* [PATCH 00/20 V2] selinux: uprev to 2.7 (20170804)
@ 2017-09-13 2:42 wenzong.fan
2017-09-13 2:42 ` [PATCH 01/20] selinux: uprev include file to 20170804 wenzong.fan
` (19 more replies)
0 siblings, 20 replies; 21+ messages in thread
From: wenzong.fan @ 2017-09-13 2:42 UTC (permalink / raw)
To: yocto, mark.hatle, Joe_MacDonald
From: Wenzong Fan <wenzong.fan@windriver.com>
V2 changes:
* fix incorrect 'Subject' in patches
* apply patches base on mgh/master-next:
- drop applied patch: refpolicy: fix a typo in RDEPENDS
The following changes since commit ae9553c0d22bc079947aa31170dbe096b20f9de6:
systemd: Remove inherit enable-selinux, obsolete (2017-09-08 13:23:20 -0500)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib wenzong/mgh-master-next
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/mgh-master-next
Wenzong Fan (20):
selinux: uprev include file to 20170804
libsepol: uprev to 2.7 (20170804)
libselinux: uprev to 2.7 (20170804)
libsemanage: uprev to 2.7 (20170804)
checkpolicy: uprev to 2.7 (20170804)
secilc: uprev to 2.7 (20170804)
policycoreutils: uprev to 2.7 (20170804)
sepolgen: remove package
mcstrans: add package 2.7 (20170804)
restorecond: add package 2.7 (20170804)
selinux-sandbox: add package 2.7 (20170804)
selinux-python: add package 2.7 (20170804)
semodule-utils: add package 2.7 (20170804)
selinux-dbus: add package 2.7 (20170804)
selinux-gui: add package 2.7 (20170804)
policycoreutils: fixes for 2.7 uprev
refpolicy_common: depends on semodule-utils-native
setools: uprev to 4.1.1
packagegroup-*: sync package names
selinux-python: add setools to RDEPENDS
.../packagegroups/packagegroup-core-selinux.bb | 2 +-
.../packagegroup-selinux-policycoreutils.bb | 25 +-
recipes-security/refpolicy/refpolicy_common.inc | 2 +-
recipes-security/selinux/checkpolicy.inc | 3 +-
.../checkpolicy-Do-not-link-against-libfl.patch | 46 ---
recipes-security/selinux/checkpolicy_2.6.bb | 7 -
recipes-security/selinux/checkpolicy_2.7.bb | 7 +
recipes-security/selinux/libselinux.inc | 3 +-
.../{libselinux_2.6.bb => libselinux_2.7.bb} | 6 +-
recipes-security/selinux/libsemanage.inc | 2 +
...anage-simplify-string-utilities-functions.patch | 115 --------
...-add-semanage_str_replace-utility-functio.patch | 164 -----------
...manage-genhomedircon-drop-ustr-dependency.patch | 323 ---------------------
...-remove-ustr-library-from-Makefiles-READM.patch | 61 ----
...ibsemanage-allow-to-disable-audit-support.patch | 68 +++--
.../libsemanage-fix-path-len-limit.patch | 28 --
.../{libsemanage_2.6.bb => libsemanage_2.7.bb} | 11 +-
.../selinux/{libsepol_2.6.bb => libsepol_2.7.bb} | 6 +-
recipes-security/selinux/mcstrans.inc | 49 ++++
.../0001-mcstrans-fix-the-init-script.patch | 9 +-
.../selinux/mcstrans/mcstrans-de-bashify.patch | 26 ++
recipes-security/selinux/mcstrans_2.7.bb | 7 +
recipes-security/selinux/policycoreutils.inc | 195 +------------
.../selinux/policycoreutils/enable-mcstrans.patch | 17 --
.../policycoreutils/mcstrans-de-bashify.patch | 12 -
.../policycoreutils-fixfiles-de-bashify.patch | 53 ++--
.../policycoreutils-fts_flags-FTS_NOCHDIR.patch | 25 --
recipes-security/selinux/policycoreutils_2.6.bb | 17 --
recipes-security/selinux/policycoreutils_2.7.bb | 8 +
recipes-security/selinux/restorecond.inc | 28 ++
.../policycoreutils-make-O_CLOEXEC-optional.patch | 8 +-
recipes-security/selinux/restorecond_2.7.bb | 7 +
recipes-security/selinux/secilc_2.6.bb | 7 -
recipes-security/selinux/secilc_2.7.bb | 7 +
recipes-security/selinux/selinux-dbus.inc | 14 +
recipes-security/selinux/selinux-dbus_2.7.bb | 7 +
recipes-security/selinux/selinux-gui.inc | 15 +
recipes-security/selinux/selinux-gui_2.7.bb | 7 +
recipes-security/selinux/selinux-python.inc | 107 +++++++
.../fix-TypeError-for-seobject.py.patch} | 0
.../fix-sepolicy-install-path.patch} | 0
...process-ValueError-for-sepolicy-seobject.patch} | 0
recipes-security/selinux/selinux-python_2.7.bb | 7 +
recipes-security/selinux/selinux-sandbox.inc | 28 ++
.../sandbox-de-bashify.patch} | 13 +-
recipes-security/selinux/selinux-sandbox_2.7.bb | 7 +
.../{selinux_20161014.inc => selinux_20170804.inc} | 2 +-
recipes-security/selinux/semodule-utils.inc | 27 ++
recipes-security/selinux/semodule-utils_2.7.bb | 7 +
recipes-security/selinux/sepolgen.inc | 34 ---
recipes-security/selinux/sepolgen_2.6.bb | 7 -
recipes-security/selinux/sepolgen_git.bb | 7 -
...-Don-t-check-selinux-policies-if-disabled.patch | 25 --
.../setools-Fix-man-pages-and-getoptions.patch | 80 -----
.../setools-Fix-output-to-match-policy-lines.patch | 36 ---
...-Fix-python-setools-Makefile.am-for-cross.patch | 33 ---
...-sepol-calls-to-work-with-latest-libsepol.patch | 36 ---
.../setools-Fix-test-bug-for-unary-operator.patch | 25 --
.../setools/setools-Remove-unused-variables.patch | 279 ------------------
...s-Update-for-2015-02-02-Userspace-release.patch | 114 --------
.../setools/setools/setools-configure-ac.patch | 107 -------
.../setools-configure-with-latest-libsepol.patch | 33 ---
.../setools/setools/setools-cross-ar.patch | 17 --
.../setools-neverallow-rules-all-always-fail.patch | 31 --
...ols-seinfo-should-exit-with-correct-errno.patch | 134 ---------
recipes-security/setools/setools/setools.pam | 4 -
...x-cross-compiling-errors-for-powerpc-mips.patch | 35 +++
.../setools4-fixes-for-cross-compiling.patch | 40 +++
recipes-security/setools/setools_3.3.8.bb | 103 -------
recipes-security/setools/setools_4.1.1.bb | 35 +++
70 files changed, 588 insertions(+), 2222 deletions(-)
delete mode 100644 recipes-security/selinux/checkpolicy/checkpolicy-Do-not-link-against-libfl.patch
delete mode 100644 recipes-security/selinux/checkpolicy_2.6.bb
create mode 100644 recipes-security/selinux/checkpolicy_2.7.bb
rename recipes-security/selinux/{libselinux_2.6.bb => libselinux_2.7.bb} (72%)
delete mode 100644 recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch
delete mode 100644 recipes-security/selinux/libsemanage/0002-libsemanage-add-semanage_str_replace-utility-functio.patch
delete mode 100644 recipes-security/selinux/libsemanage/0003-libsemanage-genhomedircon-drop-ustr-dependency.patch
delete mode 100644 recipes-security/selinux/libsemanage/0004-libsemanage-remove-ustr-library-from-Makefiles-READM.patch
delete mode 100644 recipes-security/selinux/libsemanage/libsemanage-fix-path-len-limit.patch
rename recipes-security/selinux/{libsemanage_2.6.bb => libsemanage_2.7.bb} (50%)
rename recipes-security/selinux/{libsepol_2.6.bb => libsepol_2.7.bb} (49%)
create mode 100644 recipes-security/selinux/mcstrans.inc
rename recipes-security/selinux/{policycoreutils => mcstrans}/0001-mcstrans-fix-the-init-script.patch (74%)
create mode 100644 recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch
create mode 100644 recipes-security/selinux/mcstrans_2.7.bb
delete mode 100644 recipes-security/selinux/policycoreutils/enable-mcstrans.patch
delete mode 100644 recipes-security/selinux/policycoreutils/mcstrans-de-bashify.patch
delete mode 100644 recipes-security/selinux/policycoreutils/policycoreutils-fts_flags-FTS_NOCHDIR.patch
delete mode 100644 recipes-security/selinux/policycoreutils_2.6.bb
create mode 100644 recipes-security/selinux/policycoreutils_2.7.bb
