 0
- exit_group(0) = ?
- +++ exited with 0 +++
-
-It means the clock_settime64 syscall is used, so
-add the syscall.
-
-Upstream-Status: Submitted [https://github.com/linux-audit/audit-userspace/pull/116]
-
-Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
----
- lib/i386_table.h | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/lib/i386_table.h b/lib/i386_table.h
-index 1a64c88..65fd4d9 100644
---- a/lib/i386_table.h
-+++ b/lib/i386_table.h
-@@ -405,3 +405,4 @@ _S(383, "statx")
- _S(384, "arch_prctl")
- _S(385, "io_pgetevents")
- _S(386, "rseq")
-+_S(404, "clock_settime64")
---
-2.7.4
-
diff --git a/recipes-security/audit/audit/Add-substitue-functions-for-strndupa-rawmemchr.patch b/recipes-security/audit/audit/Add-substitue-functions-for-strndupa-rawmemchr.patch
deleted file mode 100644
index bb6c61e..0000000
--- a/recipes-security/audit/audit/Add-substitue-functions-for-strndupa-rawmemchr.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-From bdcdc3dff4469aac88e718bd15958d5ed4b9392a Mon Sep 17 00:00:00 2001
-From: Steve Grubb <sgrubb@redhat.com>
-Date: Tue, 26 Feb 2019 18:33:33 -0500
-Subject: [PATCH] Add substitue functions for strndupa & rawmemchr
-
-Upstream-Status: Backport
-[https://github.com/linux-audit/audit-userspace/commit/d579a08bb1cde71f939c13ac6b2261052ae9f77e]
----
- auparse/auparse.c | 12 +++++++++++-
- auparse/interpret.c | 9 ++++++++-
- configure.ac | 14 +++++++++++++-
- src/ausearch-lol.c | 12 +++++++++++-
- 4 files changed, 43 insertions(+), 4 deletions(-)
-
-diff --git a/auparse/auparse.c b/auparse/auparse.c
-index 650db02..2e1c737 100644
---- a/auparse/auparse.c
-+++ b/auparse/auparse.c
-@@ -1,5 +1,5 @@
- /* auparse.c --
-- * Copyright 2006-08,2012-17 Red Hat Inc., Durham, North Carolina.
-+ * Copyright 2006-08,2012-19 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
-@@ -1118,6 +1118,16 @@ static int str2event(char *s, au_event_t *e)
- return 0;
- }
-
-+#ifndef HAVE_STRNDUPA
-+static inline char *strndupa(const char *old, size_t n)
-+{
-+ size_t len = strnlen(old, n);
-+ char *tmp = alloca(len + 1);
-+ tmp[len] = 0;
-+ return memcpy(tmp, old, len);
-+}
-+#endif
-+
- /* Returns 0 on success and 1 on error */
- static int extract_timestamp(const char *b, au_event_t *e)
- {
-diff --git a/auparse/interpret.c b/auparse/interpret.c
-index 51c4a5e..67b7b77 100644
---- a/auparse/interpret.c
-+++ b/auparse/interpret.c
-@@ -853,6 +853,13 @@ err_out:
- return print_escaped(id->val);
- }
-
-+// rawmemchr is faster. Let's use it if we have it.
-+#ifdef HAVE_RAWMEMCHR
-+#define STRCHR rawmemchr
-+#else
-+#define STRCHR strchr
-+#endif
-+
- static const char *print_proctitle(const char *val)
- {
- char *out = (char *)print_escaped(val);
-@@ -863,7 +870,7 @@ static const char *print_proctitle(const char *val)
- // Proctitle has arguments separated by NUL bytes
- // We need to write over the NUL bytes with a space
- // so that we can see the arguments
-- while ((ptr = rawmemchr(ptr, '\0'))) {
-+ while ((ptr = STRCHR(ptr, '\0'))) {
- if (ptr >= end)
- break;
- *ptr = ' ';
-diff --git a/configure.ac b/configure.ac
-index 54bdbf1..aef07fb 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1,7 +1,7 @@
- dnl
- define([AC_INIT_NOTICE],
- [### Generated automatically using autoconf version] AC_ACVERSION [
--### Copyright 2005-18 Steve Grubb <sgrubb@redhat.com>
-+### Copyright 2005-19 Steve Grubb <sgrubb@redhat.com>
- ###
- ### Permission is hereby granted, free of charge, to any person obtaining a
- ### copy of this software and associated documentation files (the "Software"),
-@@ -72,6 +72,18 @@ dnl; posix_fallocate is used in audisp-remote
- AC_CHECK_FUNCS([posix_fallocate])
- dnl; signalfd is needed for libev
- AC_CHECK_FUNC([signalfd], [], [ AC_MSG_ERROR([The signalfd system call is necessary for auditd]) ])
-+dnl; check if rawmemchr is available
-+AC_CHECK_FUNCS([rawmemchr])
-+dnl; check if strndupa is available
-+AC_LINK_IFELSE(
-+ [AC_LANG_SOURCE(
-+ [[
-+ #define _GNU_SOURCE
-+ #include <string.h>
-+ int main() { (void) strndupa("test", 10); return 0; }]])],
-+ [AC_DEFINE(HAVE_STRNDUPA, 1, [Let us know if we have it or not])],
-+ []
-+)
-
- ALLWARNS=""
- ALLDEBUG="-g"
-diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
-index 5d17a72..758c33e 100644
---- a/src/ausearch-lol.c
-+++ b/src/ausearch-lol.c
-@@ -1,6 +1,6 @@
- /*
- * ausearch-lol.c - linked list of linked lists library
--* Copyright (c) 2008,2010,2014,2016 Red Hat Inc., Durham, North Carolina.
-+* Copyright (c) 2008,2010,2014,2016,2019 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This software may be freely redistributed and/or modified under the
-@@ -152,6 +152,16 @@ static int compare_event_time(event *e1, event *e2)
- return 0;
- }
-
-+#ifndef HAVE_STRNDUPA
-+static inline char *strndupa(const char *old, size_t n)
-+{
-+ size_t len = strnlen(old, n);
-+ char *tmp = alloca(len + 1);
-+ tmp[len] = 0;
-+ return memcpy(tmp, old, len);
-+}
-+#endif
-+
- /*
- * This function will look at the line and pick out pieces of it.
- */
---
-2.7.4
-
diff --git a/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch b/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch
index 7c26995..740bcb5 100644
--- a/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch
+++ b/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch
@@ -1,4 +1,4 @@
-From a07271f1cce82122610b622bcea4a8a37528f321 Mon Sep 17 00:00:00 2001
+From 3d13f92c1bb293523670ba01aea7e655b00a6709 Mon Sep 17 00:00:00 2001
From: Li xin <lixin.fnst@cn.fujitsu.com>
Date: Sun, 19 Jul 2015 02:42:58 +0900
Subject: [PATCH] audit: Fixed swig host contamination issue
@@ -19,7 +19,7 @@ Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/bindings/swig/python3/Makefile.am b/bindings/swig/python3/Makefile.am
-index 9938418..fa46aac 100644
+index dd9d934..61b486d 100644
--- a/bindings/swig/python3/Makefile.am
+++ b/bindings/swig/python3/Makefile.am
@@ -22,6 +22,7 @@
@@ -30,7 +30,7 @@ index 9938418..fa46aac 100644
LIBS = $(top_builddir)/lib/libaudit.la
SWIG_FLAGS = -python -py3 -modern
SWIG_INCLUDES = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES)
-@@ -37,7 +38,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudi
+@@ -36,7 +37,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudi
_audit_la_LIBADD = ${top_builddir}/lib/libaudit.la
nodist__audit_la_SOURCES = audit_wrap.c
audit.py audit_wrap.c: ${srcdir}/../src/auditswig.i
@@ -40,7 +40,7 @@ index 9938418..fa46aac 100644
CLEANFILES = audit.py* audit_wrap.c *~
diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i
-index 7ebb373..424fb68 100644
+index 21aafca..dd0f62c 100644
--- a/bindings/swig/src/auditswig.i
+++ b/bindings/swig/src/auditswig.i
@@ -39,7 +39,7 @@ signed
@@ -50,8 +50,8 @@ index 7ebb373..424fb68 100644
-%include "/usr/include/linux/audit.h"
+%include "linux/audit.h"
#define __extension__ /*nothing*/
- #include <stdint.h>
+ %include <stdint.i>
%include "../lib/libaudit.h"
--
-2.7.4
+2.17.1
diff --git a/recipes-security/audit/audit/auditd.service b/recipes-security/audit/audit/auditd.service
index ebc0798..06c63f0 100644
--- a/recipes-security/audit/audit/auditd.service
+++ b/recipes-security/audit/audit/auditd.service
@@ -1,20 +1,28 @@
[Unit]
Description=Security Auditing Service
DefaultDependencies=no
-After=local-fs.target
-Conflicts=shutdown.target
+After=local-fs.target systemd-tmpfiles-setup.service
Before=sysinit.target shutdown.target
-After=systemd-tmpfiles-setup.service
+Conflicts=shutdown.target
+ConditionKernelCommandLine=!audit=0
[Service]
-ExecStart=/sbin/auditd -n
-## To use augenrules, copy this file to /etc/systemd/system/auditd.service
-## and uncomment the next line and delete/comment out the auditctl line.
-## Then copy existing rules to /etc/audit/rules.d/
-## Not doing this last step can cause loss of existing rules
+Type=forking
+PIDFile=/run/auditd.pid
+ExecStart=/sbin/auditd
+## To use augenrules, uncomment the next line and comment/delete the auditctl line.
+## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
#ExecStartPost=-/sbin/augenrules --load
ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
-ExecReload=/bin/kill -HUP $MAINPID
+# By default we don't clear the rules on exit.
+# To enable this, uncomment the next line.
