* [Buildroot] [PATCH 1/3] refpolicy: new package
@ 2017-05-10 17:46 Adam Duskett
2017-05-10 17:46 ` [Buildroot] [PATCH 2/3] refpolicy: add ability to specify policy version Adam Duskett
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Adam Duskett @ 2017-05-10 17:46 UTC (permalink / raw)
To: buildroot
The patch is for adding selinux reference policy (refpolicy).
It is a complete SELinux policy that can be used as the system policy
for a variety of systems and used as the basis for creating other policies.
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
---
package/Config.in | 1 +
package/refpolicy/Config.in | 29 ++++++++++++++++++++++++
package/refpolicy/refpolicy.hash | 2 ++
package/refpolicy/refpolicy.mk | 49 ++++++++++++++++++++++++++++++++++++++++
4 files changed, 81 insertions(+)
create mode 100644 package/refpolicy/Config.in
create mode 100644 package/refpolicy/refpolicy.hash
create mode 100644 package/refpolicy/refpolicy.mk
diff --git a/package/Config.in b/package/Config.in
index d57813c..6aa6885 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1754,6 +1754,7 @@ endmenu
menu "Security"
source "package/checkpolicy/Config.in"
source "package/policycoreutils/Config.in"
+ source "package/refpolicy/Config.in"
source "package/sepolgen/Config.in"
source "package/setools/Config.in"
endmenu
diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
new file mode 100644
index 0000000..e772cac
--- /dev/null
+++ b/package/refpolicy/Config.in
@@ -0,0 +1,29 @@
+config BR2_PACKAGE_REFPOLICY
+ bool "refpolicy"
+ depends on BR2_TOOLCHAIN_HAS_THREADS # policycoreutils
+ depends on BR2_TOOLCHAIN_USES_GLIBC # policycoreutils
+ select BR2_PACKAGE_POLICYCOREUTILS
+ select BR2_PACKAGE_BUSYBOX_SELINUX if BR2_PACKAGE_BUSYBOX
+ help
+ The SELinux Reference Policy project (refpolicy) is a
+ complete SELinux policy that can be used as the system
+ policy for a variety of systems and used as the basis
+ for creating other policies. Reference Policy was originally
+ based on the NSA example policy, but aims to accomplish
+ many additional goals.
+
+ The current refpolicy does not fully support Buildroot
+ and needs modifications to work with the default system
+ file layout. These changes should be added as patches to
+ the refpolicy that modify a single SELinux policy.
+
+ The refpolicy works for the most part in permissive mode. Only
+ the basic set of utilities are enabled in the example policy
+ config and some of the pathing in the policies is not correct.
+ Individual policies would need to be tweaked to get everything
+ functioning properly.
+
+ https://github.com/TresysTechnology/refpolicy
+
+comment "refpolicy needs a toolchain w/ threads, glibc"
+ depends on !BR2_TOOLCHAIN_HAS_THREADS || !BR2_TOOLCHAIN_USES_GLIBC
diff --git a/package/refpolicy/refpolicy.hash b/package/refpolicy/refpolicy.hash
new file mode 100644
index 0000000..7aeac41
--- /dev/null
+++ b/package/refpolicy/refpolicy.hash
@@ -0,0 +1,2 @@
+#From https://github.com/TresysTechnology/refpolicy/wiki/DownloadRelease
+sha256 08f9e2afc5e4939c23e56deeec7c47da029d7b85d82fb4ded01a36eb5da0651e refpolicy-RELEASE_2_20170204.tar.gz
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
new file mode 100644
index 0000000..d565cbd
--- /dev/null
+++ b/package/refpolicy/refpolicy.mk
@@ -0,0 +1,49 @@
+################################################################################
+#
+# refpolicy
+#
+################################################################################
+
+REFPOLICY_VERSION = RELEASE_2_20170204
+
+# Do not use GitHub helper as git submodules are needed for refpolicy-contrib
+REFPOLICY_SITE = https://github.com/TresysTechnology/refpolicy.git
+REFPOLICY_SITE_METHOD = git
+REFPOLICY_GIT_SUBMODULES = y
+REFPOLICY_LICENSE = GPLv2
+REFPOLICY_LICENSE_FILES = COPYING
+REFPOLICY_INSTALL_STAGING = YES
+REFPOLICY_DEPENDENCIES += \
+ host-m4 \
+ host-checkpolicy \
+ host-policycoreutils \
+ host-setools \
+ host-gawk \
+ host-python \
+ policycoreutils
+
+REFPOLICY_PYINC = -I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/site-packages
+
+# Cannot use multiple threads to build the reference policy
+REFPOLICY_MAKE = PYTHON="$(HOST_DIR)/usr/bin/python2" $(TARGET_MAKE_ENV) $(MAKE1)
+
+define REFPOLICY_CONFIGURE_CMDS
+ $(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = 30" $(@D)/build.conf
+ $(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(@D)/build.conf
+ $(SED) "/NAME/c\NAME = targeted" $(@D)/build.conf
+endef
+
+define REFPOLICY_BUILD_CMDS
+ $(REFPOLICY_MAKE) -C $(@D) bare conf DESTDIR=$(STAGING_DIR)
+endef
+
+define REFPOLICY_INSTALL_STAGING_CMDS
+ $(REFPOLICY_MAKE) -C $(@D) install-src install-headers \
+ DESTDIR=$(STAGING_DIR)
+endef
+
+define REFPOLICY_INSTALL_TARGET_CMDS
+ $(REFPOLICY_MAKE) -C $(@D) install DESTDIR=$(TARGET_DIR)
+endef
+
+$(eval $(generic-package))
--
2.9.3
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 2/3] refpolicy: add ability to specify policy version
2017-05-10 17:46 [Buildroot] [PATCH 1/3] refpolicy: new package Adam Duskett
@ 2017-05-10 17:46 ` Adam Duskett
2017-05-10 17:47 ` [Buildroot] [PATCH 3/3] refpolicy: add ability to set default state Adam Duskett
2017-05-10 17:58 ` [Buildroot] [PATCH 1/3] refpolicy: new package Matthew Weber
2 siblings, 0 replies; 8+ messages in thread
From: Adam Duskett @ 2017-05-10 17:46 UTC (permalink / raw)
To: buildroot
Refpolicy by default will build the highest version supported.