create mode 100644 recipes-security/selinux/restorecond.inc
rename recipes-security/selinux/{policycoreutils => restorecond}/policycoreutils-make-O_CLOEXEC-optional.patch (90%)
create mode 100644 recipes-security/selinux/restorecond_2.7.bb
delete mode 100644 recipes-security/selinux/secilc_2.6.bb
create mode 100644 recipes-security/selinux/secilc_2.7.bb
create mode 100644 recipes-security/selinux/selinux-dbus.inc
create mode 100644 recipes-security/selinux/selinux-dbus_2.7.bb
create mode 100644 recipes-security/selinux/selinux-gui.inc
create mode 100644 recipes-security/selinux/selinux-gui_2.7.bb
create mode 100644 recipes-security/selinux/selinux-python.inc
rename recipes-security/selinux/{policycoreutils/policycoreutils-fix-TypeError-for-seobject.py.patch => selinux-python/fix-TypeError-for-seobject.py.patch} (100%)
rename recipes-security/selinux/{policycoreutils/policycoreutils-fix-sepolicy-install-path.patch => selinux-python/fix-sepolicy-install-path.patch} (100%)
rename recipes-security/selinux/{policycoreutils/policycoreutils-process-ValueError-for-sepolicy-seobject.patch => selinux-python/process-ValueError-for-sepolicy-seobject.patch} (100%)
create mode 100644 recipes-security/selinux/selinux-python_2.7.bb
create mode 100644 recipes-security/selinux/selinux-sandbox.inc
rename recipes-security/selinux/{policycoreutils/policycoreutils-sandbox-de-bashify.patch => selinux-sandbox/sandbox-de-bashify.patch} (79%)
create mode 100644 recipes-security/selinux/selinux-sandbox_2.7.bb
rename recipes-security/selinux/{selinux_20161014.inc => selinux_20170804.inc} (84%)
create mode 100644 recipes-security/selinux/semodule-utils.inc
create mode 100644 recipes-security/selinux/semodule-utils_2.7.bb
delete mode 100644 recipes-security/selinux/sepolgen.inc
delete mode 100644 recipes-security/selinux/sepolgen_2.6.bb
delete mode 100644 recipes-security/selinux/sepolgen_git.bb
delete mode 100644 recipes-security/setools/setools/setools-Don-t-check-selinux-policies-if-disabled.patch
delete mode 100644 recipes-security/setools/setools/setools-Fix-man-pages-and-getoptions.patch
delete mode 100644 recipes-security/setools/setools/setools-Fix-output-to-match-policy-lines.patch
delete mode 100644 recipes-security/setools/setools/setools-Fix-python-setools-Makefile.am-for-cross.patch
delete mode 100644 recipes-security/setools/setools/setools-Fix-sepol-calls-to-work-with-latest-libsepol.patch
delete mode 100644 recipes-security/setools/setools/setools-Fix-test-bug-for-unary-operator.patch
delete mode 100644 recipes-security/setools/setools/setools-Remove-unused-variables.patch
delete mode 100644 recipes-security/setools/setools/setools-Update-for-2015-02-02-Userspace-release.patch
delete mode 100644 recipes-security/setools/setools/setools-configure-ac.patch
delete mode 100644 recipes-security/setools/setools/setools-configure-with-latest-libsepol.patch
delete mode 100644 recipes-security/setools/setools/setools-cross-ar.patch
delete mode 100644 recipes-security/setools/setools/setools-neverallow-rules-all-always-fail.patch
delete mode 100644 recipes-security/setools/setools/setools-seinfo-should-exit-with-correct-errno.patch
delete mode 100644 recipes-security/setools/setools/setools.pam
create mode 100644 recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
create mode 100644 recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch
delete mode 100644 recipes-security/setools/setools_3.3.8.bb
create mode 100644 recipes-security/setools/setools_4.1.1.bb
--
2.13.0
^ permalink raw reply [flat|nested] 21+ messages in thread
* [PATCH 01/20] selinux: uprev include file to 20170804
2017-09-13 2:42 [PATCH 00/20 V2] selinux: uprev to 2.7 (20170804) wenzong.fan
@ 2017-09-13 2:42 ` wenzong.fan
2017-09-13 2:42 ` [PATCH 02/20] libsepol: uprev to 2.7 (20170804) wenzong.fan
` (18 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: wenzong.fan @ 2017-09-13 2:42 UTC (permalink / raw)
To: yocto, mark.hatle, Joe_MacDonald
From: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
recipes-security/selinux/{selinux_20161014.inc => selinux_20170804.inc} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename recipes-security/selinux/{selinux_20161014.inc => selinux_20170804.inc} (84%)
diff --git a/recipes-security/selinux/selinux_20161014.inc b/recipes-security/selinux/selinux_20170804.inc
similarity index 84%
rename from recipes-security/selinux/selinux_20161014.inc
rename to recipes-security/selinux/selinux_20170804.inc
index c97e35b..1c11208 100644
--- a/recipes-security/selinux/selinux_20161014.inc
+++ b/recipes-security/selinux/selinux_20170804.inc
@@ -1,4 +1,4 @@
-SELINUX_RELEASE = "20161014"
+SELINUX_RELEASE = "20170804"
SRC_URI = "https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${SELINUX_RELEASE}/${BPN}-${PV}.tar.gz"
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 02/20] libsepol: uprev to 2.7 (20170804)
2017-09-13 2:42 [PATCH 00/20 V2] selinux: uprev to 2.7 (20170804) wenzong.fan
2017-09-13 2:42 ` [PATCH 01/20] selinux: uprev include file to 20170804 wenzong.fan
@ 2017-09-13 2:42 ` wenzong.fan
2017-09-13 2:42 ` [PATCH 03/20] libselinux: " wenzong.fan
` (17 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: wenzong.fan @ 2017-09-13 2:42 UTC (permalink / raw)
To: yocto, mark.hatle, Joe_MacDonald
From: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
recipes-security/selinux/{libsepol_2.6.bb => libsepol_2.7.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename recipes-security/selinux/{libsepol_2.6.bb => libsepol_2.7.bb} (49%)
diff --git a/recipes-security/selinux/libsepol_2.6.bb b/recipes-security/selinux/libsepol_2.7.bb
similarity index 49%
rename from recipes-security/selinux/libsepol_2.6.bb
rename to recipes-security/selinux/libsepol_2.7.bb
index e593fe9..f38f7ba 100644
--- a/recipes-security/selinux/libsepol_2.6.bb
+++ b/recipes-security/selinux/libsepol_2.7.bb
@@ -1,9 +1,9 @@
-include selinux_20161014.inc
+include selinux_20170804.inc
include ${BPN}.inc
LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
-SRC_URI[md5sum] = "dc1dfd31aea4c6e4b521f3aa2bddf7de"
-SRC_URI[sha256sum] = "d856d6506054f52abeaa3543ea2f2344595a3dc05d0d873ed7f724f7a16b1874"
+SRC_URI[md5sum] = "9424b93fd6efd853b9360f29265c5aa3"
+SRC_URI[sha256sum] = "d69d3bd8ec901a3bd5adf2be2fb47fb1a685ed73066ab482e7e505371a48f9e7"
SRC_URI += "file://0001-src-Makefile-fix-includedir-in-libsepol.pc.patch"
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 03/20] libselinux: uprev to 2.7 (20170804)
2017-09-13 2:42 [PATCH 00/20 V2] selinux: uprev to 2.7 (20170804) wenzong.fan
2017-09-13 2:42 ` [PATCH 01/20] selinux: uprev include file to 20170804 wenzong.fan
2017-09-13 2:42 ` [PATCH 02/20] libsepol: uprev to 2.7 (20170804) wenzong.fan
@ 2017-09-13 2:42 ` wenzong.fan
2017-09-13 2:42 ` [PATCH 04/20] libsemanage: " wenzong.fan
` (16 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: wenzong.fan @ 2017-09-13 2:42 UTC (permalink / raw)
To: yocto, mark.hatle, Joe_MacDonald
From: Wenzong Fan <wenzong.fan@windriver.com>
Specify LIBSEPOLA to fix build error:
make[1]: *** No rule to make target `/usr/lib/libsepol.a',
needed by `python-2.7audit2why.so'. Stop.