+#ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules
+
+### Security Settings ###
+MemoryDenyWriteExecute=true
+LockPersonality=true
+ProtectControlGroups=true
+ProtectKernelModules=true
[Install]
WantedBy=multi-user.target
diff --git a/recipes-security/audit/audit_2.8.5.bb b/recipes-security/audit/audit_3.0.bb
similarity index 80%
rename from recipes-security/audit/audit_2.8.5.bb
rename to recipes-security/audit/audit_3.0.bb
index e2e0352..b7170c7 100644
--- a/recipes-security/audit/audit_2.8.5.bb
+++ b/recipes-security/audit/audit_3.0.bb
@@ -7,18 +7,15 @@ SECTION = "base"
LICENSE = "GPLv2+ & LGPLv2+"
LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
-SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=2.8_maintenance \
- file://Add-substitue-functions-for-strndupa-rawmemchr.patch \
+SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=master \
file://Fixed-swig-host-contamination-issue.patch \
- file://0001-lib-i386_table.h-add-new-syscall.patch \
- file://0001-Header-definitions-need-to-be-external-when-building.patch \
file://auditd \
file://auditd.service \
file://audit-volatile.conf \
"
S = "${WORKDIR}/git"
-SRCREV = "5fae55c1ad15b3cefe6890eba7311af163e9133c"
+SRCREV = "ea8dbab9e0fb3fb2507ac5b8dc792ef32a97c87e"
inherit autotools python3native update-rc.d systemd
@@ -29,10 +26,9 @@ INITSCRIPT_PARAMS = "defaults"
SYSTEMD_PACKAGES = "auditd"
SYSTEMD_SERVICE_auditd = "auditd.service"
-DEPENDS += "python3 tcp-wrappers libcap-ng linux-libc-headers swig-native"
+DEPENDS = "python3 tcp-wrappers libcap-ng linux-libc-headers swig-native"
-EXTRA_OECONF += "--without-prelude \
- --with-libwrap \
+EXTRA_OECONF = " --with-libwrap \
--enable-gssapi-krb5=no \
--with-libcap-ng=yes \
--with-python3=yes \
@@ -45,7 +41,7 @@ EXTRA_OECONF += "--without-prelude \
--with-aarch64=yes \
"
-EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' \
+EXTRA_OEMAKE = "PYLIBVER='python${PYTHON_BASEVERSION}' \
PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \
pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \
STDINC='${STAGING_INCDIR}' \
@@ -62,7 +58,7 @@ PACKAGES =+ "audispd-plugins"
PACKAGES += "auditd ${PN}-python"
FILES_${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*"
-FILES_auditd += "${bindir}/* ${base_sbindir}/* ${sysconfdir}/*"
+FILES_auditd += "${bindir}/* ${base_sbindir}/* ${sysconfdir}/* ${datadir}/audit/*"
FILES_audispd-plugins += "${sysconfdir}/audisp/audisp-remote.conf \
${sysconfdir}/audisp/plugins.d/au-remote.conf \
${sbindir}/audisp-remote ${localstatedir}/spool/audit \
@@ -70,8 +66,8 @@ FILES_audispd-plugins += "${sysconfdir}/audisp/audisp-remote.conf \
FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug"
FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
-CONFFILES_auditd += "${sysconfdir}/audit/audit.rules"
-RDEPENDS_auditd += "bash"
+CONFFILES_auditd = "${sysconfdir}/audit/audit.rules"
+RDEPENDS_auditd = "bash"
do_install_append() {
rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a
@@ -87,14 +83,14 @@ do_install_append() {
rm -rf ${D}/etc/rc.d
if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ # install systemd unit files
+ install -d ${D}${systemd_unitdir}/system
+ install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system
+
install -d ${D}${sysconfdir}/tmpfiles.d/
install -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/
fi
- # install systemd unit files
- install -d ${D}${systemd_unitdir}/system
- install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system
-
# audit-2.5 doesn't install any rules by default, so we do that here
mkdir -p ${D}/etc/audit ${D}/etc/audit/rules.d
cp ${S}/rules/10-base-config.rules ${D}/etc/audit/rules.d/audit.rules
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [meta-selinux][PATCH 03/17] selinux: upgrade inc files to 3.1 (20200710)
2021-01-07 3:43 [meta-selinux][PATCH 00/17] selinux: upgrade 3.0 -> 3.1 Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 01/17] audit: enable arm/aarch64 processor support by default Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 02/17] audit: upgrade 2.8.5 -> 3.0 Yi Zhao
@ 2021-01-07 3:43 ` Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 04/17] libsepol: upgrade " Yi Zhao
` (13 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Yi Zhao @ 2021-01-07 3:43 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
.../selinux/{selinux_20191204.inc => selinux_20200710.inc} | 2 +-
recipes-security/selinux/selinux_common.inc | 3 +--
2 files changed, 2 insertions(+), 3 deletions(-)
rename recipes-security/selinux/{selinux_20191204.inc => selinux_20200710.inc} (90%)
diff --git a/recipes-security/selinux/selinux_20191204.inc b/recipes-security/selinux/selinux_20200710.inc
similarity index 90%
rename from recipes-security/selinux/selinux_20191204.inc
rename to recipes-security/selinux/selinux_20200710.inc
index 113fc30..a8a76e9 100644
--- a/recipes-security/selinux/selinux_20191204.inc
+++ b/recipes-security/selinux/selinux_20200710.inc
@@ -1,4 +1,4 @@
-SELINUX_RELEASE = "20191204"
+SELINUX_RELEASE = "20200710"
SRC_URI = "https://github.com/SELinuxProject/selinux/releases/download/${SELINUX_RELEASE}/${BPN}-${PV}.tar.gz"
diff --git a/recipes-security/selinux/selinux_common.inc b/recipes-security/selinux/selinux_common.inc
index f6c4a6b..09c0acc 100644
--- a/recipes-security/selinux/selinux_common.inc
+++ b/recipes-security/selinux/selinux_common.inc
@@ -10,6 +10,5 @@ do_install() {
PREFIX="${prefix}" \
INCLUDEDIR="${includedir}" \
LIBDIR="${libdir}" \
- SHLIBDIR="${base_libdir}" \
- SYSTEMDDIR="${systemd_unitdir}"
+ SHLIBDIR="${base_libdir}"
}
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [meta-selinux][PATCH 04/17] libsepol: upgrade to 3.1 (20200710)
2021-01-07 3:43 [meta-selinux][PATCH 00/17] selinux: upgrade 3.0 -> 3.1 Yi Zhao
` (2 preceding siblings ...)
2021-01-07 3:43 ` [meta-selinux][PATCH 03/17] selinux: upgrade inc files to 3.1 (20200710) Yi Zhao
@ 2021-01-07 3:43 ` Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 05/17] libselinux: " Yi Zhao
` (12 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Yi Zhao @ 2021-01-07 3:43 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Drop backported patches:
0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch
0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
...IL_KEY_-build-errors-with-fno-common.patch | 530 ------------------
...e-leftovers-of-cil_mem_error_handler.patch | 65 ---
recipes-security/selinux/libsepol_3.0.bb | 12 -
recipes-security/selinux/libsepol_3.1.bb | 8 +
4 files changed, 8 insertions(+), 607 deletions(-)
delete mode 100644 recipes-security/selinux/libsepol/0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch
delete mode 100644 recipes-security/selinux/libsepol/0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch
delete mode 100644 recipes-security/selinux/libsepol_3.0.bb
create mode 100644 recipes-security/selinux/libsepol_3.1.bb
diff --git a/recipes-security/selinux/libsepol/0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch b/recipes-security/selinux/libsepol/0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch
deleted file mode 100644
index 46c56a4..0000000
--- a/recipes-security/selinux/libsepol/0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch
+++ /dev/null
@@ -1,530 +0,0 @@
-From a96e8c59ecac84096d870b42701a504791a8cc8c Mon Sep 17 00:00:00 2001
-From: Ondrej Mosnacek <omosnace@redhat.com>
-Date: Thu, 23 Jan 2020 13:57:13 +0100
-Subject: [PATCH] libsepol: fix CIL_KEY_* build errors with -fno-common
-
-GCC 10 comes with -fno-common enabled by default - fix the CIL_KEY_*
-global variables to be defined only once in cil.c and declared in the
-header file correctly with the 'extern' keyword, so that other units
-including the file don't generate duplicate definitions.
-
-Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
-
-Upstream-Status: Backport
-[https://github.com/SELinuxProject/selinux/commit/a96e8c59ecac84096d870b42701a504791a8cc8c]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- cil/src/cil.c | 162 ++++++++++++++++
- cil/src/cil_internal.h | 322 ++++++++++++++++----------------
- 2 files changed, 323 insertions(+), 161 deletions(-)
-
-diff --git a/cil/src/cil.c b/cil/src/cil.c
-index de729cf8..d222ad3a 100644
---- a/cil/src/cil.c
-+++ b/cil/src/cil.c
-@@ -77,6 +77,168 @@ int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = {
- {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
- };
-
-+char *CIL_KEY_CONS_T1;
-+char *CIL_KEY_CONS_T2;
-+char *CIL_KEY_CONS_T3;
-+char *CIL_KEY_CONS_R1;
-+char *CIL_KEY_CONS_R2;
-+char *CIL_KEY_CONS_R3;
-+char *CIL_KEY_CONS_U1;
-+char *CIL_KEY_CONS_U2;
-+char *CIL_KEY_CONS_U3;
-+char *CIL_KEY_CONS_L1;
-+char *CIL_KEY_CONS_L2;
-+char *CIL_KEY_CONS_H1;
-+char *CIL_KEY_CONS_H2;
-+char *CIL_KEY_AND;
-+char *CIL_KEY_OR;
-+char *CIL_KEY_NOT;
-+char *CIL_KEY_EQ;
-+char *CIL_KEY_NEQ;
-+char *CIL_KEY_CONS_DOM;