This may cause older kernels to not load the policy.
This patch adds a custom policy version string which is defaulted
to 30, which is the highest supported as of today.
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
---
package/refpolicy/Config.in | 8 ++++++++
package/refpolicy/refpolicy.mk | 2 +-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
index e772cac..e12222e 100644
--- a/package/refpolicy/Config.in
+++ b/package/refpolicy/Config.in
@@ -27,3 +27,11 @@ config BR2_PACKAGE_REFPOLICY
comment "refpolicy needs a toolchain w/ threads, glibc"
depends on !BR2_TOOLCHAIN_HAS_THREADS || !BR2_TOOLCHAIN_USES_GLIBC
+
+if BR2_PACKAGE_REFPOLICY
+
+config BR2_PACKAGE_REFPOLICY_VERSION
+ string "Policy version"
+ default "30"
+
+endif
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
index d565cbd..1eb0c54 100644
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@@ -28,7 +28,7 @@ REFPOLICY_PYINC = -I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/site-p
REFPOLICY_MAKE = PYTHON="$(HOST_DIR)/usr/bin/python2" $(TARGET_MAKE_ENV) $(MAKE1)
define REFPOLICY_CONFIGURE_CMDS
- $(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = 30" $(@D)/build.conf
+ $(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = $(BR2_PACKAGE_REFPOLICY_VERSION)" $(@D)/build.conf
$(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(@D)/build.conf
$(SED) "/NAME/c\NAME = targeted" $(@D)/build.conf
endef
--
2.9.3
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 3/3] refpolicy: add ability to set default state.
2017-05-10 17:46 [Buildroot] [PATCH 1/3] refpolicy: new package Adam Duskett
2017-05-10 17:46 ` [Buildroot] [PATCH 2/3] refpolicy: add ability to specify policy version Adam Duskett
@ 2017-05-10 17:47 ` Adam Duskett
2017-05-10 17:59 ` Matthew Weber
2017-05-10 17:58 ` [Buildroot] [PATCH 1/3] refpolicy: new package Matthew Weber
2 siblings, 1 reply; 8+ messages in thread
From: Adam Duskett @ 2017-05-10 17:47 UTC (permalink / raw)
To: buildroot
SELinux requires a config file in /etc/selinux which controls the state
of SELinux on the system.
This config file has two options set in it:
SELINUX which set's the state of selinux on boot.
SELINUXTYPE which should equal the name of the policy. In this case, the
default name is targeted.
This patch adds:
- A choice menu on Config.in that allows the user to select a default
SELinux state.
- A basic config file that will be installed to
target/etc/selinux and will set SELINUX= to the selected state.
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
---
package/refpolicy/Config.in | 25 +++++++++++++++++++++++++
package/refpolicy/config | 9 +++++++++
package/refpolicy/refpolicy.mk | 6 ++++++
3 files changed, 40 insertions(+)
create mode 100644 package/refpolicy/config
diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
index e12222e..b6f86d3 100644
--- a/package/refpolicy/Config.in
+++ b/package/refpolicy/Config.in
@@ -33,5 +33,30 @@ if BR2_PACKAGE_REFPOLICY
config BR2_PACKAGE_REFPOLICY_VERSION
string "Policy version"
default "30"
+choice
+ prompt "SELinux default state"
+ default BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
+
+config BR2_PACKAGE_REFPOLICY_STATE_ENFORCING
+ bool "Enforcing"
+ help
+ SELinux security policy is enforced
+
+config BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
+ bool "Permissive"
+ help
+ SELinux prints warnings instead of enforcing
+
+config BR2_PACKAGE_REFPOLICY_STATE_DISABLED
+ bool "Disabled"
+ help
+ No SELinux policy is loaded
+endchoice
+
+config BR2_PACKAGE_REFPOLICY_STATE
+ string
+ default "permissive" if BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
+ default "enforcing" if BR2_PACKAGE_REFPOLICY_STATE_ENFORCING
+ default "disabled" if BR2_PACKAGE_REFPOLICY_STATE_DISABLED
endif
diff --git a/package/refpolicy/config b/package/refpolicy/config
new file mode 100644
index 0000000..a45a349
--- /dev/null
+++ b/package/refpolicy/config
@@ -0,0 +1,9 @@
+# This file controls the state of SELinux on the system.
+# SELINUX= can take one of these three values:
+# enforcing - SELinux security policy is enforced.
+# permissive - SELinux prints warnings instead of enforcing.
+# disabled - No SELinux policy is loaded.