Add python-importlib to RDEPENDS_${PN}-python.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
recipes-security/selinux/libselinux.inc | 3 ++-
recipes-security/selinux/{libselinux_2.6.bb => libselinux_2.7.bb} | 6 +++---
2 files changed, 5 insertions(+), 4 deletions(-)
rename recipes-security/selinux/{libselinux_2.6.bb => libselinux_2.7.bb} (72%)
diff --git a/recipes-security/selinux/libselinux.inc b/recipes-security/selinux/libselinux.inc
index ad00d10..bd5ce8d 100644
--- a/recipes-security/selinux/libselinux.inc
+++ b/recipes-security/selinux/libselinux.inc
@@ -8,6 +8,7 @@ LICENSE = "PD"
inherit lib_package pythonnative
DEPENDS += "libsepol python libpcre swig-native"
+RDEPENDS_${PN}-python += "python-importlib"
PACKAGES += "${PN}-python"
FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*"
@@ -21,7 +22,7 @@ def get_policyconfigarch(d):
return "ARCH=%s" % (target)
EXTRA_OEMAKE += "${@get_policyconfigarch(d)}"
-EXTRA_OEMAKE += "LDFLAGS='${LDFLAGS} -lpcre'"
+EXTRA_OEMAKE += "LDFLAGS='${LDFLAGS} -lpcre' LIBSEPOLA='${STAGING_LIBDIR}/libsepol.a'"
do_compile_append() {
oe_runmake pywrap -j1 \
diff --git a/recipes-security/selinux/libselinux_2.6.bb b/recipes-security/selinux/libselinux_2.7.bb
similarity index 72%
rename from recipes-security/selinux/libselinux_2.6.bb
rename to recipes-security/selinux/libselinux_2.7.bb
index b9ad231..e0d01fc 100644
--- a/recipes-security/selinux/libselinux_2.6.bb
+++ b/recipes-security/selinux/libselinux_2.7.bb
@@ -1,10 +1,10 @@
-include selinux_20161014.inc
+include selinux_20170804.inc
include ${BPN}.inc
LIC_FILES_CHKSUM = "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
-SRC_URI[md5sum] = "0e066ba6d6e590ba4b53eed64905d901"
-SRC_URI[sha256sum] = "4ea2dde50665c202253ba5caac7738370ea0337c47b251ba981c60d24e1a118a"
+SRC_URI[md5sum] = "1d48ee4e9fadd76794d70c806b69ba7d"
+SRC_URI[sha256sum] = "d0fec0769b3ad60aa7baf9b9a4b7a056827769dc2dadda0dc0eb59b3d1c18c57"
SRC_URI += "\
file://libselinux-drop-Wno-unused-but-set-variable.patch \
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 04/20] libsemanage: uprev to 2.7 (20170804)
2017-09-13 2:42 [PATCH 00/20 V2] selinux: uprev to 2.7 (20170804) wenzong.fan
` (2 preceding siblings ...)
2017-09-13 2:42 ` [PATCH 03/20] libselinux: " wenzong.fan
@ 2017-09-13 2:42 ` wenzong.fan
2017-09-13 2:42 ` [PATCH 05/20] checkpolicy: " wenzong.fan
` (15 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: wenzong.fan @ 2017-09-13 2:42 UTC (permalink / raw)
To: yocto, mark.hatle, Joe_MacDonald
From: Wenzong Fan <wenzong.fan@windriver.com>
Remove patches that included by new version:
- 0001-libsemanage-simplify-string-utilities-functions.patch
- 0002-libsemanage-add-semanage_str_replace-utility-functio.patch
- 0003-libsemanage-genhomedircon-drop-ustr-dependency.patch
- 0004-libsemanage-remove-ustr-library-from-Makefiles-READM.patch
- libsemanage-fix-path-len-limit.patch
Rebase patch:
- libsemanage-allow-to-disable-audit-support.patch
Set PYCEXT and PYSITEDIR to generate the _semanage.so and install it
to ${libdir}/python${PYTHON_BASEVERSION}/site-packages.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
recipes-security/selinux/libsemanage.inc | 2 +
...anage-simplify-string-utilities-functions.patch | 115 --------
...-add-semanage_str_replace-utility-functio.patch | 164 -----------
...manage-genhomedircon-drop-ustr-dependency.patch | 323 ---------------------
...-remove-ustr-library-from-Makefiles-READM.patch | 61 ----
...ibsemanage-allow-to-disable-audit-support.patch | 68 +++--
.../libsemanage-fix-path-len-limit.patch | 28 --
.../{libsemanage_2.6.bb => libsemanage_2.7.bb} | 11 +-
8 files changed, 42 insertions(+), 730 deletions(-)
delete mode 100644 recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch
delete mode 100644 recipes-security/selinux/libsemanage/0002-libsemanage-add-semanage_str_replace-utility-functio.patch
delete mode 100644 recipes-security/selinux/libsemanage/0003-libsemanage-genhomedircon-drop-ustr-dependency.patch
delete mode 100644 recipes-security/selinux/libsemanage/0004-libsemanage-remove-ustr-library-from-Makefiles-READM.patch
delete mode 100644 recipes-security/selinux/libsemanage/libsemanage-fix-path-len-limit.patch
rename recipes-security/selinux/{libsemanage_2.6.bb => libsemanage_2.7.bb} (50%)
diff --git a/recipes-security/selinux/libsemanage.inc b/recipes-security/selinux/libsemanage.inc
index 504101d..9b238c8 100644
--- a/recipes-security/selinux/libsemanage.inc
+++ b/recipes-security/selinux/libsemanage.inc
@@ -40,6 +40,8 @@ do_install() {
oe_runmake install-pywrap swigify \
DESTDIR=${D} \
+ PYCEXT='.so' \
+ PYSITEDIR='${D}${libdir}/python${PYTHON_BASEVERSION}/site-packages' \
PYLIBVER='python${PYTHON_BASEVERSION}' \
PYLIBDIR='${D}/${libdir}/$(PYLIBVER)'
diff --git a/recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch b/recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch
deleted file mode 100644
index fd478d0..0000000
--- a/recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-From 514a5df959ea0e13db4e87f73c2ac5edcceebd52 Mon Sep 17 00:00:00 2001
-From: Nicolas Iooss <nicolas.iooss@m4x.org>
-Date: Wed, 21 Dec 2016 19:21:01 +0100
-Subject: [PATCH 1/4] libsemanage: simplify string utilities functions
-
-Use string functions from C standard library instead of ustr. This makes
-the code simpler and make utilities.c no longer depend on ustr library.
-
-This changes how semanage_split() behaves when delim is not empty (NULL
-or "") and the input string contains several successive delimiters:
-semanage_split("foo::::bar", ":") returned "bar" and now returns ":bar".
-This would not have any impact in the current code as semanage_split()
-is only called with delim="=" (through semanage_findval(), in
-libsemanage/src/genhomedircon.c), in order to split a "key=value"
-statement.