-+char *CIL_KEY_CONS_DOMBY;
-+char *CIL_KEY_CONS_INCOMP;
-+char *CIL_KEY_CONDTRUE;
-+char *CIL_KEY_CONDFALSE;
-+char *CIL_KEY_SELF;
-+char *CIL_KEY_OBJECT_R;
-+char *CIL_KEY_STAR;
-+char *CIL_KEY_TCP;
-+char *CIL_KEY_UDP;
-+char *CIL_KEY_DCCP;
-+char *CIL_KEY_SCTP;
-+char *CIL_KEY_AUDITALLOW;
-+char *CIL_KEY_TUNABLEIF;
-+char *CIL_KEY_ALLOW;
-+char *CIL_KEY_DONTAUDIT;
-+char *CIL_KEY_TYPETRANSITION;
-+char *CIL_KEY_TYPECHANGE;
-+char *CIL_KEY_CALL;
-+char *CIL_KEY_TUNABLE;
-+char *CIL_KEY_XOR;
-+char *CIL_KEY_ALL;
-+char *CIL_KEY_RANGE;
-+char *CIL_KEY_GLOB;
-+char *CIL_KEY_FILE;
-+char *CIL_KEY_DIR;
-+char *CIL_KEY_CHAR;
-+char *CIL_KEY_BLOCK;
-+char *CIL_KEY_SOCKET;
-+char *CIL_KEY_PIPE;
-+char *CIL_KEY_SYMLINK;
-+char *CIL_KEY_ANY;
-+char *CIL_KEY_XATTR;
-+char *CIL_KEY_TASK;
-+char *CIL_KEY_TRANS;
-+char *CIL_KEY_TYPE;
-+char *CIL_KEY_ROLE;
-+char *CIL_KEY_USER;
-+char *CIL_KEY_USERATTRIBUTE;
-+char *CIL_KEY_USERATTRIBUTESET;
-+char *CIL_KEY_SENSITIVITY;
-+char *CIL_KEY_CATEGORY;
-+char *CIL_KEY_CATSET;
-+char *CIL_KEY_LEVEL;
-+char *CIL_KEY_LEVELRANGE;
-+char *CIL_KEY_CLASS;
-+char *CIL_KEY_IPADDR;
-+char *CIL_KEY_MAP_CLASS;
-+char *CIL_KEY_CLASSPERMISSION;
-+char *CIL_KEY_BOOL;
-+char *CIL_KEY_STRING;
-+char *CIL_KEY_NAME;
-+char *CIL_KEY_SOURCE;
-+char *CIL_KEY_TARGET;
-+char *CIL_KEY_LOW;
-+char *CIL_KEY_HIGH;
-+char *CIL_KEY_LOW_HIGH;
-+char *CIL_KEY_GLBLUB;
-+char *CIL_KEY_HANDLEUNKNOWN;
-+char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
-+char *CIL_KEY_HANDLEUNKNOWN_DENY;
-+char *CIL_KEY_HANDLEUNKNOWN_REJECT;
-+char *CIL_KEY_MACRO;
-+char *CIL_KEY_IN;
-+char *CIL_KEY_MLS;
-+char *CIL_KEY_DEFAULTRANGE;
-+char *CIL_KEY_BLOCKINHERIT;
-+char *CIL_KEY_BLOCKABSTRACT;
-+char *CIL_KEY_CLASSORDER;
-+char *CIL_KEY_CLASSMAPPING;
-+char *CIL_KEY_CLASSPERMISSIONSET;
-+char *CIL_KEY_COMMON;
-+char *CIL_KEY_CLASSCOMMON;
-+char *CIL_KEY_SID;
-+char *CIL_KEY_SIDCONTEXT;
-+char *CIL_KEY_SIDORDER;
-+char *CIL_KEY_USERLEVEL;
-+char *CIL_KEY_USERRANGE;
-+char *CIL_KEY_USERBOUNDS;
-+char *CIL_KEY_USERPREFIX;
-+char *CIL_KEY_SELINUXUSER;
-+char *CIL_KEY_SELINUXUSERDEFAULT;
-+char *CIL_KEY_TYPEATTRIBUTE;
-+char *CIL_KEY_TYPEATTRIBUTESET;
-+char *CIL_KEY_EXPANDTYPEATTRIBUTE;
-+char *CIL_KEY_TYPEALIAS;
-+char *CIL_KEY_TYPEALIASACTUAL;
-+char *CIL_KEY_TYPEBOUNDS;
-+char *CIL_KEY_TYPEPERMISSIVE;
-+char *CIL_KEY_RANGETRANSITION;
-+char *CIL_KEY_USERROLE;
-+char *CIL_KEY_ROLETYPE;
-+char *CIL_KEY_ROLETRANSITION;
-+char *CIL_KEY_ROLEALLOW;
-+char *CIL_KEY_ROLEATTRIBUTE;
-+char *CIL_KEY_ROLEATTRIBUTESET;
-+char *CIL_KEY_ROLEBOUNDS;
-+char *CIL_KEY_BOOLEANIF;
-+char *CIL_KEY_NEVERALLOW;
-+char *CIL_KEY_TYPEMEMBER;
-+char *CIL_KEY_SENSALIAS;
-+char *CIL_KEY_SENSALIASACTUAL;
-+char *CIL_KEY_CATALIAS;
-+char *CIL_KEY_CATALIASACTUAL;
-+char *CIL_KEY_CATORDER;
-+char *CIL_KEY_SENSITIVITYORDER;
-+char *CIL_KEY_SENSCAT;
-+char *CIL_KEY_CONSTRAIN;
-+char *CIL_KEY_MLSCONSTRAIN;
-+char *CIL_KEY_VALIDATETRANS;
-+char *CIL_KEY_MLSVALIDATETRANS;
-+char *CIL_KEY_CONTEXT;
-+char *CIL_KEY_FILECON;
-+char *CIL_KEY_IBPKEYCON;
-+char *CIL_KEY_IBENDPORTCON;
-+char *CIL_KEY_PORTCON;
-+char *CIL_KEY_NODECON;
-+char *CIL_KEY_GENFSCON;
-+char *CIL_KEY_NETIFCON;
-+char *CIL_KEY_PIRQCON;
-+char *CIL_KEY_IOMEMCON;
-+char *CIL_KEY_IOPORTCON;
-+char *CIL_KEY_PCIDEVICECON;
-+char *CIL_KEY_DEVICETREECON;
-+char *CIL_KEY_FSUSE;
-+char *CIL_KEY_POLICYCAP;
-+char *CIL_KEY_OPTIONAL;
-+char *CIL_KEY_DEFAULTUSER;
-+char *CIL_KEY_DEFAULTROLE;
-+char *CIL_KEY_DEFAULTTYPE;
-+char *CIL_KEY_ROOT;
-+char *CIL_KEY_NODE;
-+char *CIL_KEY_PERM;
-+char *CIL_KEY_ALLOWX;
-+char *CIL_KEY_AUDITALLOWX;
-+char *CIL_KEY_DONTAUDITX;
-+char *CIL_KEY_NEVERALLOWX;
-+char *CIL_KEY_PERMISSIONX;
-+char *CIL_KEY_IOCTL;
-+char *CIL_KEY_UNORDERED;
-+char *CIL_KEY_SRC_INFO;
-+char *CIL_KEY_SRC_CIL;
-+char *CIL_KEY_SRC_HLL;
-+
- static void cil_init_keys(void)
- {
- /* Initialize CIL Keys into strpool */
-diff --git a/cil/src/cil_internal.h b/cil/src/cil_internal.h
-index 30fab649..9bdcbdd0 100644
---- a/cil/src/cil_internal.h
-+++ b/cil/src/cil_internal.h
-@@ -74,167 +74,167 @@ enum cil_pass {
- /*
- Keywords
- */
--char *CIL_KEY_CONS_T1;
--char *CIL_KEY_CONS_T2;
--char *CIL_KEY_CONS_T3;
--char *CIL_KEY_CONS_R1;
--char *CIL_KEY_CONS_R2;
--char *CIL_KEY_CONS_R3;
--char *CIL_KEY_CONS_U1;
--char *CIL_KEY_CONS_U2;
--char *CIL_KEY_CONS_U3;
--char *CIL_KEY_CONS_L1;
--char *CIL_KEY_CONS_L2;
--char *CIL_KEY_CONS_H1;
--char *CIL_KEY_CONS_H2;
--char *CIL_KEY_AND;
--char *CIL_KEY_OR;
--char *CIL_KEY_NOT;
--char *CIL_KEY_EQ;
--char *CIL_KEY_NEQ;
--char *CIL_KEY_CONS_DOM;
--char *CIL_KEY_CONS_DOMBY;
--char *CIL_KEY_CONS_INCOMP;
--char *CIL_KEY_CONDTRUE;
--char *CIL_KEY_CONDFALSE;
--char *CIL_KEY_SELF;
--char *CIL_KEY_OBJECT_R;
--char *CIL_KEY_STAR;
--char *CIL_KEY_TCP;
--char *CIL_KEY_UDP;
--char *CIL_KEY_DCCP;
--char *CIL_KEY_SCTP;
--char *CIL_KEY_AUDITALLOW;
--char *CIL_KEY_TUNABLEIF;
--char *CIL_KEY_ALLOW;
--char *CIL_KEY_DONTAUDIT;
--char *CIL_KEY_TYPETRANSITION;
--char *CIL_KEY_TYPECHANGE;
--char *CIL_KEY_CALL;
--char *CIL_KEY_TUNABLE;
--char *CIL_KEY_XOR;
--char *CIL_KEY_ALL;
--char *CIL_KEY_RANGE;
--char *CIL_KEY_GLOB;
--char *CIL_KEY_FILE;
--char *CIL_KEY_DIR;
--char *CIL_KEY_CHAR;
--char *CIL_KEY_BLOCK;
--char *CIL_KEY_SOCKET;
--char *CIL_KEY_PIPE;
--char *CIL_KEY_SYMLINK;
--char *CIL_KEY_ANY;
--char *CIL_KEY_XATTR;
--char *CIL_KEY_TASK;
--char *CIL_KEY_TRANS;
--char *CIL_KEY_TYPE;
--char *CIL_KEY_ROLE;
--char *CIL_KEY_USER;
--char *CIL_KEY_USERATTRIBUTE;
--char *CIL_KEY_USERATTRIBUTESET;
--char *CIL_KEY_SENSITIVITY;
--char *CIL_KEY_CATEGORY;
--char *CIL_KEY_CATSET;
--char *CIL_KEY_LEVEL;
--char *CIL_KEY_LEVELRANGE;
--char *CIL_KEY_CLASS;
--char *CIL_KEY_IPADDR;
--char *CIL_KEY_MAP_CLASS;
--char *CIL_KEY_CLASSPERMISSION;
--char *CIL_KEY_BOOL;
--char *CIL_KEY_STRING;
--char *CIL_KEY_NAME;
--char *CIL_KEY_SOURCE;
--char *CIL_KEY_TARGET;
--char *CIL_KEY_LOW;
--char *CIL_KEY_HIGH;
--char *CIL_KEY_LOW_HIGH;
--char *CIL_KEY_GLBLUB;
--char *CIL_KEY_HANDLEUNKNOWN;
--char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
--char *CIL_KEY_HANDLEUNKNOWN_DENY;
--char *CIL_KEY_HANDLEUNKNOWN_REJECT;
--char *CIL_KEY_MACRO;
--char *CIL_KEY_IN;
--char *CIL_KEY_MLS;
--char *CIL_KEY_DEFAULTRANGE;
--char *CIL_KEY_BLOCKINHERIT;
--char *CIL_KEY_BLOCKABSTRACT;
--char *CIL_KEY_CLASSORDER;
--char *CIL_KEY_CLASSMAPPING;
--char *CIL_KEY_CLASSPERMISSIONSET;
--char *CIL_KEY_COMMON;
--char *CIL_KEY_CLASSCOMMON;
--char *CIL_KEY_SID;
--char *CIL_KEY_SIDCONTEXT;
--char *CIL_KEY_SIDORDER;
--char *CIL_KEY_USERLEVEL;
--char *CIL_KEY_USERRANGE;
--char *CIL_KEY_USERBOUNDS;
--char *CIL_KEY_USERPREFIX;
--char *CIL_KEY_SELINUXUSER;
--char *CIL_KEY_SELINUXUSERDEFAULT;
--char *CIL_KEY_TYPEATTRIBUTE;
--char *CIL_KEY_TYPEATTRIBUTESET;
--char *CIL_KEY_EXPANDTYPEATTRIBUTE;
--char *CIL_KEY_TYPEALIAS;
--char *CIL_KEY_TYPEALIASACTUAL;
--char *CIL_KEY_TYPEBOUNDS;
--char *CIL_KEY_TYPEPERMISSIVE;
--char *CIL_KEY_RANGETRANSITION;
--char *CIL_KEY_USERROLE;
--char *CIL_KEY_ROLETYPE;
--char *CIL_KEY_ROLETRANSITION;
--char *CIL_KEY_ROLEALLOW;
--char *CIL_KEY_ROLEATTRIBUTE;
--char *CIL_KEY_ROLEATTRIBUTESET;
--char *CIL_KEY_ROLEBOUNDS;
--char *CIL_KEY_BOOLEANIF;
--char *CIL_KEY_NEVERALLOW;
--char *CIL_KEY_TYPEMEMBER;
--char *CIL_KEY_SENSALIAS;
--char *CIL_KEY_SENSALIASACTUAL;
--char *CIL_KEY_CATALIAS;
--char *CIL_KEY_CATALIASACTUAL;
--char *CIL_KEY_CATORDER;
--char *CIL_KEY_SENSITIVITYORDER;
--char *CIL_KEY_SENSCAT;
--char *CIL_KEY_CONSTRAIN;
--char *CIL_KEY_MLSCONSTRAIN;
--char *CIL_KEY_VALIDATETRANS;
--char *CIL_KEY_MLSVALIDATETRANS;
--char *CIL_KEY_CONTEXT;
--char *CIL_KEY_FILECON;
--char *CIL_KEY_IBPKEYCON;
--char *CIL_KEY_IBENDPORTCON;
--char *CIL_KEY_PORTCON;
--char *CIL_KEY_NODECON;
--char *CIL_KEY_GENFSCON;
--char *CIL_KEY_NETIFCON;
--char *CIL_KEY_PIRQCON;
--char *CIL_KEY_IOMEMCON;
--char *CIL_KEY_IOPORTCON;
--char *CIL_KEY_PCIDEVICECON;
--char *CIL_KEY_DEVICETREECON;
--char *CIL_KEY_FSUSE;
--char *CIL_KEY_POLICYCAP;
--char *CIL_KEY_OPTIONAL;
--char *CIL_KEY_DEFAULTUSER;
--char *CIL_KEY_DEFAULTROLE;
--char *CIL_KEY_DEFAULTTYPE;
--char *CIL_KEY_ROOT;
--char *CIL_KEY_NODE;
--char *CIL_KEY_PERM;
--char *CIL_KEY_ALLOWX;
--char *CIL_KEY_AUDITALLOWX;
--char *CIL_KEY_DONTAUDITX;
--char *CIL_KEY_NEVERALLOWX;
--char *CIL_KEY_PERMISSIONX;
--char *CIL_KEY_IOCTL;
--char *CIL_KEY_UNORDERED;
--char *CIL_KEY_SRC_INFO;
--char *CIL_KEY_SRC_CIL;
--char *CIL_KEY_SRC_HLL;
-+extern char *CIL_KEY_CONS_T1;
-+extern char *CIL_KEY_CONS_T2;
-+extern char *CIL_KEY_CONS_T3;
-+extern char *CIL_KEY_CONS_R1;
-+extern char *CIL_KEY_CONS_R2;
-+extern char *CIL_KEY_CONS_R3;
-+extern char *CIL_KEY_CONS_U1;
-+extern char *CIL_KEY_CONS_U2;
-+extern char *CIL_KEY_CONS_U3;
-+extern char *CIL_KEY_CONS_L1;
-+extern char *CIL_KEY_CONS_L2;
-+extern char *CIL_KEY_CONS_H1;
-+extern char *CIL_KEY_CONS_H2;
-+extern char *CIL_KEY_AND;
-+extern char *CIL_KEY_OR;
-+extern char *CIL_KEY_NOT;