+SELINUX=disabled
+
+SELINUXTYPE=targeted
+
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
index 1eb0c54..c982014 100644
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@@ -23,6 +23,7 @@ REFPOLICY_DEPENDENCIES += \
policycoreutils
REFPOLICY_PYINC = -I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/site-packages
+REFPOLICY_NAME = "targeted"
# Cannot use multiple threads to build the reference policy
REFPOLICY_MAKE = PYTHON="$(HOST_DIR)/usr/bin/python2" $(TARGET_MAKE_ENV) $(MAKE1)
@@ -44,6 +45,11 @@ endef
define REFPOLICY_INSTALL_TARGET_CMDS
$(REFPOLICY_MAKE) -C $(@D) install DESTDIR=$(TARGET_DIR)
+ $(INSTALL) -m 0755 -D package/refpolicy/config \
+ $(TARGET_DIR)/etc/selinux/config
+
+ $(SED) "/^SELINUX=/c\SELINUX=$(BR2_PACKAGE_REFPOLICY_STATE)" \
+ $(TARGET_DIR)/etc/selinux/config
endef
$(eval $(generic-package))
--
2.9.3
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 1/3] refpolicy: new package
2017-05-10 17:46 [Buildroot] [PATCH 1/3] refpolicy: new package Adam Duskett
2017-05-10 17:46 ` [Buildroot] [PATCH 2/3] refpolicy: add ability to specify policy version Adam Duskett
2017-05-10 17:47 ` [Buildroot] [PATCH 3/3] refpolicy: add ability to set default state Adam Duskett
@ 2017-05-10 17:58 ` Matthew Weber
2017-05-10 19:50 ` Thomas Petazzoni
2 siblings, 1 reply; 8+ messages in thread
From: Matthew Weber @ 2017-05-10 17:58 UTC (permalink / raw)
To: buildroot
Adam,
On Wed, May 10, 2017 at 12:46 PM, Adam Duskett <aduskett@gmail.com> wrote:
> The patch is for adding selinux reference policy (refpolicy).
> It is a complete SELinux policy that can be used as the system policy
> for a variety of systems and used as the basis for creating other policies.
>
Similar patchset submitted here:
https://patchwork.ozlabs.org/patch/711535/
> Signed-off-by: Adam Duskett <aduskett@codeblue.com>
> ---
> package/Config.in | 1 +
> package/refpolicy/Config.in | 29 ++++++++++++++++++++++++
> package/refpolicy/refpolicy.hash | 2 ++
> package/refpolicy/refpolicy.mk | 49 ++++++++++++++++++++++++++++++++++++++++
> 4 files changed, 81 insertions(+)
> create mode 100644 package/refpolicy/Config.in
> create mode 100644 package/refpolicy/refpolicy.hash
> create mode 100644 package/refpolicy/refpolicy.mk
>
> diff --git a/package/Config.in b/package/Config.in
> index d57813c..6aa6885 100644
> --- a/package/Config.in
> +++ b/package/Config.in
> @@ -1754,6 +1754,7 @@ endmenu
> menu "Security"
> source "package/checkpolicy/Config.in"
> source "package/policycoreutils/Config.in"
> + source "package/refpolicy/Config.in"
> source "package/sepolgen/Config.in"
> source "package/setools/Config.in"
> endmenu
> diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
> new file mode 100644
> index 0000000..e772cac
> --- /dev/null
> +++ b/package/refpolicy/Config.in
> @@ -0,0 +1,29 @@
> +config BR2_PACKAGE_REFPOLICY
> + bool "refpolicy"
> + depends on BR2_TOOLCHAIN_HAS_THREADS # policycoreutils
> + depends on BR2_TOOLCHAIN_USES_GLIBC # policycoreutils
> + select BR2_PACKAGE_POLICYCOREUTILS
> + select BR2_PACKAGE_BUSYBOX_SELINUX if BR2_PACKAGE_BUSYBOX
> + help
> + The SELinux Reference Policy project (refpolicy) is a
> + complete SELinux policy that can be used as the system
> + policy for a variety of systems and used as the basis
> + for creating other policies. Reference Policy was originally
> + based on the NSA example policy, but aims to accomplish
> + many additional goals.
> +
> + The current refpolicy does not fully support Buildroot
> + and needs modifications to work with the default system
> + file layout. These changes should be added as patches to
> + the refpolicy that modify a single SELinux policy.
> +
> + The refpolicy works for the most part in permissive mode. Only
> + the basic set of utilities are enabled in the example policy
> + config and some of the pathing in the policies is not correct.
> + Individual policies would need to be tweaked to get everything
> + functioning properly.