-
-Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
-(cherry picked from commit a228bb3736c5957d41ad9e01eb1283fc6883a6e5)
----
- libsemanage/src/utilities.c | 59 ++++++++++-----------------------------------
- 1 file changed, 13 insertions(+), 46 deletions(-)
-
-diff --git a/libsemanage/src/utilities.c b/libsemanage/src/utilities.c
-index f48ffa4..fa86cc7 100644
---- a/libsemanage/src/utilities.c
-+++ b/libsemanage/src/utilities.c
-@@ -26,7 +26,6 @@
- #include <string.h>
- #include <sys/types.h>
- #include <assert.h>
--#include <ustr.h>
-
- #define TRUE 1
- #define FALSE 0
-@@ -74,64 +73,32 @@ char *semanage_split_on_space(const char *str)
- {
- /* as per the man page, these are the isspace() chars */
- const char *seps = "\f\n\r\t\v ";
-- size_t slen = strlen(seps);
-- size_t off = 0, rside_len = 0;
-- char *retval = NULL;
-- Ustr *ustr = USTR_NULL, *temp = USTR_NULL;
-+ size_t off = 0;
-
- if (!str)
-- goto done;
-- if (!(ustr = ustr_dup_cstr(str)))
-- goto done;
-- temp =
-- ustr_split_spn_chrs(ustr, &off, seps, slen, USTR_NULL,
-- USTR_FLAG_SPLIT_DEF);
-- if (!temp)
-- goto done;
-- /* throw away the left hand side */
-- ustr_sc_free(&temp);
--
-- rside_len = ustr_len(ustr) - off;
-- temp = ustr_dup_subustr(ustr, off + 1, rside_len);
-- if (!temp)
-- goto done;
-- retval = strdup(ustr_cstr(temp));
-- ustr_sc_free(&temp);
-+ return NULL;
-
-- done:
-- ustr_sc_free(&ustr);
-- return retval;
-+ /* skip one token and the spaces before and after it */
-+ off = strspn(str, seps);
-+ off += strcspn(str + off, seps);
-+ off += strspn(str + off, seps);
-+ return strdup(str + off);
- }
-
- char *semanage_split(const char *str, const char *delim)
- {
-- Ustr *ustr = USTR_NULL, *temp = USTR_NULL;
-- size_t off = 0, rside_len = 0;
-- char *retval = NULL;
-+ char *retval;
-
- if (!str)
-- goto done;
-+ return NULL;
- if (!delim || !(*delim))
- return semanage_split_on_space(str);
-- ustr = ustr_dup_cstr(str);
-- temp =
-- ustr_split_cstr(ustr, &off, delim, USTR_NULL, USTR_FLAG_SPLIT_DEF);
-- if (!temp)
-- goto done;
-- /* throw away the left hand side */
-- ustr_sc_free(&temp);
--
-- rside_len = ustr_len(ustr) - off;
-
-- temp = ustr_dup_subustr(ustr, off + 1, rside_len);
-- if (!temp)
-- goto done;
-- retval = strdup(ustr_cstr(temp));
-- ustr_sc_free(&temp);
-+ retval = strstr(str, delim);
-+ if (retval == NULL)
-+ return NULL;
-
-- done:
-- ustr_sc_free(&ustr);
-- return retval;
-+ return strdup(retval + strlen(delim));
- }
-
- int semanage_list_push(semanage_list_t ** list, const char *data)
---
-2.10.2
-
diff --git a/recipes-security/selinux/libsemanage/0002-libsemanage-add-semanage_str_replace-utility-functio.patch b/recipes-security/selinux/libsemanage/0002-libsemanage-add-semanage_str_replace-utility-functio.patch
deleted file mode 100644
index ed32785..0000000
--- a/recipes-security/selinux/libsemanage/0002-libsemanage-add-semanage_str_replace-utility-functio.patch
+++ /dev/null
@@ -1,164 +0,0 @@
-From de8b13baf3773b41367f265e7dd06c013816ba0a Mon Sep 17 00:00:00 2001
-From: Nicolas Iooss <nicolas.iooss@m4x.org>
-Date: Wed, 21 Dec 2016 19:21:02 +0100
-Subject: [PATCH 2/4] libsemanage: add semanage_str_replace() utility function
-
-This function will be used in the next commit.
-
-Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
-(cherry picked from commit 57a3b1b4b0a50a1d14f825d2933339063ced4fec)
----
- libsemanage/src/utilities.c | 55 ++++++++++++++++++++++++++++++++++++++
- libsemanage/src/utilities.h | 10 +++++++
- libsemanage/tests/test_utilities.c | 34 +++++++++++++++++++++++
- 3 files changed, 99 insertions(+)
-
-diff --git a/libsemanage/src/utilities.c b/libsemanage/src/utilities.c
-index fa86cc7..0d50d99 100644
---- a/libsemanage/src/utilities.c
-+++ b/libsemanage/src/utilities.c
-@@ -230,6 +230,61 @@ void semanage_rtrim(char *str, char trim_to)
- }
- }
-
-+char *semanage_str_replace(const char *search, const char *replace,
-+ const char *src, size_t lim)
-+{
-+ size_t count = 0, slen, rlen, newsize;
-+ char *p, *pres, *result;
-+ const char *psrc;
-+
-+ slen = strlen(search);
-+ rlen = strlen(replace);
-+
-+ /* Do not support empty search strings */
-+ if (slen == 0)
-+ return NULL;
-+
-+ /* Count the occurences of search in src and compute the new size */
-+ for (p = strstr(src, search); p != NULL; p = strstr(p + slen, search)) {
-+ count++;
-+ if (lim && count >= lim)
-+ break;
-+ }
-+ if (!count)
-+ return strdup(src);
-+
-+ /* Allocate the result string */
-+ newsize = strlen(src) + 1 + count * (rlen - slen);
-+ result = malloc(newsize);
-+ if (!result)
-+ return NULL;
-+
-+ /* Fill the result */
-+ psrc = src;
-+ pres = result;
-+ for (p = strstr(src, search); p != NULL; p = strstr(psrc, search)) {
-+ /* Copy the part which has not been modified */
-+ if (p != psrc) {
-+ size_t length = (size_t)(p - psrc);
-+ memcpy(pres, psrc, length);
-+ pres += length;
-+ }
-+ /* Copy the replacement part */
-+ if (rlen != 0) {
-+ memcpy(pres, replace, rlen);
-+ pres += rlen;
-+ }
-+ psrc = p + slen;
-+ count--;
-+ if (!count)
-+ break;
-+ }
-+ /* Copy the last part, after doing a sanity check */
-+ assert(pres + strlen(psrc) + 1 == result + newsize);
-+ strcpy(pres, psrc);
-+ return result;
-+}
-+
- /* list_addafter_controlmem does *NOT* duplicate the data argument
- * use at your own risk, I am building a list out of malloc'd memory and
- * it is only going to get stored into this list, thus when I destroy it
-diff --git a/libsemanage/src/utilities.h b/libsemanage/src/utilities.h
-index 5fa15ef..f2ff31f 100644
---- a/libsemanage/src/utilities.h
-+++ b/libsemanage/src/utilities.h
-@@ -116,6 +116,16 @@ int semanage_str_count(char *data, char what);
- void semanage_rtrim(char *str, char trim_to);
-
- /**
-+ * @param value being searched for
-+ * @param replacement value that replaces found search values
-+ * @param string being searched and replaced on
-+ * @param maximum number of value occurences (zero for unlimited)
-+ * @return newly-allocated string with the replaced values
-+ */
-+char *semanage_str_replace(const char *search, const char *replace,
-+ const char *src, size_t lim);
-+
-+/**
- * @param data some string
- * @return modifies the string such that the first whitespace char becomes
- * '\0', ending the string.