-+extern char *CIL_KEY_EQ;
-+extern char *CIL_KEY_NEQ;
-+extern char *CIL_KEY_CONS_DOM;
-+extern char *CIL_KEY_CONS_DOMBY;
-+extern char *CIL_KEY_CONS_INCOMP;
-+extern char *CIL_KEY_CONDTRUE;
-+extern char *CIL_KEY_CONDFALSE;
-+extern char *CIL_KEY_SELF;
-+extern char *CIL_KEY_OBJECT_R;
-+extern char *CIL_KEY_STAR;
-+extern char *CIL_KEY_TCP;
-+extern char *CIL_KEY_UDP;
-+extern char *CIL_KEY_DCCP;
-+extern char *CIL_KEY_SCTP;
-+extern char *CIL_KEY_AUDITALLOW;
-+extern char *CIL_KEY_TUNABLEIF;
-+extern char *CIL_KEY_ALLOW;
-+extern char *CIL_KEY_DONTAUDIT;
-+extern char *CIL_KEY_TYPETRANSITION;
-+extern char *CIL_KEY_TYPECHANGE;
-+extern char *CIL_KEY_CALL;
-+extern char *CIL_KEY_TUNABLE;
-+extern char *CIL_KEY_XOR;
-+extern char *CIL_KEY_ALL;
-+extern char *CIL_KEY_RANGE;
-+extern char *CIL_KEY_GLOB;
-+extern char *CIL_KEY_FILE;
-+extern char *CIL_KEY_DIR;
-+extern char *CIL_KEY_CHAR;
-+extern char *CIL_KEY_BLOCK;
-+extern char *CIL_KEY_SOCKET;
-+extern char *CIL_KEY_PIPE;
-+extern char *CIL_KEY_SYMLINK;
-+extern char *CIL_KEY_ANY;
-+extern char *CIL_KEY_XATTR;
-+extern char *CIL_KEY_TASK;
-+extern char *CIL_KEY_TRANS;
-+extern char *CIL_KEY_TYPE;
-+extern char *CIL_KEY_ROLE;
-+extern char *CIL_KEY_USER;
-+extern char *CIL_KEY_USERATTRIBUTE;
-+extern char *CIL_KEY_USERATTRIBUTESET;
-+extern char *CIL_KEY_SENSITIVITY;
-+extern char *CIL_KEY_CATEGORY;
-+extern char *CIL_KEY_CATSET;
-+extern char *CIL_KEY_LEVEL;
-+extern char *CIL_KEY_LEVELRANGE;
-+extern char *CIL_KEY_CLASS;
-+extern char *CIL_KEY_IPADDR;
-+extern char *CIL_KEY_MAP_CLASS;
-+extern char *CIL_KEY_CLASSPERMISSION;
-+extern char *CIL_KEY_BOOL;
-+extern char *CIL_KEY_STRING;
-+extern char *CIL_KEY_NAME;
-+extern char *CIL_KEY_SOURCE;
-+extern char *CIL_KEY_TARGET;
-+extern char *CIL_KEY_LOW;
-+extern char *CIL_KEY_HIGH;
-+extern char *CIL_KEY_LOW_HIGH;
-+extern char *CIL_KEY_GLBLUB;
-+extern char *CIL_KEY_HANDLEUNKNOWN;
-+extern char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
-+extern char *CIL_KEY_HANDLEUNKNOWN_DENY;
-+extern char *CIL_KEY_HANDLEUNKNOWN_REJECT;
-+extern char *CIL_KEY_MACRO;
-+extern char *CIL_KEY_IN;
-+extern char *CIL_KEY_MLS;
-+extern char *CIL_KEY_DEFAULTRANGE;
-+extern char *CIL_KEY_BLOCKINHERIT;
-+extern char *CIL_KEY_BLOCKABSTRACT;
-+extern char *CIL_KEY_CLASSORDER;
-+extern char *CIL_KEY_CLASSMAPPING;
-+extern char *CIL_KEY_CLASSPERMISSIONSET;
-+extern char *CIL_KEY_COMMON;
-+extern char *CIL_KEY_CLASSCOMMON;
-+extern char *CIL_KEY_SID;
-+extern char *CIL_KEY_SIDCONTEXT;
-+extern char *CIL_KEY_SIDORDER;
-+extern char *CIL_KEY_USERLEVEL;
-+extern char *CIL_KEY_USERRANGE;
-+extern char *CIL_KEY_USERBOUNDS;
-+extern char *CIL_KEY_USERPREFIX;
-+extern char *CIL_KEY_SELINUXUSER;
-+extern char *CIL_KEY_SELINUXUSERDEFAULT;
-+extern char *CIL_KEY_TYPEATTRIBUTE;
-+extern char *CIL_KEY_TYPEATTRIBUTESET;
-+extern char *CIL_KEY_EXPANDTYPEATTRIBUTE;
-+extern char *CIL_KEY_TYPEALIAS;
-+extern char *CIL_KEY_TYPEALIASACTUAL;
-+extern char *CIL_KEY_TYPEBOUNDS;
-+extern char *CIL_KEY_TYPEPERMISSIVE;
-+extern char *CIL_KEY_RANGETRANSITION;
-+extern char *CIL_KEY_USERROLE;
-+extern char *CIL_KEY_ROLETYPE;
-+extern char *CIL_KEY_ROLETRANSITION;
-+extern char *CIL_KEY_ROLEALLOW;
-+extern char *CIL_KEY_ROLEATTRIBUTE;
-+extern char *CIL_KEY_ROLEATTRIBUTESET;
-+extern char *CIL_KEY_ROLEBOUNDS;
-+extern char *CIL_KEY_BOOLEANIF;
-+extern char *CIL_KEY_NEVERALLOW;
-+extern char *CIL_KEY_TYPEMEMBER;
-+extern char *CIL_KEY_SENSALIAS;
-+extern char *CIL_KEY_SENSALIASACTUAL;
-+extern char *CIL_KEY_CATALIAS;
-+extern char *CIL_KEY_CATALIASACTUAL;
-+extern char *CIL_KEY_CATORDER;
-+extern char *CIL_KEY_SENSITIVITYORDER;
-+extern char *CIL_KEY_SENSCAT;
-+extern char *CIL_KEY_CONSTRAIN;
-+extern char *CIL_KEY_MLSCONSTRAIN;
-+extern char *CIL_KEY_VALIDATETRANS;
-+extern char *CIL_KEY_MLSVALIDATETRANS;
-+extern char *CIL_KEY_CONTEXT;
-+extern char *CIL_KEY_FILECON;
-+extern char *CIL_KEY_IBPKEYCON;
-+extern char *CIL_KEY_IBENDPORTCON;
-+extern char *CIL_KEY_PORTCON;
-+extern char *CIL_KEY_NODECON;
-+extern char *CIL_KEY_GENFSCON;
-+extern char *CIL_KEY_NETIFCON;
-+extern char *CIL_KEY_PIRQCON;
-+extern char *CIL_KEY_IOMEMCON;
-+extern char *CIL_KEY_IOPORTCON;
-+extern char *CIL_KEY_PCIDEVICECON;
-+extern char *CIL_KEY_DEVICETREECON;
-+extern char *CIL_KEY_FSUSE;
-+extern char *CIL_KEY_POLICYCAP;
-+extern char *CIL_KEY_OPTIONAL;
-+extern char *CIL_KEY_DEFAULTUSER;
-+extern char *CIL_KEY_DEFAULTROLE;
-+extern char *CIL_KEY_DEFAULTTYPE;
-+extern char *CIL_KEY_ROOT;
-+extern char *CIL_KEY_NODE;
-+extern char *CIL_KEY_PERM;
-+extern char *CIL_KEY_ALLOWX;
-+extern char *CIL_KEY_AUDITALLOWX;
-+extern char *CIL_KEY_DONTAUDITX;
-+extern char *CIL_KEY_NEVERALLOWX;
-+extern char *CIL_KEY_PERMISSIONX;
-+extern char *CIL_KEY_IOCTL;
-+extern char *CIL_KEY_UNORDERED;
-+extern char *CIL_KEY_SRC_INFO;
-+extern char *CIL_KEY_SRC_CIL;
-+extern char *CIL_KEY_SRC_HLL;
-
- /*
- Symbol Table Array Indices
---
-2.17.1
-
diff --git a/recipes-security/selinux/libsepol/0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch b/recipes-security/selinux/libsepol/0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch
deleted file mode 100644
index 674fddd..0000000
--- a/recipes-security/selinux/libsepol/0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 3d32fc24d6aff360a538c63dad08ca5c957551b0 Mon Sep 17 00:00:00 2001
-From: Ondrej Mosnacek <omosnace@redhat.com>
-Date: Thu, 23 Jan 2020 13:57:14 +0100
-Subject: [PATCH] libsepol: remove leftovers of cil_mem_error_handler
-
-Commit 4459d635b8f1 ("libsepol: Remove cil_mem_error_handler() function
-pointer") replaced cil_mem_error_handler usage with inline contents of
-the default handler. However, it left over the header declaration and
-two callers. Convert these as well and remove the header declaration.
-
-This also fixes a build failure with -fno-common.
-
-Fixes: 4459d635b8f1 ("libsepol: Remove cil_mem_error_handler() function pointer")
-Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
-
-Upstream-Status: Backport
-[https://github.com/SELinuxProject/selinux/commit/3d32fc24d6aff360a538c63dad08ca5c957551b0]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- cil/src/cil_mem.h | 1 -
- cil/src/cil_strpool.c | 8 ++++----
- 2 files changed, 4 insertions(+), 5 deletions(-)
-
-diff --git a/cil/src/cil_mem.h b/cil/src/cil_mem.h
-index 902ce131..794f02a3 100644
---- a/cil/src/cil_mem.h
-+++ b/cil/src/cil_mem.h
-@@ -36,7 +36,6 @@ void *cil_calloc(size_t num_elements, size_t element_size);
- void *cil_realloc(void *ptr, size_t size);
- char *cil_strdup(const char *str);
- int cil_asprintf(char **strp, const char *fmt, ...);
--void (*cil_mem_error_handler)(void);
-
- #endif /* CIL_MEM_H_ */
-
-diff --git a/cil/src/cil_strpool.c b/cil/src/cil_strpool.c
-index 97d4c4b9..2598bbf3 100644
---- a/cil/src/cil_strpool.c
-+++ b/cil/src/cil_strpool.c
-@@ -80,8 +80,8 @@ char *cil_strpool_add(const char *str)
- int rc = hashtab_insert(cil_strpool_tab, (hashtab_key_t)strpool_ref->str, strpool_ref);
- if (rc != SEPOL_OK) {
- pthread_mutex_unlock(&cil_strpool_mutex);
-- (*cil_mem_error_handler)();
-- pthread_mutex_lock(&cil_strpool_mutex);
-+ cil_log(CIL_ERR, "Failed to allocate memory\n");
-+ exit(1);
- }
- }
-
-@@ -104,8 +104,8 @@ void cil_strpool_init(void)
- cil_strpool_tab = hashtab_create(cil_strpool_hash, cil_strpool_compare, CIL_STRPOOL_TABLE_SIZE);
- if (cil_strpool_tab == NULL) {
- pthread_mutex_unlock(&cil_strpool_mutex);
-- (*cil_mem_error_handler)();
-- return;
-+ cil_log(CIL_ERR, "Failed to allocate memory\n");
-+ exit(1);
- }
- }
- cil_strpool_readers++;
---
-2.17.1
-
diff --git a/recipes-security/selinux/libsepol_3.0.bb b/recipes-security/selinux/libsepol_3.0.bb
deleted file mode 100644
index 58559d7..0000000
--- a/recipes-security/selinux/libsepol_3.0.bb
+++ /dev/null
@@ -1,12 +0,0 @@
-require selinux_20191204.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
-
-SRC_URI[md5sum] = "22ddb9994910cb9cfff5cb9663cb7ae7"
-SRC_URI[sha256sum] = "5b7ae1881909f1048b06f7a0c364c5c8a86ec12e0ec76e740fe9595a6033eb79"
-
-SRC_URI += "\
- file://0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch \
- file://0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch \
- "
diff --git a/recipes-security/selinux/libsepol_3.1.bb b/recipes-security/selinux/libsepol_3.1.bb
new file mode 100644
index 0000000..1568025
--- /dev/null
+++ b/recipes-security/selinux/libsepol_3.1.bb
@@ -0,0 +1,8 @@
+require selinux_20200710.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
+
+SRC_URI[md5sum] = "b56dc01b76b97dcb730ab4e2fd1c9dea"
+SRC_URI[sha256sum] = "ae6778d01443fdd38cd30eeee846494e19f4d407b09872580372f4aa4bf8a3cc"
+
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [meta-selinux][PATCH 05/17] libselinux: upgrade to 3.1 (20200710)
2021-01-07 3:43 [meta-selinux][PATCH 00/17] selinux: upgrade 3.0 -> 3.1 Yi Zhao
` (3 preceding siblings ...)