> +
> + https://github.com/TresysTechnology/refpolicy
> +
> +comment "refpolicy needs a toolchain w/ threads, glibc"
> + depends on !BR2_TOOLCHAIN_HAS_THREADS || !BR2_TOOLCHAIN_USES_GLIBC
> diff --git a/package/refpolicy/refpolicy.hash b/package/refpolicy/refpolicy.hash
> new file mode 100644
> index 0000000..7aeac41
> --- /dev/null
> +++ b/package/refpolicy/refpolicy.hash
> @@ -0,0 +1,2 @@
> +#From https://github.com/TresysTechnology/refpolicy/wiki/DownloadRelease
> +sha256 08f9e2afc5e4939c23e56deeec7c47da029d7b85d82fb4ded01a36eb5da0651e refpolicy-RELEASE_2_20170204.tar.gz
> diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
> new file mode 100644
> index 0000000..d565cbd
> --- /dev/null
> +++ b/package/refpolicy/refpolicy.mk
> @@ -0,0 +1,49 @@
> +################################################################################
> +#
> +# refpolicy
> +#
> +################################################################################
> +
> +REFPOLICY_VERSION = RELEASE_2_20170204
> +
> +# Do not use GitHub helper as git submodules are needed for refpolicy-contrib
> +REFPOLICY_SITE = https://github.com/TresysTechnology/refpolicy.git
> +REFPOLICY_SITE_METHOD = git
> +REFPOLICY_GIT_SUBMODULES = y
> +REFPOLICY_LICENSE = GPLv2
> +REFPOLICY_LICENSE_FILES = COPYING
> +REFPOLICY_INSTALL_STAGING = YES
> +REFPOLICY_DEPENDENCIES += \
> + host-m4 \
> + host-checkpolicy \
> + host-policycoreutils \
> + host-setools \
> + host-gawk \
> + host-python \
> + policycoreutils
> +
> +REFPOLICY_PYINC = -I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/site-packages
> +
> +# Cannot use multiple threads to build the reference policy
> +REFPOLICY_MAKE = PYTHON="$(HOST_DIR)/usr/bin/python2" $(TARGET_MAKE_ENV) $(MAKE1)
> +
> +define REFPOLICY_CONFIGURE_CMDS
> + $(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = 30" $(@D)/build.conf
> + $(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(@D)/build.conf
> + $(SED) "/NAME/c\NAME = targeted" $(@D)/build.conf
> +endef
> +
> +define REFPOLICY_BUILD_CMDS
> + $(REFPOLICY_MAKE) -C $(@D) bare conf DESTDIR=$(STAGING_DIR)
> +endef
> +
> +define REFPOLICY_INSTALL_STAGING_CMDS
> + $(REFPOLICY_MAKE) -C $(@D) install-src install-headers \
> + DESTDIR=$(STAGING_DIR)
> +endef
> +
> +define REFPOLICY_INSTALL_TARGET_CMDS
> + $(REFPOLICY_MAKE) -C $(@D) install DESTDIR=$(TARGET_DIR)
> +endef
> +
> +$(eval $(generic-package))
> --
> 2.9.3
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
Matthew L Weber / Pr Software Engineer
Airborne Information Systems / Security Systems and Software / Secure Platforms
MS 131-100, C Ave NE, Cedar Rapids, IA, 52498, USA
www.rockwellcollins.com
Note: Any Export License Required Information and License Restricted
Third Party Intellectual Property (TPIP) content must be encrypted and
sent to matthew.weber at corp.rockwellcollins.com.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 3/3] refpolicy: add ability to set default state.
2017-05-10 17:47 ` [Buildroot] [PATCH 3/3] refpolicy: add ability to set default state Adam Duskett
@ 2017-05-10 17:59 ` Matthew Weber
0 siblings, 0 replies; 8+ messages in thread
From: Matthew Weber @ 2017-05-10 17:59 UTC (permalink / raw)
To: buildroot
Adam,
On Wed, May 10, 2017 at 12:47 PM, Adam Duskett <aduskett@gmail.com> wrote:
> SELinux requires a config file in /etc/selinux which controls the state
> of SELinux on the system.
>
> This config file has two options set in it:
> SELINUX which set's the state of selinux on boot.
> SELINUXTYPE which should equal the name of the policy. In this case, the
> default name is targeted.
>
> This patch adds:
> - A choice menu on Config.in that allows the user to select a default
> SELinux state.
>
> - A basic config file that will be installed to
> target/etc/selinux and will set SELINUX= to the selected state.
>
Similar patchset submitted here:
https://patchwork.ozlabs.org/patch/711537/
https://patchwork.ozlabs.org/patch/711536/
> Signed-off-by: Adam Duskett <aduskett@codeblue.com>
> ---
> package/refpolicy/Config.in | 25 +++++++++++++++++++++++++
> package/refpolicy/config | 9 +++++++++
> package/refpolicy/refpolicy.mk | 6 ++++++
> 3 files changed, 40 insertions(+)
> create mode 100644 package/refpolicy/config
>
> diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
> index e12222e..b6f86d3 100644
> --- a/package/refpolicy/Config.in
> +++ b/package/refpolicy/Config.in
> @@ -33,5 +33,30 @@ if BR2_PACKAGE_REFPOLICY
> config BR2_PACKAGE_REFPOLICY_VERSION
> string "Policy version"
> default "30"
> +choice
> + prompt "SELinux default state"
> + default BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
> +
> +config BR2_PACKAGE_REFPOLICY_STATE_ENFORCING
> + bool "Enforcing"
> + help
> + SELinux security policy is enforced
> +
> +config BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
> + bool "Permissive"
> + help
> + SELinux prints warnings instead of enforcing
> +
> +config BR2_PACKAGE_REFPOLICY_STATE_DISABLED
> + bool "Disabled"
> + help
> + No SELinux policy is loaded
> +endchoice
> +
> +config BR2_PACKAGE_REFPOLICY_STATE
> + string
> + default "permissive" if BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
> + default "enforcing" if BR2_PACKAGE_REFPOLICY_STATE_ENFORCING
> + default "disabled" if BR2_PACKAGE_REFPOLICY_STATE_DISABLED
>
> endif
> diff --git a/package/refpolicy/config b/package/refpolicy/config
> new file mode 100644
> index 0000000..a45a349
> --- /dev/null
> +++ b/package/refpolicy/config
> @@ -0,0 +1,9 @@
> +# This file controls the state of SELinux on the system.
> +# SELINUX= can take one of these three values:
> +# enforcing - SELinux security policy is enforced.
> +# permissive - SELinux prints warnings instead of enforcing.
> +# disabled - No SELinux policy is loaded.
