* [Buildroot] [git commit] package/refpolicy: bump version to 2.20210908
@ 2021-09-20 19:13 Arnout Vandecappelle
0 siblings, 0 replies; only message in thread
From: Arnout Vandecappelle @ 2021-09-20 19:13 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=78e0af476228ffacc83b4840d401a75eb5b625ff
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
- Drop upstreamed patches
- Add Upstream status to remaining patch
- Update indentation in hash file (two spaces)
- Fix the following build failure with wireshark raised since commit
975ab2fa88a0c94b362499ea8ad99222f335fb45 thanks to
https://github.com/SELinuxProject/refpolicy/commit/d5c571c85567fe191fcc64dfb99b36788f806ceb:
Compiling targeted policy.31
env LD_LIBRARY_PATH="/tmp/instance-0/output-1/host/lib:/tmp/instance-0/output-1/host/usr/lib" /tmp/instance-0/output-1/host/usr/bin/checkpolicy -c 31 -U deny -S -O -E policy.conf -o policy.31
policy/modules/apps/wireshark.te:96:ERROR 'unknown type xdg_downloads_t' at token ';' on line 645315:
#line 96
allow wireshark_t xdg_downloads_t:dir { getattr search open };
checkpolicy: error(s) encountered while parsing configuration
make[1]: *** [Rules.monolithic:79: policy.31] Error 1
https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20210908
Fixes:
- http://autobuild.buildroot.org/results/dfbc667e0c17072ddab89a03244f572d5234da50
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
---
...les-services-minidlna.te-make-xdg-optiona.patch | 52 ----------------------
...es-services-samba.te-make-crack-optional.patch} | 1 +
...dules-services-cvs.te-make-inetd-optional.patch | 37 ---------------
...les-services-ifplugd.te-make-netutils-opt.patch | 48 --------------------
...modules-services-ftp-te-make-ssh-optional.patch | 44 ------------------
package/refpolicy/refpolicy.hash | 4 +-
package/refpolicy/refpolicy.mk | 4 +-
7 files changed, 5 insertions(+), 185 deletions(-)
diff --git a/package/refpolicy/0001-policy-modules-services-minidlna.te-make-xdg-optiona.patch b/package/refpolicy/0001-policy-modules-services-minidlna.te-make-xdg-optiona.patch
deleted file mode 100644
index c4e98ad141..0000000000
--- a/package/refpolicy/0001-policy-modules-services-minidlna.te-make-xdg-optiona.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 65c87bdfb1c895934582988f03f1c9c452c1426b Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Sun, 25 Jul 2021 17:59:15 +0200
-Subject: [PATCH] policy/modules/services/minidlna.te: make xdg optional
-
-Make xdg optional to avoid the following build failure:
-
- Compiling targeted policy.28
- env LD_LIBRARY_PATH="/home/buildroot/autobuild/instance-1/output-1/host/lib:/home/buildroot/autobuild/instance-1/output-1/host/usr/lib" /home/buildroot/autobuild/instance-1/output-1/host/usr/bin/checkpolicy -c 28 -U deny -S -O -E policy.conf -o policy.28
- policy/modules/services/minidlna.te:85:ERROR 'unknown type xdg_music_t' at token ';' on line 146109:
- #line 85
- allow minidlna_t xdg_music_t:dir { getattr search open };
- checkpolicy: error(s) encountered while parsing configuration
- Rules.monolithic:78: recipe for target 'policy.28' failed
-
-Fixes:
- - http://autobuild.buildroot.org/results/52490172afd9b72b08a7deb0bd3c2124398bbffa/build-end.log
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status: https://github.com/SELinuxProject/refpolicy/pull/396]
----
- policy/modules/services/minidlna.te | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/policy/modules/services/minidlna.te b/policy/modules/services/minidlna.te
-index b980d2707..4d87e8ee7 100644
---- a/policy/modules/services/minidlna.te
-+++ b/policy/modules/services/minidlna.te
-@@ -82,10 +82,6 @@ logging_search_logs(minidlna_t)
- miscfiles_read_localization(minidlna_t)
- miscfiles_read_public_files(minidlna_t)
-
--xdg_read_music(minidlna_t)
--xdg_read_pictures(minidlna_t)
--xdg_read_videos(minidlna_t)
--
- tunable_policy(`minidlna_read_generic_user_content',`
- userdom_list_user_tmp(minidlna_t)
- userdom_read_user_home_content_files(minidlna_t)
-@@ -101,3 +97,9 @@ tunable_policy(`minidlna_read_generic_user_content',`
- userdom_dontaudit_read_user_home_content_files(minidlna_t)