2021-01-07 3:43 ` [meta-selinux][PATCH 04/17] libsepol: upgrade " Yi Zhao
@ 2021-01-07 3:43 ` Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 06/17] libselinux-python: " Yi Zhao
` (11 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Yi Zhao @ 2021-01-07 3:43 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Drop backported and obsolete patches:
0001-Fix-building-against-musl-and-uClibc-libc-libraries.patch
libselinux-drop-Wno-unused-but-set-variable.patch
Add patch to fix build on musl:
0001-libselinux-do-not-define-gettid-for-musl.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
...ainst-musl-and-uClibc-libc-libraries.patch | 38 ---------------
...elinux-do-not-define-gettid-for-musl.patch | 47 +++++++++++++++++++
...nux-drop-Wno-unused-but-set-variable.patch | 26 ----------
recipes-security/selinux/libselinux_3.0.bb | 15 ------
recipes-security/selinux/libselinux_3.1.bb | 17 +++++++
5 files changed, 64 insertions(+), 79 deletions(-)
delete mode 100644 recipes-security/selinux/libselinux/0001-Fix-building-against-musl-and-uClibc-libc-libraries.patch
create mode 100644 recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch
delete mode 100644 recipes-security/selinux/libselinux/libselinux-drop-Wno-unused-but-set-variable.patch
delete mode 100644 recipes-security/selinux/libselinux_3.0.bb
create mode 100644 recipes-security/selinux/libselinux_3.1.bb
diff --git a/recipes-security/selinux/libselinux/0001-Fix-building-against-musl-and-uClibc-libc-libraries.patch b/recipes-security/selinux/libselinux/0001-Fix-building-against-musl-and-uClibc-libc-libraries.patch
deleted file mode 100644
index 8308553..0000000
--- a/recipes-security/selinux/libselinux/0001-Fix-building-against-musl-and-uClibc-libc-libraries.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 61bfcbffce32be51d712040c3f84293b78428184 Mon Sep 17 00:00:00 2001
-From: Adam Duskett <Aduskett@gmail.com>
-Date: Tue, 7 Apr 2020 13:53:05 -0700
-Subject: [PATCH] Fix building against musl and uClibc libc libraries.
-
-Currently, the src/Makefile provides the FTS_LDLIBS when building against musl
-or uClibc. However, this is missing from utils/Makefile, which causes linking
-to fail.
-
-Add the FTS_LDLIBS variable to the LDLIBS variable in utils/Makefile to fix
-compiling against uClibc and musl.
-
-Signed-off-by: Adam Duskett <Aduskett@gmail.com>
-
-Upstream-Status: Backport
-[https://github.com/SELinuxProject/selinux/commit/aa40067b7b86d5e4c951fccae1aa98baff148613]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- utils/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/utils/Makefile b/utils/Makefile
-index 3615063..a5632b7 100644
---- a/utils/Makefile
-+++ b/utils/Makefile
-@@ -45,7 +45,7 @@ endif
-
- override CFLAGS += -I../include -D_GNU_SOURCE $(DISABLE_FLAGS) $(PCRE_CFLAGS)
- override LDFLAGS += -L../src
--override LDLIBS += -lselinux
-+override LDLIBS += -lselinux $(FTS_LDLIBS)
- PCRE_LDLIBS ?= -lpcre
-
- ifeq ($(ANDROID_HOST),y)
---
-2.7.4
-
diff --git a/recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch b/recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch
new file mode 100644
index 0000000..5d6e409
--- /dev/null
+++ b/recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch
@@ -0,0 +1,47 @@
+From 5f6f4a095bc82b29c3871d4d8a15d9c16cef39ef Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Wed, 6 Jan 2021 10:42:11 +0800
+Subject: [PATCH] libselinux: do not define gettid() for musl
+
+The musl has implemented gettid() function:
+http://git.musl-libc.org/cgit/musl/commit/?id=d49cf07541bb54a5ac7aec1feec8514db33db8ea
+
+Fixes:
+procattr.c:38:14: error: static declaration of 'gettid' follows non-static declaration
+ 38 | static pid_t gettid(void)
+ | ^~~~~~
+In file included from procattr.c:2:
+/build/tmp/work/core2-32-poky-linux-musl/libselinux/3.1-r0/recipe-sysroot/usr/include/unistd.h:194:7:
+note: previous declaration of 'gettid' was here
+ 194 | pid_t gettid(void);
+ | ^~~~~~
+
+Upstream-Status: Pending
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/procattr.c | 8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+diff --git a/src/procattr.c b/src/procattr.c
+index 926ee54..519e515 100644
+--- a/src/procattr.c
++++ b/src/procattr.c
+@@ -24,13 +24,7 @@ static __thread char destructor_initialized;
+
+ /* Bionic and glibc >= 2.30 declare gettid() system call wrapper in unistd.h and
+ * has a definition for it */
+-#ifdef __BIONIC__
+- #define OVERRIDE_GETTID 0
+-#elif !defined(__GLIBC_PREREQ)
+- #define OVERRIDE_GETTID 1
+-#elif !__GLIBC_PREREQ(2,30)
+- #define OVERRIDE_GETTID 1
+-#else
++#if !defined(__GLIBC_)
+ #define OVERRIDE_GETTID 0
+ #endif
+
+--
+2.17.1
+
diff --git a/recipes-security/selinux/libselinux/libselinux-drop-Wno-unused-but-set-variable.patch b/recipes-security/selinux/libselinux/libselinux-drop-Wno-unused-but-set-variable.patch
deleted file mode 100644
index 688b4e3..0000000
--- a/recipes-security/selinux/libselinux/libselinux-drop-Wno-unused-but-set-variable.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 865b8c40b331235ce2c9df1fcbbb3876c9b79338 Mon Sep 17 00:00:00 2001
-From: Randy MacLeod <Randy.MacLeod@windriver.com>
-Date: Tue, 30 Apr 2013 17:28:34 -0400
-Subject: [PATCH] libselinux: drop flag: -Wno-unused-but-set-variable
-
-Upstream status: Inappropriate [older compilers only]
-
-Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
-
----
- src/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/Makefile b/src/Makefile
-index 2408fae..a89c0f7 100644
---- a/src/Makefile
-+++ b/src/Makefile
-@@ -96,7 +96,7 @@ PCRE_LDLIBS ?= -lpcre
-
- override CFLAGS += -I../include -D_GNU_SOURCE $(DISABLE_FLAGS) $(PCRE_CFLAGS)
-
--SWIG_CFLAGS += -Wno-error -Wno-unused-variable -Wno-unused-but-set-variable -Wno-unused-parameter \
-+SWIG_CFLAGS += -Wno-error -Wno-unused-variable -Wno-unused-parameter \
- -Wno-shadow -Wno-uninitialized -Wno-missing-prototypes -Wno-missing-declarations
-
- RANLIB ?= ranlib
diff --git a/recipes-security/selinux/libselinux_3.0.bb b/recipes-security/selinux/libselinux_3.0.bb
deleted file mode 100644
index 05d2346..0000000
--- a/recipes-security/selinux/libselinux_3.0.bb
+++ /dev/null
@@ -1,15 +0,0 @@
-require selinux_20191204.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
-
-SRC_URI[md5sum] = "b387a66f087b6d97713570e85ec89d89"
-SRC_URI[sha256sum] = "2ea2b30f671dae9d6b1391cbe8fb2ce5d36a3ee4fb1cd3c32f0d933c31b82433"
-
-SRC_URI += "\
- file://libselinux-drop-Wno-unused-but-set-variable.patch \
- file://libselinux-make-O_CLOEXEC-optional.patch \
- file://libselinux-make-SOCK_CLOEXEC-optional.patch \
- file://libselinux-define-FD_CLOEXEC-as-necessary.patch \
- file://0001-Fix-building-against-musl-and-uClibc-libc-libraries.patch \
- "
diff --git a/recipes-security/selinux/libselinux_3.1.bb b/recipes-security/selinux/libselinux_3.1.bb
new file mode 100644
index 0000000..9d1cda5
--- /dev/null
+++ b/recipes-security/selinux/libselinux_3.1.bb
@@ -0,0 +1,17 @@
+require selinux_20200710.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
+
+SRC_URI[md5sum] = "693680c021feb69a4b258b0370021461"
+SRC_URI[sha256sum] = "ea5dcbb4d859e3f999c26a13c630da2f16dff9462e3cc8cb7b458ac157d112e7"
+
+SRC_URI += "\
+ file://libselinux-make-O_CLOEXEC-optional.patch \
+ file://libselinux-make-SOCK_CLOEXEC-optional.patch \
+ file://libselinux-define-FD_CLOEXEC-as-necessary.patch \
+ "
+
+SRC_URI_append_libc-musl = " \
+ file://0001-libselinux-do-not-define-gettid-for-musl.patch \
+ "
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [meta-selinux][PATCH 06/17] libselinux-python: upgrade to 3.1 (20200710)
2021-01-07 3:43 [meta-selinux][PATCH 00/17] selinux: upgrade 3.0 -> 3.1 Yi Zhao
` (4 preceding siblings ...)