> +SELINUX=disabled
> +
> +SELINUXTYPE=targeted
> +
> diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
> index 1eb0c54..c982014 100644
> --- a/package/refpolicy/refpolicy.mk
> +++ b/package/refpolicy/refpolicy.mk
> @@ -23,6 +23,7 @@ REFPOLICY_DEPENDENCIES += \
> policycoreutils
>
> REFPOLICY_PYINC = -I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/site-packages
> +REFPOLICY_NAME = "targeted"
>
> # Cannot use multiple threads to build the reference policy
> REFPOLICY_MAKE = PYTHON="$(HOST_DIR)/usr/bin/python2" $(TARGET_MAKE_ENV) $(MAKE1)
> @@ -44,6 +45,11 @@ endef
>
> define REFPOLICY_INSTALL_TARGET_CMDS
> $(REFPOLICY_MAKE) -C $(@D) install DESTDIR=$(TARGET_DIR)
> + $(INSTALL) -m 0755 -D package/refpolicy/config \
> + $(TARGET_DIR)/etc/selinux/config
> +
> + $(SED) "/^SELINUX=/c\SELINUX=$(BR2_PACKAGE_REFPOLICY_STATE)" \
> + $(TARGET_DIR)/etc/selinux/config
> endef
>
> $(eval $(generic-package))
> --
> 2.9.3
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
Matthew L Weber / Pr Software Engineer
Airborne Information Systems / Security Systems and Software / Secure Platforms
MS 131-100, C Ave NE, Cedar Rapids, IA, 52498, USA
www.rockwellcollins.com
Note: Any Export License Required Information and License Restricted
Third Party Intellectual Property (TPIP) content must be encrypted and
sent to matthew.weber at corp.rockwellcollins.com.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 1/3] refpolicy: new package
2017-05-10 17:58 ` [Buildroot] [PATCH 1/3] refpolicy: new package Matthew Weber
@ 2017-05-10 19:50 ` Thomas Petazzoni
2017-05-10 20:18 ` Adam Duskett
0 siblings, 1 reply; 8+ messages in thread
From: Thomas Petazzoni @ 2017-05-10 19:50 UTC (permalink / raw)
To: buildroot
Hello,
On Wed, 10 May 2017 12:58:46 -0500, Matthew Weber wrote:
> On Wed, May 10, 2017 at 12:46 PM, Adam Duskett <aduskett@gmail.com> wrote:
> > The patch is for adding selinux reference policy (refpolicy).
> > It is a complete SELinux policy that can be used as the system policy
> > for a variety of systems and used as the basis for creating other policies.
> >
>
> Similar patchset submitted here:
> https://patchwork.ozlabs.org/patch/711535/
Exactly what I was going to say: what is the difference between this
new submission, and the one from Bryce Ferguson already in patchwork ?
Best regards,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 1/3] refpolicy: new package
2017-05-10 19:50 ` Thomas Petazzoni
@ 2017-05-10 20:18 ` Adam Duskett
0 siblings, 0 replies; 8+ messages in thread
From: Adam Duskett @ 2017-05-10 20:18 UTC (permalink / raw)
To: buildroot
Hello
On May 10, 2017 3:50 PM, "Thomas Petazzoni" <
thomas.petazzoni@free-electrons.com> wrote:
Hello,
On Wed, 10 May 2017 12:58:46 -0500, Matthew Weber wrote:
> On Wed, May 10, 2017 at 12:46 PM, Adam Duskett <aduskett@gmail.com> wrote:
> > The patch is for adding selinux reference policy (refpolicy).
> > It is a complete SELinux policy that can be used as the system policy
> > for a variety of systems and used as the basis for creating other
policies.
> >
>
> Similar patchset submitted here:
> https://patchwork.ozlabs.org/patch/711535/
Exactly what I was going to say: what is the difference between this
new submission, and the one from Bryce Ferguson already in patchwork ?
I talked to Bryce earlier today and asked if I could take over the patch
for him, so I cleaned up the makefile and made everything cleaner for the
next round.
Best regards,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
Adam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20170510/439adc57/attachment.html>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 1/3] refpolicy: new package
@ 2017-01-05 18:10 Bryce Ferguson
0 siblings, 0 replies; 8+ messages in thread
From: Bryce Ferguson @ 2017-01-05 18:10 UTC (permalink / raw)
To: buildroot
From: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
The patch is for adding selinux reference policy (refpolicy).
It is a complete SELinux policy that can be used as the system policy
for a variety of systems and used as the basis for creating other policies.
Signed-off-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com>
---
package/Config.in | 1 +
.../0001-Fix-awk-references-to-use-variable.patch | 42 +++++++
.../0002-support-fc_sort-use-_FOR_BUILD.patch | 27 +++++
package/refpolicy/Config.in | 91 +++++++++++++++
package/refpolicy/S00selinux | 124 +++++++++++++++++++++
package/refpolicy/refpolicy.hash | 2 +
package/refpolicy/refpolicy.mk | 67 +++++++++++
7 files changed, 354 insertions(+)
create mode 100644 package/refpolicy/0001-Fix-awk-references-to-use-variable.patch
create mode 100644 package/refpolicy/0002-support-fc_sort-use-_FOR_BUILD.patch
create mode 100644 package/refpolicy/Config.in
create mode 100644 package/refpolicy/S00selinux
create mode 100644 package/refpolicy/refpolicy.hash
create mode 100644 package/refpolicy/refpolicy.mk
diff --git a/package/Config.in b/package/Config.in
index 6511c98..f73f529 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1679,6 +1679,7 @@ endmenu
menu "Security"
source "package/policycoreutils/Config.in"
+ source "package/refpolicy/Config.in"
source "package/setools/Config.in"
endmenu
diff --git a/package/refpolicy/0001-Fix-awk-references-to-use-variable.patch b/package/refpolicy/0001-Fix-awk-references-to-use-variable.patch
new file mode 100644
index 0000000..8236fa2
--- /dev/null
+++ b/package/refpolicy/0001-Fix-awk-references-to-use-variable.patch
@@ -0,0 +1,42 @@
+From 1d4c826e8de366bccb93f167cd9be834ab5911c8 Mon Sep 17 00:00:00 2001
+From: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
+Date: Fri, 8 May 2015 14:13:00 -0500
+Subject: [PATCH] Fix awk references to use variable
+
+Ensure all awk calls use the variable setup in the makefile rather than
+relying on the system.