-diff --git a/libsemanage/tests/test_utilities.c b/libsemanage/tests/test_utilities.c
-index 32cc33c..cdfed0c 100644
---- a/libsemanage/tests/test_utilities.c
-+++ b/libsemanage/tests/test_utilities.c
-@@ -40,6 +40,7 @@ void test_semanage_split(void);
- void test_semanage_list(void);
- void test_semanage_str_count(void);
- void test_semanage_rtrim(void);
-+void test_semanage_str_replace(void);
- void test_semanage_findval(void);
- void test_slurp_file_filter(void);
-
-@@ -101,6 +102,10 @@ int semanage_utilities_add_tests(CU_pSuite suite)
- if (NULL == CU_add_test(suite, "semanage_rtrim", test_semanage_rtrim)) {
- goto err;
- }
-+ if (NULL == CU_add_test(suite, "semanage_str_replace",
-+ test_semanage_str_replace)) {
-+ goto err;
-+ }
- if (NULL == CU_add_test(suite, "semanage_findval",
- test_semanage_findval)) {
- goto err;
-@@ -244,6 +249,35 @@ void test_semanage_rtrim(void)
- CU_ASSERT_STRING_EQUAL(str, "/blah/foo/bar");
- }
-
-+void test_semanage_str_replace(void)
-+{
-+ const char *test_str = "Hello, I am %{USERNAME} and my id is %{USERID}";
-+ char *str1, *str2;
-+
-+ str1 = semanage_str_replace("%{USERNAME}", "root", test_str, 0);
-+ CU_ASSERT_STRING_EQUAL(str1, "Hello, I am root and my id is %{USERID}");
-+
-+ str2 = semanage_str_replace("%{USERID}", "0", str1, 1);
-+ CU_ASSERT_STRING_EQUAL(str2, "Hello, I am root and my id is 0");
-+ free(str1);
-+ free(str2);
-+
-+ str1 = semanage_str_replace(":(", ";)", "Test :( :) ! :(:(:))(:(", 0);
-+ CU_ASSERT_STRING_EQUAL(str1, "Test ;) :) ! ;);):))(;)");
-+ free(str1);
-+
-+ str1 = semanage_str_replace(":(", ";)", "Test :( :) ! :(:(:))(:(", 3);
-+ CU_ASSERT_STRING_EQUAL(str1, "Test ;) :) ! ;);):))(:(");
-+ free(str1);
-+
-+ str1 = semanage_str_replace("", "empty search string", "test", 0);
-+ CU_ASSERT_EQUAL(str1, NULL);
-+
-+ str1 = semanage_str_replace("a", "", "abracadabra", 0);
-+ CU_ASSERT_STRING_EQUAL(str1, "brcdbr");
-+ free(str1);
-+}
-+
- void test_semanage_findval(void)
- {
- char *tok;
---
-2.10.2
-
diff --git a/recipes-security/selinux/libsemanage/0003-libsemanage-genhomedircon-drop-ustr-dependency.patch b/recipes-security/selinux/libsemanage/0003-libsemanage-genhomedircon-drop-ustr-dependency.patch
deleted file mode 100644
index fde2349..0000000
--- a/recipes-security/selinux/libsemanage/0003-libsemanage-genhomedircon-drop-ustr-dependency.patch
+++ /dev/null
@@ -1,323 +0,0 @@
-From e8dd31df2268013afb1e8dbe5e617b9c4e9e388e Mon Sep 17 00:00:00 2001
-From: Nicolas Iooss <nicolas.iooss@m4x.org>
-Date: Wed, 21 Dec 2016 19:21:03 +0100
-Subject: [PATCH 3/4] libsemanage: genhomedircon: drop ustr dependency
-
-ustr library uses old (pre-C99) "extern inline" semantic. This makes it
-incompatible with recent versions of gcc and clang, which default to
-C99 standard. Distributions have shipped patched versions of this
-library to fix issues (e.g. Gentoo package uses this patch:
-https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/ustr/files/ustr-1.0.4-gcc_5-check.patch?id=7dea6f8820f36bf389e6315044bea7507553bed0
-) but there is no upstream solution to make ustr compatible with C99
-standard.
-
-The git tree of ustr (http://www.and.org/ustr/ustr.git) has not been
-updated since 2008 and the developer of this project did not reply to
-emails.
-
-Therefore update genhomedircon implementation in order to no longer
-rely on ustr library.
-
-Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
-(cherry picked from commit 300b8ad4235688171f2a91e7aeb14d0ee3561c13)
----
- libsemanage/src/genhomedircon.c | 154 ++++++++++++++++++++--------------------
- 1 file changed, 77 insertions(+), 77 deletions(-)
-
-diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
-index 6991fff..0f84aa3 100644
---- a/libsemanage/src/genhomedircon.c
-+++ b/libsemanage/src/genhomedircon.c
-@@ -34,9 +34,9 @@
-
- #include "utilities.h"
- #include "genhomedircon.h"
--#include <ustr.h>
-
- #include <assert.h>
-+#include <ctype.h>
- #include <limits.h>
- #include <stdio.h>
- #include <stdlib.h>
-@@ -239,46 +239,39 @@ static int fcontext_matches(const semanage_fcontext_t *fcontext, void *varg)
- {
- const char *oexpr = semanage_fcontext_get_expr(fcontext);
- fc_match_handle_t *handp = varg;
-- struct Ustr *expr;
-+ char *expr = NULL;
- regex_t re;
- int type, retval = -1;
-+ size_t len;
-
- /* Only match ALL or DIR */
- type = semanage_fcontext_get_type(fcontext);
- if (type != SEMANAGE_FCONTEXT_ALL && type != SEMANAGE_FCONTEXT_ALL)
- return 0;
-
-- /* Convert oexpr into a Ustr and anchor it at the beginning */
-- expr = ustr_dup_cstr("^");
-- if (expr == USTR_NULL)
-- goto done;
-- if (!ustr_add_cstr(&expr, oexpr))
-- goto done;
--
-- /* Strip off trailing ".+" or ".*" */
-- if (ustr_cmp_suffix_cstr_eq(expr, ".+") ||
-- ustr_cmp_suffix_cstr_eq(expr, ".*")) {
-- if (!ustr_del(&expr, 2))
-- goto done;
-- }
--
-- /* Strip off trailing "(/.*)?" */
-- if (ustr_cmp_suffix_cstr_eq(expr, "(/.*)?")) {
-- if (!ustr_del(&expr, 6))
-- goto done;
-- }
--
-- if (ustr_cmp_suffix_cstr_eq(expr, "/")) {
-- if (!ustr_del(&expr, 1))
-- goto done;
-- }
--
-- /* Append pattern to eat up trailing slashes */
-- if (!ustr_add_cstr(&expr, "/*$"))
-- goto done;
-+ len = strlen(oexpr);
-+ /* Define a macro to strip a literal string from the end of oexpr */
-+#define rstrip_oexpr_len(cstr, cstrlen) \
-+ do { \
-+ if (len >= (cstrlen) && !strncmp(oexpr + len - (cstrlen), (cstr), (cstrlen))) \
-+ len -= (cstrlen); \
-+ } while (0)
-+#define rstrip_oexpr(cstr) rstrip_oexpr_len(cstr, sizeof(cstr) - 1)
-+
-+ rstrip_oexpr(".+");
-+ rstrip_oexpr(".*");
-+ rstrip_oexpr("(/.*)?");
-+ rstrip_oexpr("/");
-+
-+#undef rstrip_oexpr_len
-+#undef rstrip_oexpr
-+
-+ /* Anchor oexpr at the beginning and append pattern to eat up trailing slashes */
-+ if (asprintf(&expr, "^%.*s/*$", (int)len, oexpr) < 0)
-+ return -1;
-
- /* Check dir against expr */
-- if (regcomp(&re, ustr_cstr(expr), REG_EXTENDED) != 0)
-+ if (regcomp(&re, expr, REG_EXTENDED) != 0)
- goto done;
- if (regexec(&re, handp->dir, 0, NULL, 0) == 0)