2021-01-07 3:43 ` [meta-selinux][PATCH 05/17] libselinux: " Yi Zhao
@ 2021-01-07 3:43 ` Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 07/17] libsemanage: " Yi Zhao
` (10 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Yi Zhao @ 2021-01-07 3:43 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Refresh patches:
0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
0001-Makefile-fix-python-modules-install-path-for-multili.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
...linux-python_3.0.bb => libselinux-python_3.1.bb} | 13 ++++++++-----
...-PYCEXT-and-rely-on-the-installed-file-nam.patch | 12 ++++++------
...ix-python-modules-install-path-for-multili.patch | 12 ++++++------
3 files changed, 20 insertions(+), 17 deletions(-)
rename recipes-security/selinux/{libselinux-python_3.0.bb => libselinux-python_3.1.bb} (66%)
diff --git a/recipes-security/selinux/libselinux-python_3.0.bb b/recipes-security/selinux/libselinux-python_3.1.bb
similarity index 66%
rename from recipes-security/selinux/libselinux-python_3.0.bb
rename to recipes-security/selinux/libselinux-python_3.1.bb
index 2b5438d..9493083 100644
--- a/recipes-security/selinux/libselinux-python_3.0.bb
+++ b/recipes-security/selinux/libselinux-python_3.1.bb
@@ -1,4 +1,4 @@
-SELINUX_RELEASE = "20191204"
+SELINUX_RELEASE = "20200710"
SRC_URI = "https://github.com/SELinuxProject/selinux/releases/download/${SELINUX_RELEASE}/libselinux-${PV}.tar.gz"
@@ -6,16 +6,19 @@ require ${BPN}.inc
LIC_FILES_CHKSUM = "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
-SRC_URI[md5sum] = "b387a66f087b6d97713570e85ec89d89"
-SRC_URI[sha256sum] = "2ea2b30f671dae9d6b1391cbe8fb2ce5d36a3ee4fb1cd3c32f0d933c31b82433"
+SRC_URI[md5sum] = "693680c021feb69a4b258b0370021461"
+SRC_URI[sha256sum] = "ea5dcbb4d859e3f999c26a13c630da2f16dff9462e3cc8cb7b458ac157d112e7"
SRC_URI += "\
- file://libselinux-drop-Wno-unused-but-set-variable.patch \
file://libselinux-make-O_CLOEXEC-optional.patch \
file://libselinux-make-SOCK_CLOEXEC-optional.patch \
file://libselinux-define-FD_CLOEXEC-as-necessary.patch \
- file://0001-Fix-building-against-musl-and-uClibc-libc-libraries.patch \
file://0001-Makefile-fix-python-modules-install-path-for-multili.patch \
file://0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch \
"
+
+SRC_URI_append_libc-musl = " \
+ file://0001-libselinux-do-not-define-gettid-for-musl.patch \
+ "
+
S = "${WORKDIR}/libselinux-${PV}"
diff --git a/recipes-security/selinux/libselinux/0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch b/recipes-security/selinux/libselinux/0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
index b7cd59d..0fafcef 100644
--- a/recipes-security/selinux/libselinux/0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
+++ b/recipes-security/selinux/libselinux/0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
@@ -1,4 +1,4 @@
-From 0d4da8093bc2ef92b7c6f7fd1f4804f6ebc6cb56 Mon Sep 17 00:00:00 2001
+From 1542c79660484a2f2e24ee0593586dba35c3ad13 Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Date: Fri, 25 Oct 2019 13:37:14 +0200
Subject: [PATCH] Do not use PYCEXT, and rely on the installed file name
@@ -27,20 +27,20 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com>
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/Makefile b/src/Makefile
-index a384a10..82adf82 100644
+index dcdeb10..da6f719 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -15,7 +15,6 @@ INCLUDEDIR ?= $(PREFIX)/include
PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(plat_specific=1, prefix='$(PREFIX)'))")
--PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in imp.get_suffixes() if t == imp.C_EXTENSION][0])')
+-PYCEXT ?= $(shell $(PYTHON) -c 'import importlib.machinery;print(importlib.machinery.EXTENSION_SUFFIXES[0])')
RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]')
RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]')
RUBYINSTALL ?= $(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')
-@@ -175,7 +174,7 @@ install: all
+@@ -176,7 +175,7 @@ install: all
install-pywrap: pywrap
- $(PYTHON) setup.py install --prefix=$(PREFIX) --root=$(DESTDIR) --install-lib=$(PYTHONLIBDIR)
+ $(PYTHON) setup.py install --prefix=$(PREFIX) --root=$(DESTDIR) --install-lib=$(PYTHONLIBDIR) $(PYTHON_SETUP_ARGS)
install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
- ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
+ ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux*.so $(DESTDIR)$(PYTHONLIBDIR)/
@@ -48,5 +48,5 @@ index a384a10..82adf82 100644
install-rubywrap: rubywrap
test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL)
--
-2.24.1
+2.17.1
diff --git a/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch b/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch
index f0fee23..9dfd8d4 100644
--- a/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch
+++ b/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch
@@ -1,4 +1,4 @@
-From 930514c1b93335ccf6d70adf46ca7e3f8183603d Mon Sep 17 00:00:00 2001
+From 41540f5c4e3552a2806097613f016d1a2fd4754a Mon Sep 17 00:00:00 2001
From: Yi Zhao <yi.zhao@windriver.com>
Date: Mon, 13 Apr 2020 12:44:23 +0800
Subject: [PATCH] Makefile: fix python modules install path for multilib
@@ -11,18 +11,18 @@ Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/Makefile b/src/Makefile
-index b0ce2c8..a384a10 100644
+index 190016e..dcdeb10 100644
--- a/src/Makefile
+++ b/src/Makefile
-@@ -173,7 +173,7 @@ install: all
+@@ -174,7 +174,7 @@ install: all
ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
install-pywrap: pywrap
-- $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
-+ $(PYTHON) setup.py install --prefix=$(PREFIX) --root=$(DESTDIR) --install-lib=$(PYTHONLIBDIR)
+- $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` $(PYTHON_SETUP_ARGS)
++ $(PYTHON) setup.py install --prefix=$(PREFIX) --root=$(DESTDIR) --install-lib=$(PYTHONLIBDIR) $(PYTHON_SETUP_ARGS)
install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
--
-2.7.4
+2.17.1
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [meta-selinux][PATCH 07/17] libsemanage: upgrade to 3.1 (20200710)
2021-01-07 3:43 [meta-selinux][PATCH 00/17] selinux: upgrade 3.0 -> 3.1 Yi Zhao
` (5 preceding siblings ...)
2021-01-07 3:43 ` [meta-selinux][PATCH 06/17] libselinux-python: " Yi Zhao
@ 2021-01-07 3:43 ` Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 08/17] checkpolicy: upgrade to 3.0 (20191204) Yi Zhao
` (9 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Yi Zhao @ 2021-01-07 3:43 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
* Drop obsolete patch:
libsemanage-drop-Wno-unused-but-set-variable.patch
* Refresh patch:
libsemanage-allow-to-disable-audit-support.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
...anage-allow-to-disable-audit-support.patch | 12 ++++----
...age-drop-Wno-unused-but-set-variable.patch | 28 -------------------
...{libsemanage_3.0.bb => libsemanage_3.1.bb} | 7 ++---
3 files changed, 9 insertions(+), 38 deletions(-)
delete mode 100644 recipes-security/selinux/libsemanage/libsemanage-drop-Wno-unused-but-set-variable.patch
rename recipes-security/selinux/{libsemanage_3.0.bb => libsemanage_3.1.bb} (60%)
diff --git a/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
index c588b61..ff5cb00 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
@@ -1,4 +1,4 @@
-From 1633f72579e3b79d055759256b71e4169627889b Mon Sep 17 00:00:00 2001
+From e76867515be3bc296174aeb26c7996a0939a2a8c Mon Sep 17 00:00:00 2001
From: Wenzong Fan <wenzong.fan@windriver.com>
Date: Mon, 20 Jan 2014 03:53:48 -0500
Subject: [PATCH] libsemanage: allow to disable audit support
@@ -13,11 +13,11 @@ Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
3 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/src/Makefile b/src/Makefile
-index 3bd1e20..483e818 100644
+index a0eb374..afc4437 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -26,6 +26,14 @@ ifeq ($(DEBUG),1)
- export LDFLAGS = -g
+ export LDFLAGS ?= -g
endif
+DISABLE_AUDIT ?= n
@@ -31,7 +31,7 @@ index 3bd1e20..483e818 100644
LEX = flex
LFLAGS = -s
YACC = bison
-@@ -88,7 +96,7 @@ $(LIBA): $(OBJS)
+@@ -89,7 +97,7 @@ $(LIBA): $(OBJS)
$(RANLIB) $@
$(LIBSO): $(LOBJS)
@@ -41,7 +41,7 @@ index 3bd1e20..483e818 100644
$(LIBPC): $(LIBPC).in ../VERSION
diff --git a/src/seusers_local.c b/src/seusers_local.c
-index 3e2761c..8bc6b83 100644
+index 6508ec0..1b26956 100644
--- a/src/seusers_local.c
+++ b/src/seusers_local.c
@@ -8,7 +8,11 @@ typedef struct semanage_seuser record_t;
@@ -122,5 +122,5 @@ index 69f49a3..f914492 100644
OBJECTS = $(SOURCES:.c=.o)
POLICIES = $(CILS:.cil=.policy)
--
-2.7.4
+2.17.1
diff --git a/recipes-security/selinux/libsemanage/libsemanage-drop-Wno-unused-but-set-variable.patch b/recipes-security/selinux/libsemanage/libsemanage-drop-Wno-unused-but-set-variable.patch
deleted file mode 100644
index c9b052c..0000000
--- a/recipes-security/selinux/libsemanage/libsemanage-drop-Wno-unused-but-set-variable.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 90a2459d1683e53f4a896b977e6b396db562c903 Mon Sep 17 00:00:00 2001
-From: Randy MacLeod <Randy.MacLeod@windriver.com>
-Date: Tue, 30 Apr 2013 23:15:57 -0400
-Subject: [PATCH] libselinux: drop flag: -Wno-unused-but-set-variable
-
-Upstream-Status: Inappropriate [older compilers only]
-
-Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
----
- src/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/Makefile b/src/Makefile
-index e029f09..8240c3a 100644
---- a/src/Makefile
-+++ b/src/Makefile
-@@ -55,7 +55,7 @@ OBJS= $(patsubst %.c,%.o,$(SRCS)) conf-scan.o conf-parse.o
- LOBJS= $(patsubst %.c,%.lo,$(SRCS)) conf-scan.lo conf-parse.lo
- CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
-
--SWIG_CFLAGS += -Wno-error -Wno-unused-but-set-variable -Wno-unused-variable -Wno-shadow \
-+SWIG_CFLAGS += -Wno-error -Wno-unused-variable -Wno-shadow \
- -Wno-unused-parameter
-
- override CFLAGS += -I../include -D_GNU_SOURCE
---
-2.7.4
-
diff --git a/recipes-security/selinux/libsemanage_3.0.bb b/recipes-security/selinux/libsemanage_3.1.bb
similarity index 60%
rename from recipes-security/selinux/libsemanage_3.0.bb
rename to recipes-security/selinux/libsemanage_3.1.bb
index 450675b..8e6781f 100644
--- a/recipes-security/selinux/libsemanage_3.0.bb
+++ b/recipes-security/selinux/libsemanage_3.1.bb
@@ -1,14 +1,13 @@
-require selinux_20191204.inc
+require selinux_20200710.inc
require ${BPN}.inc
LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
-SRC_URI[md5sum] = "17a2fc780af0a36f2cf27ab7c4e85946"
-SRC_URI[sha256sum] = "a497b0720d54eac427f1f3f618eed417e50ed8f4e47ed0f7a1d391bd416e84cf"
+SRC_URI[md5sum] = "d16eee8c1dc8cf43f59957d575d6bd29"
+SRC_URI[sha256sum] = "22d6c75526e40d1781c30bcf29abf97171bdfe6780923f11c8e1c76a75a21ff8"
SRC_URI += "\
file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \
- file://libsemanage-drop-Wno-unused-but-set-variable.patch \
file://libsemanage-define-FD_CLOEXEC-as-necessary.patch \
file://libsemanage-allow-to-disable-audit-support.patch \
file://libsemanage-disable-expand-check-on-policy-load.patch \
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [meta-selinux][PATCH 08/17] checkpolicy: upgrade to 3.0 (20191204)
2021-01-07 3:43 [meta-selinux][PATCH 00/17] selinux: upgrade 3.0 -> 3.1 Yi Zhao
` (6 preceding siblings ...)
2021-01-07 3:43 ` [meta-selinux][PATCH 07/17] libsemanage: " Yi Zhao
@ 2021-01-07 3:43 ` Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 09/17] secilc: upgrade to 3.1 (20200710) Yi Zhao
` (8 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Yi Zhao @ 2021-01-07 3:43 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Drop backported patch:
0001-checkpolicy-remove-unused-te_assertions.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
...ckpolicy-remove-unused-te_assertions.patch | 45 -------------------
recipes-security/selinux/checkpolicy_3.0.bb | 11 -----
recipes-security/selinux/checkpolicy_3.1.bb | 7 +++
3 files changed, 7 insertions(+), 56 deletions(-)
delete mode 100644 recipes-security/selinux/checkpolicy/0001-checkpolicy-remove-unused-te_assertions.patch
delete mode 100644 recipes-security/selinux/checkpolicy_3.0.bb
create mode 100644 recipes-security/selinux/checkpolicy_3.1.bb
diff --git a/recipes-security/selinux/checkpolicy/0001-checkpolicy-remove-unused-te_assertions.patch b/recipes-security/selinux/checkpolicy/0001-checkpolicy-remove-unused-te_assertions.patch
deleted file mode 100644
index 61c301e..0000000
--- a/recipes-security/selinux/checkpolicy/0001-checkpolicy-remove-unused-te_assertions.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 95d8f16ece96829109eb75a605b1459a25b5a6be Mon Sep 17 00:00:00 2001
-From: Ondrej Mosnacek <omosnace@redhat.com>
-Date: Thu, 23 Jan 2020 13:57:15 +0100
-Subject: [PATCH] checkpolicy: remove unused te_assertions
-
-This variable is declared in a header file, but never defined or used.
-The te_assert structure definition is only used in this declaration, so
-remove both.