+
+Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
+---
+ Makefile | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 85d4cfb..3aa4b51 100644
+--- a/Makefile
++++ b/Makefile
+@@ -292,9 +292,9 @@ cmdline_mods := $(addsuffix .te,$(APPS_MODS))
+ cmdline_off := $(addsuffix .te,$(APPS_OFF))
+
+ # extract settings from modules.conf
+-mod_conf_base := $(addsuffix .te,$(sort $(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configbase)") print $$1 }' $(mod_conf) 2> /dev/null)))
+-mod_conf_mods := $(addsuffix .te,$(sort $(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configmod)") print $$1 }' $(mod_conf) 2> /dev/null)))
+-mod_conf_off := $(addsuffix .te,$(sort $(shell awk '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configoff)") print $$1 }' $(mod_conf) 2> /dev/null)))
++mod_conf_base := $(addsuffix .te,$(sort $(shell $(AWK) '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configbase)") print $$1 }' $(mod_conf) 2> /dev/null)))
++mod_conf_mods := $(addsuffix .te,$(sort $(shell $(AWK) '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configmod)") print $$1 }' $(mod_conf) 2> /dev/null)))
++mod_conf_off := $(addsuffix .te,$(sort $(shell $(AWK) '/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configoff)") print $$1 }' $(mod_conf) 2> /dev/null)))
+
+ base_mods := $(cmdline_base)
+ mod_mods := $(cmdline_mods)
+@@ -308,7 +308,7 @@ off_mods += $(filter-out $(cmdline_off) $(cmdline_base) $(cmdline_mods), $(mod_c
+ off_mods += $(filter-out $(base_mods) $(mod_mods) $(off_mods),$(notdir $(detected_mods)))
+
+ # filesystems to be used in labeling targets
+-filesystems = $(shell mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]|btrfs| xfs| jfs).*rw/{print $$3}';)
++filesystems = $(shell mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | $(AWK) '/(ext[234]|btrfs| xfs| jfs).*rw/{print $$3}';)
+ fs_names := "btrfs ext2 ext3 ext4 xfs jfs"
+
+ ########################################
+--
+1.9.1
+
diff --git a/package/refpolicy/0002-support-fc_sort-use-_FOR_BUILD.patch b/package/refpolicy/0002-support-fc_sort-use-_FOR_BUILD.patch
new file mode 100644
index 0000000..a8322e6
--- /dev/null
+++ b/package/refpolicy/0002-support-fc_sort-use-_FOR_BUILD.patch
@@ -0,0 +1,27 @@
+From bbd4bd5407cccda7e29e1943c7c8ad5309c90d2f Mon Sep 17 00:00:00 2001
+From: Matt Weber <matthew.weber@rockwellcollins.com>
+Date: Fri, 23 Dec 2016 13:14:58 -0600
+Subject: [PATCH] refpolicy: support/fc_sort use *_FOR_BUILD
+Updates the one C based tool to use the CC_FOR_BUILD
+and respective flags variable as a full host build
+isn't required..
+Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/Makefile b/Makefile
+index 4feba89..3643d48 100644
+--- a/Makefile
++++ b/Makefile
+@@ -400,7 +400,7 @@ $(mod_conf) $(booleans): $(polxml)
+ # Generate the fc_sort program
+ #
+ $(fcsort) : $(support)/fc_sort.c
+- $(verbose) $(CC) $(CFLAGS) $^ -o $@
++ $(verbose) $(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) $^ -o $@
+
+ ########################################
+ #
+--
+1.9.1
+
diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
new file mode 100644
index 0000000..6ed0bff
--- /dev/null
+++ b/package/refpolicy/Config.in
@@ -0,0 +1,91 @@
+config BR2_PACKAGE_REFPOLICY
+ bool "refpolicy"
+ select BR2_PACKAGE_POLICYCOREUTILS
+ select BR2_PACKAGE_BUSYBOX_SELINUX if BR2_PACKAGE_BUSYBOX
+ depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS # libsemanage
+ depends on BR2_TOOLCHAIN_HAS_THREADS # libsemanage
+ depends on !BR2_STATIC_LIBS #libsemanage
+ depends on !BR2_arc # libsemanage
+ depends on BR2_TOOLCHAIN_USES_GLIBC # libsemanage
+ help
+ The SELinux Reference Policy project (refpolicy) is a
+ complete SELinux policy that can be used as the system
+ policy for a variety of systems and used as the basis
+ for creating other policies. Reference Policy was originally
+ based on the NSA example policy, but aims to accomplish
+ many additional goals.
+
+ The current refpolicy does not fully support Buildroot
+ and needs modifications to work with the default system
+ file layout. These changes should be added as patches to
+ the refpolicy that modify a single SELinux policy.
+
+ The refpolicy works for the most part in permissive mode. Only the
+ basic set of utilities are enabled in the example policy config and
+ some of the pathing in the policies is not correct. Individual
+ policies would need to be tweaked to get everything functioning
+ properly.