- handp->matched = 1;
-@@ -287,7 +280,7 @@ static int fcontext_matches(const semanage_fcontext_t *fcontext, void *varg)
- retval = 0;
-
- done:
-- ustr_free(expr);
-+ free(expr);
-
- return retval;
- }
-@@ -523,44 +516,50 @@ static semanage_list_t *make_template(genhomedircon_settings_t * s,
- return template_data;
- }
-
--static Ustr *replace_all(const char *str, const replacement_pair_t * repl)
-+static char *replace_all(const char *str, const replacement_pair_t * repl)
- {
-- Ustr *retval = USTR_NULL;
-+ char *retval, *retval2;
- int i;
-
- if (!str || !repl)
-- goto done;
-- if (!(retval = ustr_dup_cstr(str)))
-- goto done;
-+ return NULL;
-
-- for (i = 0; repl[i].search_for; i++) {
-- ustr_replace_cstr(&retval, repl[i].search_for,
-- repl[i].replace_with, 0);
-+ retval = strdup(str);
-+ for (i = 0; retval != NULL && repl[i].search_for; i++) {
-+ retval2 = semanage_str_replace(repl[i].search_for,
-+ repl[i].replace_with, retval, 0);
-+ free(retval);
-+ retval = retval2;
- }
-- if (ustr_enomem(retval))
-- ustr_sc_free(&retval);
--
-- done:
- return retval;
- }
-
--static const char * extract_context(Ustr *line)
-+static const char *extract_context(const char *line)
- {
-- const char whitespace[] = " \t\n";
-- size_t off, len;
--
-- /* check for trailing whitespace */
-- off = ustr_spn_chrs_rev(line, 0, whitespace, strlen(whitespace));
--
-- /* find the length of the last field in line */
-- len = ustr_cspn_chrs_rev(line, off, whitespace, strlen(whitespace));
--
-- if (len == 0)
-+ const char *p = line;
-+ size_t off;
-+
-+ off = strlen(p);
-+ p += off;
-+ /* consider trailing whitespaces */
-+ while (off > 0) {
-+ p--;
-+ off--;
-+ if (!isspace(*p))
-+ break;
-+ }
-+ if (off == 0)
- return NULL;
-- return ustr_cstr(line) + ustr_len(line) - (len + off);
-+
-+ /* find the last field in line */
-+ while (off > 0 && !isspace(*(p - 1))) {
-+ p--;
-+ off--;
-+ }
-+ return p;
- }
-
--static int check_line(genhomedircon_settings_t * s, Ustr *line)
-+static int check_line(genhomedircon_settings_t * s, const char *line)
- {
- sepol_context_t *ctx_record = NULL;
- const char *ctx_str;
-@@ -584,22 +583,22 @@ static int write_replacements(genhomedircon_settings_t * s, FILE * out,
- const semanage_list_t * tpl,
- const replacement_pair_t *repl)
- {
-- Ustr *line = USTR_NULL;
-+ char *line;
-
- for (; tpl; tpl = tpl->next) {
- line = replace_all(tpl->data, repl);
- if (!line)
- goto fail;
- if (check_line(s, line) == STATUS_SUCCESS) {
-- if (!ustr_io_putfileline(&line, out))
-+ if (fprintf(out, "%s\n", line) < 0)
- goto fail;
- }
-- ustr_sc_free(&line);
-+ free(line);
- }
- return STATUS_SUCCESS;
-
- fail:
-- ustr_sc_free(&line);
-+ free(line);
- return STATUS_ERR;
- }
-
-@@ -607,7 +606,7 @@ static int write_contexts(genhomedircon_settings_t *s, FILE *out,
- semanage_list_t *tpl, const replacement_pair_t *repl,
- const genhomedircon_user_entry_t *user)
- {
-- Ustr *line = USTR_NULL;
-+ char *line, *temp;
- sepol_context_t *context = NULL;
- char *new_context_str = NULL;
-
-@@ -624,10 +623,10 @@ static int write_contexts(genhomedircon_settings_t *s, FILE *out,
-
- if (strcmp(old_context_str, CONTEXT_NONE) == 0) {
- if (check_line(s, line) == STATUS_SUCCESS &&
-- !ustr_io_putfileline(&line, out)) {
-+ fprintf(out, "%s\n", line) < 0) {
- goto fail;
- }
--
-+ free(line);
- continue;
- }
-
-@@ -653,25 +652,27 @@ static int write_contexts(genhomedircon_settings_t *s, FILE *out,
- goto fail;
- }
-
-- if (!ustr_replace_cstr(&line, old_context_str,
-- new_context_str, 1)) {
-+ temp = semanage_str_replace(old_context_str, new_context_str,
-+ line, 1);
-+ if (!temp) {
- goto fail;
- }
-+ free(line);
-+ line = temp;
-
- if (check_line(s, line) == STATUS_SUCCESS) {
-- if (!ustr_io_putfileline(&line, out)) {
-+ if (fprintf(out, "%s\n", line) < 0)
- goto fail;
-- }
- }
-
-- ustr_sc_free(&line);
-+ free(line);
- sepol_context_free(context);
- free(new_context_str);
- }
-
- return STATUS_SUCCESS;
- fail:
-- ustr_sc_free(&line);
-+ free(line);
- sepol_context_free(context);
- free(new_context_str);
- return STATUS_ERR;
-@@ -1284,20 +1285,19 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out)
- }
-
- for (h = homedirs; h; h = h->next) {
-- Ustr *temp = ustr_dup_cstr(h->data);
-+ char *temp = NULL;
-
-- if (!temp || !ustr_add_cstr(&temp, "/" FALLBACK_NAME)) {
-- ustr_sc_free(&temp);
-+ if (asprintf(&temp, "%s/%s", h->data, FALLBACK_NAME) < 0) {
- retval = STATUS_ERR;
- goto done;
- }
-
- free(s->fallback->home);
-- s->fallback->home = (char*) ustr_cstr(temp);
-+ s->fallback->home = temp;
-
- if (write_home_dir_context(s, out, homedir_context_tpl,
- s->fallback) != STATUS_SUCCESS) {
-- ustr_sc_free(&temp);
-+ free(temp);
- s->fallback->home = NULL;
- retval = STATUS_ERR;
- goto done;
-@@ -1305,13 +1305,13 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out)
- if (write_home_root_context(s, out,
- homeroot_context_tpl,
- h->data) != STATUS_SUCCESS) {
-- ustr_sc_free(&temp);
-+ free(temp);
- s->fallback->home = NULL;
- retval = STATUS_ERR;
- goto done;
- }
-
-- ustr_sc_free(&temp);
-+ free(temp);
- s->fallback->home = NULL;
- }
- }
---
-2.10.2
-
diff --git a/recipes-security/selinux/libsemanage/0004-libsemanage-remove-ustr-library-from-Makefiles-READM.patch b/recipes-security/selinux/libsemanage/0004-libsemanage-remove-ustr-library-from-Makefiles-READM.patch
deleted file mode 100644
index 1800493..0000000
--- a/recipes-security/selinux/libsemanage/0004-libsemanage-remove-ustr-library-from-Makefiles-READM.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From c7e55daa20f5659799aed47b819ad73e03d11e8f Mon Sep 17 00:00:00 2001
-From: Nicolas Iooss <nicolas.iooss@m4x.org>
-Date: Wed, 21 Dec 2016 19:21:04 +0100
-Subject: [PATCH 4/4] libsemanage: remove ustr library from Makefiles, README
- and pkg-config
-
-This library is no longer used by libsemanage.
-
-Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
-(cherry picked from commit 920ee9ee18024c7714f1121e91854f38fa1eef73)
-
-Tweaked due to conditional audit patch and no README.