-
-Upstream-Status: Backport [https://github.com/SELinuxProject/selinux/commit/4d330d0d3155211f119b3082f728ae42dcc01e96]
-
-Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
-Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
----
- checkpolicy/checkpolicy.h | 14 --------------
- 1 file changed, 14 deletions(-)
-
-diff --git a/checkpolicy.h b/checkpolicy.h
-index 3868f1fa023b..f127687e72a6 100644
---- a/checkpolicy.h
-+++ b/checkpolicy.h
-@@ -1,20 +1,6 @@
- #ifndef _CHECKPOLICY_H_
- #define _CHECKPOLICY_H_
-
--#include <sepol/policydb/ebitmap.h>
--
--typedef struct te_assert {
-- ebitmap_t stypes;
-- ebitmap_t ttypes;
-- ebitmap_t tclasses;
-- int self;
-- sepol_access_vector_t *avp;
-- unsigned long line;
-- struct te_assert *next;
--} te_assert_t;
--
--te_assert_t *te_assertions;
--
- extern unsigned int policyvers;
-
- #endif
---
-2.24.1
-
diff --git a/recipes-security/selinux/checkpolicy_3.0.bb b/recipes-security/selinux/checkpolicy_3.0.bb
deleted file mode 100644
index 50d6217..0000000
--- a/recipes-security/selinux/checkpolicy_3.0.bb
+++ /dev/null
@@ -1,11 +0,0 @@
-require selinux_20191204.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "b7c5547b95ce855bcdc10cb8adba8223"
-SRC_URI[sha256sum] = "c88c719a141dd5c1202d49c378c7f063349d630522d5e04dc6e0c53da81aa4f8"
-
-SRC_URI += "\
- file://0001-checkpolicy-remove-unused-te_assertions.patch \
-"
diff --git a/recipes-security/selinux/checkpolicy_3.1.bb b/recipes-security/selinux/checkpolicy_3.1.bb
new file mode 100644
index 0000000..71045b8
--- /dev/null
+++ b/recipes-security/selinux/checkpolicy_3.1.bb
@@ -0,0 +1,7 @@
+require selinux_20200710.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "1302676cd8853f740a963fd6d5bb4172"
+SRC_URI[sha256sum] = "dfc7707070520c93b14fbbdfdbe081364d806bf28e3e79e10318c2594c77bbb2"
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [meta-selinux][PATCH 09/17] secilc: upgrade to 3.1 (20200710)
2021-01-07 3:43 [meta-selinux][PATCH 00/17] selinux: upgrade 3.0 -> 3.1 Yi Zhao
` (7 preceding siblings ...)
2021-01-07 3:43 ` [meta-selinux][PATCH 08/17] checkpolicy: upgrade to 3.0 (20191204) Yi Zhao
@ 2021-01-07 3:43 ` Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 10/17] policycoreutils: " Yi Zhao
` (7 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Yi Zhao @ 2021-01-07 3:43 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/selinux/secilc_3.0.bb | 7 -------
recipes-security/selinux/secilc_3.1.bb | 7 +++++++
2 files changed, 7 insertions(+), 7 deletions(-)
delete mode 100644 recipes-security/selinux/secilc_3.0.bb
create mode 100644 recipes-security/selinux/secilc_3.1.bb
diff --git a/recipes-security/selinux/secilc_3.0.bb b/recipes-security/selinux/secilc_3.0.bb
deleted file mode 100644
index 71b6cff..0000000
--- a/recipes-security/selinux/secilc_3.0.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-require selinux_20191204.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=c7e802b9a3b0c2c852669864c08b9138"
-
-SRC_URI[md5sum] = "be7ec221b874053a843ef90e49daa5cf"
-SRC_URI[sha256sum] = "78fafc4a8a8a212663d3d1e181047f5605430f0a0577ff772a4bb7fecd2b42b0"
diff --git a/recipes-security/selinux/secilc_3.1.bb b/recipes-security/selinux/secilc_3.1.bb
new file mode 100644
index 0000000..c1fb36b
--- /dev/null
+++ b/recipes-security/selinux/secilc_3.1.bb
@@ -0,0 +1,7 @@
+require selinux_20200710.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=c7e802b9a3b0c2c852669864c08b9138"
+
+SRC_URI[md5sum] = "f9743e405a8de331c249b723c09c6c3f"
+SRC_URI[sha256sum] = "86117246fec3017af710a9ff7c1dae3ed1cd571e232a86cff3e2a3de2d6aa65c"
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [meta-selinux][PATCH 10/17] policycoreutils: upgrade to 3.1 (20200710)
2021-01-07 3:43 [meta-selinux][PATCH 00/17] selinux: upgrade 3.0 -> 3.1 Yi Zhao
` (8 preceding siblings ...)
2021-01-07 3:43 ` [meta-selinux][PATCH 09/17] secilc: upgrade to 3.1 (20200710) Yi Zhao
@ 2021-01-07 3:43 ` Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 11/17] mcstrans: " Yi Zhao
` (6 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Yi Zhao @ 2021-01-07 3:43 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/selinux/policycoreutils_3.0.bb | 7 -------
recipes-security/selinux/policycoreutils_3.1.bb | 7 +++++++
2 files changed, 7 insertions(+), 7 deletions(-)
delete mode 100644 recipes-security/selinux/policycoreutils_3.0.bb
create mode 100644 recipes-security/selinux/policycoreutils_3.1.bb
diff --git a/recipes-security/selinux/policycoreutils_3.0.bb b/recipes-security/selinux/policycoreutils_3.0.bb
deleted file mode 100644
index a4e0287..0000000
--- a/recipes-security/selinux/policycoreutils_3.0.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-require selinux_20191204.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "7e95941f1ac00b25b69c7157d49a375f"
-SRC_URI[sha256sum] = "3379c9bd722e36be9bf8856c6fa373bfa9b33305ac9da5fc807cfe7fa605f489"
diff --git a/recipes-security/selinux/policycoreutils_3.1.bb b/recipes-security/selinux/policycoreutils_3.1.bb
new file mode 100644
index 0000000..f56d1c3
--- /dev/null
+++ b/recipes-security/selinux/policycoreutils_3.1.bb
@@ -0,0 +1,7 @@
+require selinux_20200710.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "3097ac2c83e47af130452f10399282cb"
+SRC_URI[sha256sum] = "c889f62ee80f8b6a369469a9b8af51f5b797975aeaa291f5c5960cc12eed1934"
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [meta-selinux][PATCH 11/17] mcstrans: upgrade to 3.1 (20200710)
2021-01-07 3:43 [meta-selinux][PATCH 00/17] selinux: upgrade 3.0 -> 3.1 Yi Zhao
` (9 preceding siblings ...)
2021-01-07 3:43 ` [meta-selinux][PATCH 10/17] policycoreutils: " Yi Zhao
@ 2021-01-07 3:43 ` Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 12/17] restorecond: " Yi Zhao
` (5 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Yi Zhao @ 2021-01-07 3:43 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/selinux/mcstrans.inc | 6 ++++--
recipes-security/selinux/mcstrans_3.0.bb | 7 -------
recipes-security/selinux/mcstrans_3.1.bb | 7 +++++++
3 files changed, 11 insertions(+), 9 deletions(-)
delete mode 100644 recipes-security/selinux/mcstrans_3.0.bb
create mode 100644 recipes-security/selinux/mcstrans_3.1.bb
diff --git a/recipes-security/selinux/mcstrans.inc b/recipes-security/selinux/mcstrans.inc
index b9c670b..52b95c6 100644
--- a/recipes-security/selinux/mcstrans.inc
+++ b/recipes-security/selinux/mcstrans.inc
@@ -14,8 +14,10 @@ inherit systemd update-rc.d
DEPENDS += "libsepol libselinux libcap"
-# We do not need "${D}/" as a prefix anymore.
-EXTRA_OEMAKE += "SBINDIR=${base_sbindir} INITDIR=${sysconfdir}/init.d"
+EXTRA_OEMAKE += "SBINDIR=${base_sbindir} \
+ INITDIR=${sysconfdir}/init.d \
+ SYSTEMDDIR=${systemd_unitdir} \
+ "
do_install_append() {
install -d ${D}${sbindir}
diff --git a/recipes-security/selinux/mcstrans_3.0.bb b/recipes-security/selinux/mcstrans_3.0.bb
deleted file mode 100644
index 27ddfce..0000000
--- a/recipes-security/selinux/mcstrans_3.0.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-require selinux_20191204.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
-
-SRC_URI[md5sum] = "0edc58a4d65425ffa5d58d32bf412352"
-SRC_URI[sha256sum] = "0992b8e7c4de1ba5f98a82547b02418370be5a5f588fc6d5f1cd2c7824bda87e"
diff --git a/recipes-security/selinux/mcstrans_3.1.bb b/recipes-security/selinux/mcstrans_3.1.bb
new file mode 100644
index 0000000..26bb299
--- /dev/null
+++ b/recipes-security/selinux/mcstrans_3.1.bb
@@ -0,0 +1,7 @@
+require selinux_20200710.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
+
+SRC_URI[md5sum] = "18b7bf8193dd2360bc60f0e2639009ab"
+SRC_URI[sha256sum] = "cc918576c17340fc944849d785e2a7400b269ef079a36b871c140504164d6a45"
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [meta-selinux][PATCH 12/17] restorecond: upgrade to 3.1 (20200710)
2021-01-07 3:43 [meta-selinux][PATCH 00/17] selinux: upgrade 3.0 -> 3.1 Yi Zhao
` (10 preceding siblings ...)
2021-01-07 3:43 ` [meta-selinux][PATCH 11/17] mcstrans: " Yi Zhao
@ 2021-01-07 3:43 ` Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 13/17] selinux-python: " Yi Zhao
` (4 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Yi Zhao @ 2021-01-07 3:43 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/selinux/restorecond.inc | 14 +++++++++++++-
recipes-security/selinux/restorecond_3.0.bb | 7 -------
recipes-security/selinux/restorecond_3.1.bb | 7 +++++++
3 files changed, 20 insertions(+), 8 deletions(-)
delete mode 100644 recipes-security/selinux/restorecond_3.0.bb
create mode 100644 recipes-security/selinux/restorecond_3.1.bb
diff --git a/recipes-security/selinux/restorecond.inc b/recipes-security/selinux/restorecond.inc
index d168303..a5b1635 100644
--- a/recipes-security/selinux/restorecond.inc
+++ b/recipes-security/selinux/restorecond.inc
@@ -15,10 +15,22 @@ inherit systemd update-rc.d
DEPENDS += "libsepol libselinux libpcre dbus-glib glib-2.0 pkgconfig-native"
+EXTRA_OEMAKE += "SYSTEMDSYSTEMUNITDIR=${systemd_system_unitdir} \
+ SYSTEMDUSERUNITDIR=${systemd_user_unitdir} \
+ "
+
FILES_${PN} += "${datadir}/dbus-1/services/org.selinux.Restorecond.service \
-"
+ ${systemd_user_unitdir}/* \
+ "
SYSTEMD_SERVICE_restorecond = "restorecond.service"
INITSCRIPT_PACKAGES = "restorecond"
INITSCRIPT_NAME_restorecond = "restorecond"
INITSCRIPT_PARAMS_restorecond = "defaults"
+
+do_install_append() {
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'false', 'true', d)}; then
+ # remove /usr/lib/systemd/user
+ rm -rf ${D}${nonarch_libdir}
+ fi
+}
diff --git a/recipes-security/selinux/restorecond_3.0.bb b/recipes-security/selinux/restorecond_3.0.bb
deleted file mode 100644
index 8c840c9..0000000
--- a/recipes-security/selinux/restorecond_3.0.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-require selinux_20191204.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "f32edbd8a1f724ef1e4fa70bf9e22685"
-SRC_URI[sha256sum] = "32a92c9f4bf48c613f9f467ced58d8c369eec8892239cd44d5d0e139b41926dc"
diff --git a/recipes-security/selinux/restorecond_3.1.bb b/recipes-security/selinux/restorecond_3.1.bb
new file mode 100644
index 0000000..d4e0d06
--- /dev/null
+++ b/recipes-security/selinux/restorecond_3.1.bb
@@ -0,0 +1,7 @@
+require selinux_20200710.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "8daf761739a150a7a29bb491726a6cd9"
+SRC_URI[sha256sum] = "82ca45099685a45d718f11f8859963c1ba83d98e510312cbf0b7dc5664c60ad0"
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [meta-selinux][PATCH 13/17] selinux-python: upgrade to 3.1 (20200710)
2021-01-07 3:43 [meta-selinux][PATCH 00/17] selinux: upgrade 3.0 -> 3.1 Yi Zhao
` (11 preceding siblings ...)