- userdom_dontaudit_read_user_tmp_files(minidlna_t)
- ')
-+
-+optional_policy(`
-+ xdg_read_music(minidlna_t)
-+ xdg_read_pictures(minidlna_t)
-+ xdg_read_videos(minidlna_t)
-+')
---
-2.30.2
-
diff --git a/package/refpolicy/0005-policy-modules-services-samba.te-make-crack-optional.patch b/package/refpolicy/0001-policy-modules-services-samba.te-make-crack-optional.patch
similarity index 97%
rename from package/refpolicy/0005-policy-modules-services-samba.te-make-crack-optional.patch
rename to package/refpolicy/0001-policy-modules-services-samba.te-make-crack-optional.patch
index f5cc356aeb..2dae5d4a76 100644
--- a/package/refpolicy/0005-policy-modules-services-samba.te-make-crack-optional.patch
+++ b/package/refpolicy/0001-policy-modules-services-samba.te-make-crack-optional.patch
@@ -16,6 +16,7 @@ Fixes:
- http://autobuild.buildroot.org/results/ab7098948d1920e42fa587e07f0513f23ba7fc74
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: https://github.com/SELinuxProject/refpolicy/pull/407]
---
policy/modules/services/samba.te | 32 ++++++++++++++++++--------------
1 file changed, 18 insertions(+), 14 deletions(-)
diff --git a/package/refpolicy/0002-policy-modules-services-cvs.te-make-inetd-optional.patch b/package/refpolicy/0002-policy-modules-services-cvs.te-make-inetd-optional.patch
deleted file mode 100644
index 298f99c474..0000000000
--- a/package/refpolicy/0002-policy-modules-services-cvs.te-make-inetd-optional.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 21b0a5bc50e15e9af7edb3edad9fac0bf03f7028 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Fri, 30 Jul 2021 23:11:38 +0200
-Subject: [PATCH] policy/modules/services/cvs.te: make inetd optional
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status: not sent yet]
----
- policy/modules/services/cvs.te | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/policy/modules/services/cvs.te b/policy/modules/services/cvs.te
-index f2f60556c..61589228f 100644
---- a/policy/modules/services/cvs.te
-+++ b/policy/modules/services/cvs.te
-@@ -15,7 +15,6 @@ gen_tunable(allow_cvs_read_shadow, false)
-
- type cvs_t;
- type cvs_exec_t;
--inetd_tcp_service_domain(cvs_t, cvs_exec_t)
- init_daemon_domain(cvs_t, cvs_exec_t)
- application_executable_file(cvs_exec_t)
-
-@@ -98,6 +97,10 @@ tunable_policy(`allow_cvs_read_shadow',`
- auth_tunable_read_shadow(cvs_t)
- ')
-
-+optional_policy(`
-+ inetd_tcp_service_domain(cvs_t, cvs_exec_t)
-+')
-+
- optional_policy(`
- kerberos_read_config(cvs_t)
- kerberos_read_keytab(cvs_t)
---
-2.30.2
-
diff --git a/package/refpolicy/0003-policy-modules-services-ifplugd.te-make-netutils-opt.patch b/package/refpolicy/0003-policy-modules-services-ifplugd.te-make-netutils-opt.patch
deleted file mode 100644
index b43354ed2b..0000000000
--- a/package/refpolicy/0003-policy-modules-services-ifplugd.te-make-netutils-opt.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 6dcfb6715de75677165221ee5bd8d4db6e4a01a7 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Sat, 31 Jul 2021 10:58:42 +0200
-Subject: [PATCH] policy/modules/services/ifplugd.te: make netutils
- optional
-
-Make netutils optional to avoid the following build failure:
-
- Compiling targeted policy.30
- env LD_LIBRARY_PATH="/tmp/instance-3/output-1/host/lib:/tmp/instance-3/output-1/host/usr/lib" /tmp/instance-3/output-1/host/usr/bin/checkpolicy -c 30 -U deny -S -O -E policy.conf -o policy.30
- policy/modules/services/ifplugd.te:62:ERROR 'type netutils_exec_t is not within scope' at token ';' on line 73694:
- #line 62
- allow ifplugd_t netutils_exec_t:file { getattr open map read execute ioctl };
- checkpolicy: error(s) encountered while parsing configuration
-
-Fixes:
- - http://autobuild.buildroot.org/results/1e27f5b193d40dfb7c73fbe15d1bef91cb92c27d
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status: not sent yet]
----
- policy/modules/services/ifplugd.te | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/policy/modules/services/ifplugd.te b/policy/modules/services/ifplugd.te
-index f49b147f7..550eecca4 100644
---- a/policy/modules/services/ifplugd.te