----
- README | 2 +-
- libsemanage/src/Makefile | 2 +-
- libsemanage/src/libsemanage.pc.in | 2 +-
- libsemanage/tests/Makefile | 2 +-
- 4 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
-index 68aab72..83daf0f 100644
---- a/libsemanage/src/Makefile
-+++ b/libsemanage/src/Makefile
-@@ -91,7 +91,7 @@ $(LIBA): $(OBJS)
- $(RANLIB) $@
-
- $(LIBSO): $(LOBJS)
-- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol $(LIBAUDIT) -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
-+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol $(LIBAUDIT) -lselinux -lbz2 -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
- ln -sf $@ $(TARGET)
-
- $(LIBPC): $(LIBPC).in ../VERSION
-diff --git a/libsemanage/src/libsemanage.pc.in b/libsemanage/src/libsemanage.pc.in
-index 81e1805..d3eaa06 100644
---- a/libsemanage/src/libsemanage.pc.in
-+++ b/libsemanage/src/libsemanage.pc.in
-@@ -7,7 +7,7 @@ Name: libsemanage
- Description: SELinux management library
- Version: @VERSION@
- URL: http://userspace.selinuxproject.org/
--Requires.private: libselinux libsepol ustr
-+Requires.private: libselinux libsepol
- Libs: -L${libdir} -lsemanage
- Libs.private: -lbz2
- Cflags: -I${includedir}
-diff --git a/libsemanage/tests/Makefile b/libsemanage/tests/Makefile
-index 4b81fed..56285b3 100644
---- a/libsemanage/tests/Makefile
-+++ b/libsemanage/tests/Makefile
-@@ -12,7 +12,7 @@ LIBS = ../src/libsemanage.a ../../libselinux/src/libselinux.a ../../libsepol/src
- LIBAUDIT = -laudit
- endif
-
--LDFLAGS += -lcunit -lustr -lbz2 $(LIBAUDIT)
-+LDFLAGS += -lcunit -lbz2 $(LIBAUDIT)
- OBJECTS = $(SOURCES:.c=.o)
-
- all: $(EXECUTABLE)
---
-2.10.2
-
diff --git a/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
index d727acf..91efe81 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
@@ -7,16 +7,16 @@ Upstream-Status: Pending
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
- src/Makefile | 10 +++++++++-
- src/seusers_local.c | 13 +++++++++++++
- tests/Makefile | 10 +++++++++-
+ src/Makefile | 10 +++++++++-
+ src/seusers_local.c | 13 +++++++++++++
+ tests/Makefile | 10 +++++++++-
3 files changed, 31 insertions(+), 2 deletions(-)
-Index: libsemanage-2.5/src/Makefile
-===================================================================
---- libsemanage-2.5.orig/src/Makefile 2016-02-25 13:20:30.867978414 -0500
-+++ libsemanage-2.5/src/Makefile 2016-02-25 13:20:30.859978414 -0500
-@@ -28,6 +28,14 @@
+diff --git a/src/Makefile b/src/Makefile
+index fdb178f..43e1266 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -29,6 +29,14 @@ ifeq ($(DEBUG),1)
export LDFLAGS = -g
endif
@@ -31,20 +31,20 @@ Index: libsemanage-2.5/src/Makefile
LEX = flex
LFLAGS = -s
YACC = bison
-@@ -92,7 +100,7 @@
+@@ -91,7 +99,7 @@ $(LIBA): $(OBJS)
$(RANLIB) $@
$(LIBSO): $(LOBJS)
-- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
-+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol $(LIBAUDIT) -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
++ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol $(LIBAUDIT) -lselinux -lbz2 -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
ln -sf $@ $(TARGET)
$(LIBPC): $(LIBPC).in ../VERSION
-Index: libsemanage-2.5/src/seusers_local.c
-===================================================================
---- libsemanage-2.5.orig/src/seusers_local.c 2016-02-25 13:20:30.867978414 -0500
-+++ libsemanage-2.5/src/seusers_local.c 2016-02-25 13:20:30.863978414 -0500
-@@ -8,7 +8,11 @@
+diff --git a/src/seusers_local.c b/src/seusers_local.c
+index 42c3a8b..9ee31e2 100644
+--- a/src/seusers_local.c
++++ b/src/seusers_local.c
+@@ -8,7 +8,11 @@ typedef struct semanage_seuser record_t;
#include <sepol/policydb.h>
#include <sepol/context.h>
@@ -56,7 +56,7 @@ Index: libsemanage-2.5/src/seusers_local.c
#include <errno.h>
#include "user_internal.h"
#include "seuser_internal.h"
-@@ -51,6 +55,7 @@
+@@ -51,6 +55,7 @@ static char *semanage_user_roles(semanage_handle_t * handle, const char *sename)
return roles;
}
@@ -64,7 +64,7 @@ Index: libsemanage-2.5/src/seusers_local.c
static int semanage_seuser_audit(semanage_handle_t * handle,
const semanage_seuser_t * seuser,
const semanage_seuser_t * previous,
-@@ -114,6 +119,7 @@
+@@ -114,6 +119,7 @@ err:
free(proles);
return rc;
}
@@ -72,7 +72,7 @@ Index: libsemanage-2.5/src/seusers_local.c
int semanage_seuser_modify_local(semanage_handle_t * handle,
const semanage_seuser_key_t * key,
-@@ -158,8 +164,11 @@
+@@ -158,8 +164,11 @@ int semanage_seuser_modify_local(semanage_handle_t * handle,
(void) semanage_seuser_query(handle, key, &previous);
handle->msg_callback = callback;
rc = dbase_modify(handle, dconfig, key, new);
@@ -84,7 +84,7 @@ Index: libsemanage-2.5/src/seusers_local.c
err:
if (previous)
semanage_seuser_free(previous);
-@@ -175,8 +184,12 @@
+@@ -175,8 +184,12 @@ int semanage_seuser_del_local(semanage_handle_t * handle,
dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
rc = dbase_del(handle, dconfig, key);
semanage_seuser_query(handle, key, &seuser);
@@ -97,15 +97,14 @@ Index: libsemanage-2.5/src/seusers_local.c
if (seuser)
semanage_seuser_free(seuser);
return rc;
-Index: libsemanage-2.5/tests/Makefile
-===================================================================
---- libsemanage-2.5.orig/tests/Makefile 2016-02-25 13:20:30.867978414 -0500
-+++ libsemanage-2.5/tests/Makefile 2016-02-25 13:22:05.171978120 -0500
-@@ -13,7 +13,15 @@
- CC = gcc
- CFLAGS += -g -O0 -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter
- INCLUDE = -I$(TESTSRC) -I$(TESTSRC)/../include
--LDFLAGS += -lcunit -lustr -lbz2 -laudit
+diff --git a/tests/Makefile b/tests/Makefile
+index 2ef8d30..50d582a 100644
+--- a/tests/Makefile
++++ b/tests/Makefile
+@@ -6,10 +6,18 @@ SOURCES = $(sort $(wildcard *.c))
+
+ ###########################################################################
+
+DISABLE_AUDIT ?= n
+ifeq ($(DISABLE_AUDIT),y)
+ LIBAUDIT =
@@ -114,7 +113,14 @@ Index: libsemanage-2.5/tests/Makefile
+ LIBAUDIT = -laudit
+endif
+
-+LDFLAGS += -lcunit -lustr -lbz2 $(LIBAUDIT)
+ EXECUTABLE = libsemanage-tests
+ CFLAGS += -g -O0 -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter
+ override CFLAGS += -I../src -I../include
+-override LDLIBS += -lcunit -lbz2 -laudit -lselinux -lsepol
++override LDLIBS += -lcunit -lbz2 $(LIBAUDIT) -lselinux -lsepol
+
OBJECTS = $(SOURCES:.c=.o)
- all: $(EXECUTABLE)
+--
+2.13.0
+
diff --git a/recipes-security/selinux/libsemanage/libsemanage-fix-path-len-limit.patch b/recipes-security/selinux/libsemanage/libsemanage-fix-path-len-limit.patch
deleted file mode 100644
index c98f3fc..0000000
--- a/recipes-security/selinux/libsemanage/libsemanage-fix-path-len-limit.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-Subject: [PATCH] libsemanage: fix path length limit
-
-semanage_remove_directory uses NAME_MAX(255) as the max length of
-file pathes, this will cause failures when the path length>255.
-
-Upstream-Status: pending
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- src/semanage_store.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/semanage_store.c b/src/semanage_store.c
-index 3fd4996..251a2d6 100644
---- a/src/semanage_store.c
-+++ b/src/semanage_store.c
-@@ -580,7 +580,7 @@ int semanage_remove_directory(const char *path)
- return -1;
- }
- for (i = 0; i < num_entries; i++) {
-- char s[NAME_MAX];
-+ char s[PATH_MAX];
- struct stat buf;
- snprintf(s, sizeof(s), "%s/%s", path, namelist[i]->d_name);
- if (stat(s, &buf) == -1) {
---
-1.7.9.5
-
diff --git a/recipes-security/selinux/libsemanage_2.6.bb b/recipes-security/selinux/libsemanage_2.7.bb
similarity index 50%
rename from recipes-security/selinux/libsemanage_2.6.bb
rename to recipes-security/selinux/libsemanage_2.7.bb
index 5e24c9d..d7b5312 100644
--- a/recipes-security/selinux/libsemanage_2.6.bb
+++ b/recipes-security/selinux/libsemanage_2.7.bb
@@ -1,23 +1,18 @@
-include selinux_20161014.inc
+include selinux_20170804.inc
include ${BPN}.inc
LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
-SRC_URI[md5sum] = "666a48c4058c07f2b07ede9eaf210c5f"
-SRC_URI[sha256sum] = "4f81541047290b751f2ffb926fcd381c186f22db18d9fe671b0b4a6a54e8cfce"
+SRC_URI[md5sum] = "a6b5c451fbe45ff9e3e0e65f2db0ae1d"
+SRC_URI[sha256sum] = "07e9477714ce6a4557a1fe924ea4cb06501b62d0fa0e3c0dc32a2cf47cb8d476"
SRC_URI += "\
file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \
- file://libsemanage-fix-path-len-limit.patch \
file://libsemanage-fix-path-nologin.patch \
file://libsemanage-drop-Wno-unused-but-set-variable.patch \
file://libsemanage-define-FD_CLOEXEC-as-necessary.patch;striplevel=2 \
file://libsemanage-allow-to-disable-audit-support.patch \
file://libsemanage-disable-expand-check-on-policy-load.patch \
file://0001-src-Makefile-fix-includedir-in-libselinux.pc.patch \
- file://0001-libsemanage-simplify-string-utilities-functions.patch;striplevel=2 \
- file://0002-libsemanage-add-semanage_str_replace-utility-functio.patch;striplevel=2 \
- file://0003-libsemanage-genhomedircon-drop-ustr-dependency.patch;striplevel=2 \
- file://0004-libsemanage-remove-ustr-library-from-Makefiles-READM.patch;striplevel=2 \
"
FILES_${PN} += "/usr/libexec"
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 05/20] checkpolicy: uprev to 2.7 (20170804)
2017-09-13 2:42 [PATCH 00/20 V2] selinux: uprev to 2.7 (20170804) wenzong.fan
` (3 preceding siblings ...)