2021-01-07 3:43 ` [meta-selinux][PATCH 12/17] restorecond: " Yi Zhao
@ 2021-01-07 3:43 ` Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 14/17] selinux-dbus: " Yi Zhao
` (3 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Yi Zhao @ 2021-01-07 3:43 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Refresh patch:
fix-sepolicy-install-path.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
.../selinux-python/fix-sepolicy-install-path.patch | 12 ++++++------
recipes-security/selinux/selinux-python_3.0.bb | 7 -------
recipes-security/selinux/selinux-python_3.1.bb | 7 +++++++
3 files changed, 13 insertions(+), 13 deletions(-)
delete mode 100644 recipes-security/selinux/selinux-python_3.0.bb
create mode 100644 recipes-security/selinux/selinux-python_3.1.bb
diff --git a/recipes-security/selinux/selinux-python/fix-sepolicy-install-path.patch b/recipes-security/selinux/selinux-python/fix-sepolicy-install-path.patch
index 527e02c..4e91df7 100644
--- a/recipes-security/selinux/selinux-python/fix-sepolicy-install-path.patch
+++ b/recipes-security/selinux/selinux-python/fix-sepolicy-install-path.patch
@@ -1,7 +1,7 @@
-From e8fdfdf96a84209118deff7782cf82f8187af6c5 Mon Sep 17 00:00:00 2001
+From df40fadfb251cc2aebdbd2e216f99a8ae7da7763 Mon Sep 17 00:00:00 2001
From: Xin Ouyang <Xin.Ouyang@windriver.com>
Date: Mon, 23 Sep 2013 21:17:59 +0800
-Subject: [PATCH] policycoreutils: fix install path for new pymodule sepolicy
+Subject: [PATCH] sepolicy: fix install path for new pymodule sepolicy
Upstream-Status: Inappropriate [embedded specific]
@@ -13,18 +13,18 @@ Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sepolicy/Makefile b/sepolicy/Makefile
-index 69f29fa..b474d80 100644
+index 3361be4..5842321 100644
--- a/sepolicy/Makefile
+++ b/sepolicy/Makefile
@@ -27,7 +27,7 @@ test:
@$(PYTHON) test_sepolicy.py -v
install:
-- $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
-+ $(PYTHON) setup.py install --prefix=$(PREFIX) --root=$(DESTDIR) --install-lib=$(PYTHONLIBDIR) --no-compile
+- $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` $(PYTHON_SETUP_ARGS)
++ $(PYTHON) setup.py install --prefix=$(PREFIX) --root=$(DESTDIR) --install-lib=$(PYTHONLIBDIR) --no-compile $(PYTHON_SETUP_ARGS)
[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy
(cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen)
--
-2.7.4
+2.17.1
diff --git a/recipes-security/selinux/selinux-python_3.0.bb b/recipes-security/selinux/selinux-python_3.0.bb
deleted file mode 100644
index 8222d28..0000000
--- a/recipes-security/selinux/selinux-python_3.0.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-require selinux_20191204.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "aa018c9b1b26034f84f3f427adac08be"
-SRC_URI[sha256sum] = "43c08fa881ccc64251d396b1ac6c56b354bf98421b4ec937d54a8db190135494"
diff --git a/recipes-security/selinux/selinux-python_3.1.bb b/recipes-security/selinux/selinux-python_3.1.bb
new file mode 100644
index 0000000..a0555d2
--- /dev/null
+++ b/recipes-security/selinux/selinux-python_3.1.bb
@@ -0,0 +1,7 @@
+require selinux_20200710.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "ec75687b680e0dd63e3ded05bd41cb5a"
+SRC_URI[sha256sum] = "f4d0a1a030bc291a6af498b26e0676b745075dd289a8ba16cdec86c3ea8f2f02"
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [meta-selinux][PATCH 14/17] selinux-dbus: upgrade to 3.1 (20200710)
2021-01-07 3:43 [meta-selinux][PATCH 00/17] selinux: upgrade 3.0 -> 3.1 Yi Zhao
` (12 preceding siblings ...)
2021-01-07 3:43 ` [meta-selinux][PATCH 13/17] selinux-python: " Yi Zhao
@ 2021-01-07 3:43 ` Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 15/17] selinux-sandbox: " Yi Zhao
` (2 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Yi Zhao @ 2021-01-07 3:43 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/selinux/selinux-dbus_3.0.bb | 7 -------
recipes-security/selinux/selinux-dbus_3.1.bb | 7 +++++++
2 files changed, 7 insertions(+), 7 deletions(-)
delete mode 100644 recipes-security/selinux/selinux-dbus_3.0.bb
create mode 100644 recipes-security/selinux/selinux-dbus_3.1.bb
diff --git a/recipes-security/selinux/selinux-dbus_3.0.bb b/recipes-security/selinux/selinux-dbus_3.0.bb
deleted file mode 100644
index afae77b..0000000
--- a/recipes-security/selinux/selinux-dbus_3.0.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-require selinux_20191204.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "775f058ea19f424d99ce3bd13297234c"
-SRC_URI[sha256sum] = "95d75603444c3eeaebf25da3de6febb6e1567d5f5d93cde5a4b73c88ef6c4f28"
diff --git a/recipes-security/selinux/selinux-dbus_3.1.bb b/recipes-security/selinux/selinux-dbus_3.1.bb
new file mode 100644
index 0000000..04e7565
--- /dev/null
+++ b/recipes-security/selinux/selinux-dbus_3.1.bb
@@ -0,0 +1,7 @@
+require selinux_20200710.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "b6ad8b3d8497782c6ed480514dfc8ee8"
+SRC_URI[sha256sum] = "61f936d200ff8302c513883c67bb7c4c496513e78122954cbd33db62086a06f2"
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [meta-selinux][PATCH 15/17] selinux-sandbox: upgrade to 3.1 (20200710)
2021-01-07 3:43 [meta-selinux][PATCH 00/17] selinux: upgrade 3.0 -> 3.1 Yi Zhao
` (13 preceding siblings ...)
2021-01-07 3:43 ` [meta-selinux][PATCH 14/17] selinux-dbus: " Yi Zhao
@ 2021-01-07 3:43 ` Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 16/17] selinux-gui: " Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 17/17] semodule-utils: " Yi Zhao
16 siblings, 0 replies; 18+ messages in thread
From: Yi Zhao @ 2021-01-07 3:43 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/selinux/selinux-sandbox_3.0.bb | 7 -------
recipes-security/selinux/selinux-sandbox_3.1.bb | 7 +++++++
2 files changed, 7 insertions(+), 7 deletions(-)
delete mode 100644 recipes-security/selinux/selinux-sandbox_3.0.bb
create mode 100644 recipes-security/selinux/selinux-sandbox_3.1.bb
diff --git a/recipes-security/selinux/selinux-sandbox_3.0.bb b/recipes-security/selinux/selinux-sandbox_3.0.bb
deleted file mode 100644
index a60f52c..0000000
--- a/recipes-security/selinux/selinux-sandbox_3.0.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-require selinux_20191204.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "81447c46bf4cae9a5fa38c5fb8dc923e"
-SRC_URI[sha256sum] = "66fb4ea3a9e3d1e6004f13666b8390be751dd226a8496b995ed0332788758d0a"
diff --git a/recipes-security/selinux/selinux-sandbox_3.1.bb b/recipes-security/selinux/selinux-sandbox_3.1.bb
new file mode 100644
index 0000000..8a95044
--- /dev/null
+++ b/recipes-security/selinux/selinux-sandbox_3.1.bb
@@ -0,0 +1,7 @@
+require selinux_20200710.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "d38fda12b028c06f751be9c25e309c6b"
+SRC_URI[sha256sum] = "c79b958e2f64570a59e60638fd13c15fd77c7c2bbac31c7ad4afb03718432b84"
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [meta-selinux][PATCH 16/17] selinux-gui: upgrade to 3.1 (20200710)
2021-01-07 3:43 [meta-selinux][PATCH 00/17] selinux: upgrade 3.0 -> 3.1 Yi Zhao
` (14 preceding siblings ...)
2021-01-07 3:43 ` [meta-selinux][PATCH 15/17] selinux-sandbox: " Yi Zhao
@ 2021-01-07 3:43 ` Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 17/17] semodule-utils: " Yi Zhao
16 siblings, 0 replies; 18+ messages in thread
From: Yi Zhao @ 2021-01-07 3:43 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/selinux/selinux-gui_3.0.bb | 7 -------
recipes-security/selinux/selinux-gui_3.1.bb | 7 +++++++
2 files changed, 7 insertions(+), 7 deletions(-)
delete mode 100644 recipes-security/selinux/selinux-gui_3.0.bb
create mode 100644 recipes-security/selinux/selinux-gui_3.1.bb
diff --git a/recipes-security/selinux/selinux-gui_3.0.bb b/recipes-security/selinux/selinux-gui_3.0.bb
deleted file mode 100644
index e937836..0000000
--- a/recipes-security/selinux/selinux-gui_3.0.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-require selinux_20191204.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "988a564eccc01feb8cc6fa49630efc6d"
-SRC_URI[sha256sum] = "e9e9b599950a30857b0954bf10853ea50efb7de68a5ae756a27b8d03ccc44348"
diff --git a/recipes-security/selinux/selinux-gui_3.1.bb b/recipes-security/selinux/selinux-gui_3.1.bb
new file mode 100644
index 0000000..3038ebc
--- /dev/null
+++ b/recipes-security/selinux/selinux-gui_3.1.bb
@@ -0,0 +1,7 @@
+require selinux_20200710.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "1e0ea65dfb2b5408969bbe55f6f9d04e"
+SRC_URI[sha256sum] = "40775eaef965259ca2f8ad49c23b03ff2c8f70808a9e0587b1075970b2509c3d"
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [meta-selinux][PATCH 17/17] semodule-utils: upgrade to 3.1 (20200710)
2021-01-07 3:43 [meta-selinux][PATCH 00/17] selinux: upgrade 3.0 -> 3.1 Yi Zhao
` (15 preceding siblings ...)
2021-01-07 3:43 ` [meta-selinux][PATCH 16/17] selinux-gui: " Yi Zhao
@ 2021-01-07 3:43 ` Yi Zhao
16 siblings, 0 replies; 18+ messages in thread
From: Yi Zhao @ 2021-01-07 3:43 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/selinux/semodule-utils_3.0.bb | 7 -------
recipes-security/selinux/semodule-utils_3.1.bb | 7 +++++++
2 files changed, 7 insertions(+), 7 deletions(-)
delete mode 100644 recipes-security/selinux/semodule-utils_3.0.bb
create mode 100644 recipes-security/selinux/semodule-utils_3.1.bb
diff --git a/recipes-security/selinux/semodule-utils_3.0.bb b/recipes-security/selinux/semodule-utils_3.0.bb
deleted file mode 100644
index bccc707..0000000
--- a/recipes-security/selinux/semodule-utils_3.0.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-require selinux_20191204.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "58b0e4b85695dad6aff70c69f7a417fd"
-SRC_URI[sha256sum] = "14ee2db21f36766ffbbb65770f8e7236d21675db9f0f5d40f50974711da598cf"
diff --git a/recipes-security/selinux/semodule-utils_3.1.bb b/recipes-security/selinux/semodule-utils_3.1.bb
new file mode 100644
index 0000000..02a63f8
--- /dev/null
+++ b/recipes-security/selinux/semodule-utils_3.1.bb
@@ -0,0 +1,7 @@
+require selinux_20200710.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "d9520d0cdef3d1be412155dc72ec2936"
+SRC_URI[sha256sum] = "0cc37f9cec751d9c2abb5f2b228b060567e973cb47c19b53b8a4a7378baaa853"
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
end of thread, other threads:[~2021-01-07 3:44 UTC | newest]
Thread overview: 18+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-07 3:43 [meta-selinux][PATCH 00/17] selinux: upgrade 3.0 -> 3.1 Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 01/17] audit: enable arm/aarch64 processor support by default Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 02/17] audit: upgrade 2.8.5 -> 3.0 Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 03/17] selinux: upgrade inc files to 3.1 (20200710) Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 04/17] libsepol: upgrade " Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 05/17] libselinux: " Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 06/17] libselinux-python: " Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 07/17] libsemanage: " Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 08/17] checkpolicy: upgrade to 3.0 (20191204) Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 09/17] secilc: upgrade to 3.1 (20200710) Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 10/17] policycoreutils: " Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 11/17] mcstrans: " Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 12/17] restorecond: " Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 13/17] selinux-python: " Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 14/17] selinux-dbus: " Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 15/17] selinux-sandbox: " Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 16/17] selinux-gui: " Yi Zhao
2021-01-07 3:43 ` [meta-selinux][PATCH 17/17] semodule-utils: " Yi Zhao
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.