-+++ b/policy/modules/services/ifplugd.te
-@@ -59,8 +59,6 @@ logging_send_syslog_msg(ifplugd_t)
-
- miscfiles_read_localization(ifplugd_t)
-
--netutils_domtrans(ifplugd_t)
--
- sysnet_domtrans_ifconfig(ifplugd_t)
- sysnet_domtrans_dhcpc(ifplugd_t)
- sysnet_delete_dhcpc_runtime_files(ifplugd_t)
-@@ -70,3 +68,7 @@ sysnet_signal_dhcpc(ifplugd_t)
- optional_policy(`
- consoletype_exec(ifplugd_t)
- ')
-+
-+optional_policy(`
-+ netutils_domtrans(ifplugd_t)
-+')
---
-2.30.2
-
diff --git a/package/refpolicy/0004-policy-modules-services-ftp-te-make-ssh-optional.patch b/package/refpolicy/0004-policy-modules-services-ftp-te-make-ssh-optional.patch
deleted file mode 100644
index 9269c7aff8..0000000000
--- a/package/refpolicy/0004-policy-modules-services-ftp-te-make-ssh-optional.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From f26d4bc1b2a7b781c67891cb3bf4579c6582d630 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Fri, 30 Jul 2021 22:40:20 +0200
-Subject: [PATCH] policy/modules/services/ftp.te: make ssh optional
-
-Make ssh optional to avoid the following build failure:
-
- Compiling targeted policy.30
- env LD_LIBRARY_PATH="/home/fabrice/buildroot/output/host/lib:/home/fabrice/buildroot/output/host/usr/lib" /home/fabrice/buildroot/output/host/usr/bin/checkpolicy -c 30 -U deny -S -O -E policy.conf -o policy.30
- policy/modules/services/ftp.te:484:ERROR 'type ssh_home_t is not within scope' at token ';' on line 92051:
- allow sftpd_t ssh_home_t:dir { open read getattr lock search ioctl add_name remove_name write };
- #line 484
- checkpolicy: error(s) encountered while parsing configuration
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- policy/modules/services/ftp.te | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/policy/modules/services/ftp.te b/policy/modules/services/ftp.te
-index 0d84da71cf..5686b22581 100644
---- a/policy/modules/services/ftp.te
-+++ b/policy/modules/services/ftp.te
-@@ -481,10 +481,6 @@ tunable_policy(`sftpd_full_access',`
- files_manage_non_auth_files(sftpd_t)
- ')
-
--tunable_policy(`sftpd_write_ssh_home',`
-- ssh_manage_home_files(sftpd_t)
--')
--
- tunable_policy(`use_samba_home_dirs',`
- fs_list_cifs(sftpd_t)
- fs_read_cifs_files(sftpd_t)
-@@ -496,3 +492,9 @@ tunable_policy(`use_nfs_home_dirs',`
- fs_read_nfs_files(sftpd_t)
- fs_read_nfs_symlinks(ftpd_t)
- ')
-+
-+optional_policy(`
-+ tunable_policy(`sftpd_write_ssh_home',`
-+ ssh_manage_home_files(sftpd_t)
-+ ')
-+')
diff --git a/package/refpolicy/refpolicy.hash b/package/refpolicy/refpolicy.hash
index 6c33a4d974..b8f6f023eb 100644
--- a/package/refpolicy/refpolicy.hash
+++ b/package/refpolicy/refpolicy.hash
@@ -1,5 +1,5 @@
# From https://github.com/SELinuxProject/refpolicy/releases
-sha256 48cbf2c63ff9003bef05e03c8d3cdddb4e8f63fef2a072ae51c987301f0b874d refpolicy-2.20210203.tar.bz2
+sha256 4d3140d9fbb91322f5de36d73959464ce1d8946dcd149e36fcaf60e92444e902 refpolicy-2.20210908.tar.bz2
# Locally computed
-sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 COPYING
+sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 COPYING
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
index a42483dba2..eb345d0f98 100644
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@@ -22,9 +22,9 @@ REFPOLICY_SITE = $(call qstrip,$(BR2_PACKAGE_REFPOLICY_CUSTOM_REPO_URL))
REFPOLICY_SITE_METHOD = git
BR_NO_CHECK_HASH_FOR += $(REFPOLICY_SOURCE)
else
-REFPOLICY_VERSION = 2.20210203
+REFPOLICY_VERSION = 2.20210908
REFPOLICY_SOURCE = refpolicy-$(REFPOLICY_VERSION).tar.bz2
-REFPOLICY_SITE = https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20210203
+REFPOLICY_SITE = https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_$(subst .,_,$(REFPOLICY_VERSION))
endif
# Cannot use multiple threads to build the reference policy
_______________________________________________
buildroot mailing list
buildroot@lists.buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-09-21 5:21 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-20 19:13 [Buildroot] [git commit] package/refpolicy: bump version to 2.20210908 Arnout Vandecappelle
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.