+
+comment "refpolicy needs a glibc toolchain w/ thread, dynamic library"
+ depends on !BR2_arc
+ depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
+ depends on BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS || \
+ !BR2_TOOLCHAIN_USES_GLIBC
+
+if BR2_PACKAGE_REFPOLICY
+
+choice
+ prompt "SELinux policy type"
+ default BR2_PACKAGE_REFPOLICY_TYPE_STANDARD
+
+config BR2_PACKAGE_REFPOLICY_TYPE_STANDARD
+ bool "Standard"
+ help
+ Standard SELinux policy enabling type enforcement only
+
+config BR2_PACKAGE_REFPOLICY_TYPE_MCS
+ bool "MCS"
+ help
+ SELinux policy with multi-category support
+
+config BR2_PACKAGE_REFPOLICY_TYPE_MLS
+ bool "MLS"
+ help
+ SELinux policy with multi-category and multi-level support
+
+endchoice
+
+config BR2_PACKAGE_REFPOLICY_TYPE
+ string
+ default "standard" if BR2_PACKAGE_REFPOLICY_TYPE_STANDARD
+ default "mcs" if BR2_PACKAGE_REFPOLICY_TYPE_MCS
+ default "mls" if BR2_PACKAGE_REFPOLICY_TYPE_MLS
+
+choice
+ prompt "SELinux default state"
+ default BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
+
+config BR2_PACKAGE_REFPOLICY_STATE_ENFORCE
+ bool "Enforcing"
+ help
+ SELinux security policy is enforced
+
+config BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
+ bool "Permissive"
+ help
+ SELinux prints warnings instead of enforcing
+
+config BR2_PACKAGE_REFPOLICY_STATE_DISABLE
+ bool "Disabled"
+ help
+ No SELinux policy is loaded
+
+endchoice
+
+config BR2_PACKAGE_REFPOLICY_STATE
+ string
+ default "permissive" if BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
+ default "enforcing" if BR2_PACKAGE_REFPOLICY_STATE_ENFORCE
+ default "disabled" if BR2_PACKAGE_REFPOLICY_STATE_DISABLE
+
+endif
diff --git a/package/refpolicy/S00selinux b/package/refpolicy/S00selinux
new file mode 100644
index 0000000..ea4fbfb
--- /dev/null
+++ b/package/refpolicy/S00selinux
@@ -0,0 +1,124 @@
+#!/bin/sh
+################################################################################
+#
+# This file labels the security contexts of memory based filesystems such as
+# /dev/ and checks for auto relabel request if '/.autorelabel' file exists.
+#
+# This script is a heavily stripped down and modified version of the one used
+# in CentOS 6.2
+#
+################################################################################
+
+failed()
+{
+ echo $1
+ exit 1
+}
+
+# Get SELinux config env vars
+. /etc/selinux/config || failed "Failed to source the SELinux config"
+
+setup_selinux() {
+ # Create required directories
+ mkdir -p /etc/selinux/${SELINUXTYPE}/policy/ ||
+ failed "Failed to create the policy folder"
+ mkdir -p /etc/selinux/${SELINUXTYPE}/modules/active/modules || \
+ failed "Failed to create the modules folder"
+ if [ ! -f /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts.local ]
+ then
+ touch /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts.local || \
+ failed "Failed to create the file_contexts.local file"
+ fi
+
+ # Load the policy to activate it
+ load_policy -i || failed "Failed to load the SELinux policy"
+}
+
+relabel_selinux() {
+ # if /sbin/init is not labeled correctly this process is running in the
+ # wrong context, so a reboot will be required after relabel
+ AUTORELABEL=
+
+ # Switch to Permissive mode
+ echo "0" > /sys/fs/selinux/enforce || failed "Failed to disable enforcing mode"
+
+ echo
+ echo "*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required."
+ echo "*** Relabeling could take a very long time, depending on file"
+ echo "*** system size and speed of hard drives."
+
+ # Relabel mount points
+ restorecon $(awk '!/^#/ && $4 !~ /noauto/ && $2 ~ /^\// { print $2 }' /etc/fstab) \
+ >/dev/null 2>&1 || failed "Failed to relabel the mount points"
+
+ # Relabel file system
+ echo "Relabeling file systems"
+ restorecon -R -F / || failed "Failed to relabel the file system"
+
+ # Remove label
+ rm -f /.autorelabel || failed "Failed to remove the autorelabel flag"
+
+ # Reboot to activate relabeled file system
+ echo "Automatic reboot in progress."
+ reboot -f
+}
+
+start() {
+ printf "Initializing SELinux: "
+
+ # Check to see if the default policy has been installed
+ if [ "`sestatus | grep "SELinux status" | grep enabled`" == "" ]; then
+ if [ ! -f /etc/selinux/${SELINUXTYPE}/policy/policy.* ]
+ then
+ setup_selinux
+ else
+ # Load the policy to activate it
+ load_policy -i || failed "Failed to load the SELinux policy"
+ fi
+ fi
+
+ # Check SELinux status
+ SELINUX_STATE=
+ if [ -e "/selinux/enforce" ] && [ "$(cat /proc/self/attr/current)" != "kernel" ]; then
+ if [ -r "/selinux/enforce" ] ; then
+ SELINUX_STATE=$(cat "/selinux/enforce")
+ else
+ # assume enforcing if you can't read it
+ SELINUX_STATE=1
+ fi
+ fi
+
+ # Context Label /dev/
+ /sbin/restorecon -R -F /dev 2>/dev/null
+
+ # Context Label tmpfs mounts.
+ # using /proc/mounts to discover tmpfs mounts
+ /sbin/restorecon -R -F $(awk '!/^#/ && $4 !~ /noauto/ && $2 ~ /^\// && $3 =="tmpfs" { print $2 }' /etc/fstab) >/dev/null 2>&1
+
+ # Clean up SELinux labels
+ restorecon -F /etc/mtab /etc/ld.so.cache /etc/resolv.conf >/dev/null 2>&1
+
+ # Check for filesystem relabel request
+ if [ -f /.autorelabel ] ; then
+ relabel_selinux
+ fi
+
+ echo "OK"
+}
+stop() {
+ # There is nothing to do
+ :
+}
+
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ *)
+ echo "Usage: $0 {start|stop}"
+ exit 1
+ ;;
+esac
diff --git a/package/refpolicy/refpolicy.hash b/package/refpolicy/refpolicy.hash
new file mode 100644
index 0000000..3ff37dc
--- /dev/null
+++ b/package/refpolicy/refpolicy.hash
@@ -0,0 +1,2 @@
+#From https://github.com/TresysTechnology/refpolicy/wiki/DownloadRelease
+sha256 2dd2f45a7132137afe8302805c3b7839739759b9ab73dd1815c01afe34ac99de refpolicy-RELEASE_2_20151208.tar.gz
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
new file mode 100644
index 0000000..9b3e1c5
--- /dev/null
+++ b/package/refpolicy/refpolicy.mk
@@ -0,0 +1,67 @@
+################################################################################
+#
+# refpolicy
+#
+################################################################################
+
+REFPOLICY_VERSION = RELEASE_2_20151208
+
+# Do not use GitHub helper as git submodules are needed for refpolicy-contrib
+REFPOLICY_SITE = https://github.com/TresysTechnology/refpolicy.git
+REFPOLICY_SITE_METHOD = git
+REFPOLICY_GIT_SUBMODULES = y # Required for refpolicy-contrib
+REFPOLICY_LICENSE = GPLv2
+REFPOLICY_LICENSE_FILES = COPYING
+
+# Cannot use multiple threads to build the reference policy
+REFPOLICY_MAKE = $(TARGET_MAKE_ENV) $(MAKE1)
+
+REFPOLICY_DEPENDENCIES += host-m4 host-checkpolicy host-policycoreutils \
+ host-gawk host-python
+
+REFPOLICY_INSTALL_STAGING = YES
+
+REFPOLICY_POLICY_NAME = br_policy
+
+# Note, the TEST_TOOLCHAIN option will also set the
+# LD_LIBRARY_PATH at run time.
+REFPOLICY_MAKE_OPTS = $(TARGET_CONFIGURE_OPTS) \
+ TEST_TOOLCHAIN="$(HOST_DIR)"
+
+# Build requires python2 to run
+REFPOLICY_MAKE_ENV = \
+ PYTHON="$(HOST_DIR)/usr/bin/python2" \
+ AWK="$(HOST_DIR)/usr/bin/gawk" \
+ M4="$(HOST_DIR)/usr/bin/m4"
+
+define REFPOLICY_CONFIGURE_CMDS
+ $(REFPOLICY_MAKE_ENV) $(REFPOLICY_MAKE) -C $(@D) bare \
+ $(REFPOLICY_MAKE_OPTS) DESTDIR=$(STAGING_DIR)
+ $(SED) "/TYPE/c\TYPE = $(BR2_PACKAGE_REFPOLICY_TYPE)" $(@D)/build.conf
+ $(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(@D)/build.conf
+ $(SED) "/NAME/c\NAME = $(REFPOLICY_POLICY_NAME)" $(@D)/build.conf
+
+ $(REFPOLICY_MAKE_ENV) $(REFPOLICY_MAKE) -C $(@D) conf \
+ $(REFPOLICY_MAKE_OPTS) DESTDIR=$(STAGING_DIR)
+endef
+
+define REFPOLICY_INSTALL_STAGING_CMDS
+ $(REFPOLICY_MAKE_ENV) $(REFPOLICY_MAKE) -C $(@D) install-src install-headers \
+ install-docs $(REFPOLICY_MAKE_OPTS) DESTDIR=$(STAGING_DIR)
+endef
+
+define REFPOLICY_INSTALL_TARGET_CMDS
+ $(REFPOLICY_MAKE_ENV) $(REFPOLICY_MAKE) -C $(@D) install \
+ $(REFPOLICY_MAKE_OPTS) DESTDIR=$(TARGET_DIR)
+ echo SELINUX=$(BR2_PACKAGE_REFPOLICY_STATE) > $(TARGET_DIR)/etc/selinux/config
+ echo SELINUXTYPE=$(REFPOLICY_POLICY_NAME) >> $(TARGET_DIR)/etc/selinux/config
+ touch $(TARGET_DIR)/.autorelabel
+ $(RM) $(TARGET_DIR)/etc/selinux/$(REFPOLICY_POLICY_NAME)/booleans
+endef
+
+define REFPOLICY_INSTALL_INIT_SYSV
+ $(INSTALL) -m 0755 -D package/refpolicy/S00selinux \
+ $(TARGET_DIR)/etc/init.d/S00selinux
+endef
+
+$(eval $(generic-package))
--
1.9.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
end of thread, other threads:[~2017-05-10 20:18 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-10 17:46 [Buildroot] [PATCH 1/3] refpolicy: new package Adam Duskett
2017-05-10 17:46 ` [Buildroot] [PATCH 2/3] refpolicy: add ability to specify policy version Adam Duskett
2017-05-10 17:47 ` [Buildroot] [PATCH 3/3] refpolicy: add ability to set default state Adam Duskett
2017-05-10 17:59 ` Matthew Weber
2017-05-10 17:58 ` [Buildroot] [PATCH 1/3] refpolicy: new package Matthew Weber
2017-05-10 19:50 ` Thomas Petazzoni
2017-05-10 20:18 ` Adam Duskett
-- strict thread matches above, loose matches on Subject: below --
2017-01-05 18:10 Bryce Ferguson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.