2017-09-13 2:42 ` [PATCH 04/20] libsemanage: " wenzong.fan
@ 2017-09-13 2:42 ` wenzong.fan
2017-09-13 2:42 ` [PATCH 06/20] secilc: " wenzong.fan
` (14 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: wenzong.fan @ 2017-09-13 2:42 UTC (permalink / raw)
To: yocto, mark.hatle, Joe_MacDonald
From: Wenzong Fan <wenzong.fan@windriver.com>
Remove patch that included by new version:
- checkpolicy-Do-not-link-against-libfl.patch
Specify LIBSEPOLA to fix build error:
make[1]: *** No rule to make target `/usr/lib/libsepol.a'
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
recipes-security/selinux/checkpolicy.inc | 3 +-
.../checkpolicy-Do-not-link-against-libfl.patch | 46 ----------------------
recipes-security/selinux/checkpolicy_2.6.bb | 7 ----
recipes-security/selinux/checkpolicy_2.7.bb | 7 ++++
4 files changed, 8 insertions(+), 55 deletions(-)
delete mode 100644 recipes-security/selinux/checkpolicy/checkpolicy-Do-not-link-against-libfl.patch
delete mode 100644 recipes-security/selinux/checkpolicy_2.6.bb
create mode 100644 recipes-security/selinux/checkpolicy_2.7.bb
diff --git a/recipes-security/selinux/checkpolicy.inc b/recipes-security/selinux/checkpolicy.inc
index efcd821..878c656 100644
--- a/recipes-security/selinux/checkpolicy.inc
+++ b/recipes-security/selinux/checkpolicy.inc
@@ -11,10 +11,9 @@ LICENSE = "GPLv2+"
DEPENDS += "libsepol bison-native flex-native"
-SRC_URI += "file://checkpolicy-Do-not-link-against-libfl.patch"
-
EXTRA_OEMAKE += "PREFIX=${D}"
EXTRA_OEMAKE += "LEX='flex'"
+EXTRA_OEMAKE += "LIBSEPOLA=${STAGING_LIBDIR}/libsepol.a"
do_install_append() {
install test/dismod ${D}/${bindir}/sedismod
diff --git a/recipes-security/selinux/checkpolicy/checkpolicy-Do-not-link-against-libfl.patch b/recipes-security/selinux/checkpolicy/checkpolicy-Do-not-link-against-libfl.patch
deleted file mode 100644
index e19209e..0000000
--- a/recipes-security/selinux/checkpolicy/checkpolicy-Do-not-link-against-libfl.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-checkpolicy: Don't link against libfl
-
-In policy_scan.l file, we have already removed all references to yywrap by
-adding "%option noyywrap" statements to each flex source file that doesn't
-override yywrap. After this, we no longer need to link against libfl and so
-no longer get errors about undefined references to yylex.
-
-Upstream-status: Pending
-
-Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
-Signed-off-by: Shrikant Bobade <Shrikant_Bobade@mentor.com>¶
-
----
- Makefile | 2 +-
- test/Makefile | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index e5fae3d..14ac70e 100644
---- a/Makefile
-+++ b/Makefile
-@@ -19,7 +19,7 @@ CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o \
- CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
- CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
-
--LDLIBS=$(LIBDIR)/libsepol.a -lfl
-+LDLIBS=$(LIBDIR)/libsepol.a
-
- GENERATED=lex.yy.c y.tab.c y.tab.h
-
-diff --git a/test/Makefile b/test/Makefile
-index 63b4d24..0f19a8a 100644
---- a/test/Makefile
-+++ b/test/Makefile
-@@ -9,7 +9,7 @@ INCLUDEDIR ?= $(PREFIX)/include
- CFLAGS ?= -g -Wall -W -Werror -O2 -pipe
- override CFLAGS += -I$(INCLUDEDIR)
-
--LDLIBS=-lfl $(LIBDIR)/libsepol.a -L$(LIBDIR)
-+LDLIBS=$(LIBDIR)/libsepol.a -L$(LIBDIR)
-
- all: dispol dismod
-
---
-1.7.9.5
-
diff --git a/recipes-security/selinux/checkpolicy_2.6.bb b/recipes-security/selinux/checkpolicy_2.6.bb
deleted file mode 100644
index f67c150..0000000
--- a/recipes-security/selinux/checkpolicy_2.6.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-include selinux_20161014.inc
-include ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "2b581f8fe8eb8f55f111088e15d76c3a"
-SRC_URI[sha256sum] = "0bebd18688ca8027b1b3b4ff1532c0626f1fe49883ae6cb74d9d385940e74157"
diff --git a/recipes-security/selinux/checkpolicy_2.7.bb b/recipes-security/selinux/checkpolicy_2.7.bb
new file mode 100644
index 0000000..90b8109
--- /dev/null
+++ b/recipes-security/selinux/checkpolicy_2.7.bb
@@ -0,0 +1,7 @@
+include selinux_20170804.inc
+include ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "5c718eaad4d3015bd5665ffde77b50fd"
+SRC_URI[sha256sum] = "5413479f1dcde866c19896b4dbfec315d822aa431606e1d03c944408984c3201"
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 06/20] secilc: uprev to 2.7 (20170804)
2017-09-13 2:42 [PATCH 00/20 V2] selinux: uprev to 2.7 (20170804) wenzong.fan
` (4 preceding siblings ...)
2017-09-13 2:42 ` [PATCH 05/20] checkpolicy: " wenzong.fan
@ 2017-09-13 2:42 ` wenzong.fan
2017-09-13 2:42 ` [PATCH 07/20] policycoreutils: " wenzong.fan
` (13 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: wenzong.fan @ 2017-09-13 2:42 UTC (permalink / raw)
To: yocto, mark.hatle, Joe_MacDonald
From: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
recipes-security/selinux/secilc_2.6.bb | 7 -------
recipes-security/selinux/secilc_2.7.bb | 7 +++++++
2 files changed, 7 insertions(+), 7 deletions(-)
delete mode 100644 recipes-security/selinux/secilc_2.6.bb
create mode 100644 recipes-security/selinux/secilc_2.7.bb
diff --git a/recipes-security/selinux/secilc_2.6.bb b/recipes-security/selinux/secilc_2.6.bb
deleted file mode 100644
index 0f84b0e..0000000
--- a/recipes-security/selinux/secilc_2.6.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-include selinux_20161014.inc
-include ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=5fb82e8deb357d4e5fd8f3fed01d2f38"
-
-SRC_URI[md5sum] = "38c06fb8d97206a12016b4516ee23efc"
-SRC_URI[sha256sum] = "a84838c15bb7b0141238b48294b15ff0e1618107f547541a0067d1ddabcc9502"
diff --git a/recipes-security/selinux/secilc_2.7.bb b/recipes-security/selinux/secilc_2.7.bb
new file mode 100644
index 0000000..611f165
--- /dev/null
+++ b/recipes-security/selinux/secilc_2.7.bb
@@ -0,0 +1,7 @@
+include selinux_20170804.inc
+include ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=5fb82e8deb357d4e5fd8f3fed01d2f38"
+
+SRC_URI[md5sum] = "301a4e477bc7214be16558f7c2dcbcff"
+SRC_URI[sha256sum] = "9ec63dd64645c718f66d33c96299adfe0445b0aa62d7ac8c642f873c570609c5"
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 07/20] policycoreutils: uprev to 2.7 (20170804)
2017-09-13 2:42 [PATCH 00/20 V2] selinux: uprev to 2.7 (20170804) wenzong.fan
` (5 preceding siblings ...)
2017-09-13 2:42 ` [PATCH 06/20] secilc: " wenzong.fan
@ 2017-09-13 2:42 ` wenzong.fan
2017-09-13 2:42 ` [PATCH 08/20] sepolgen: remove package wenzong.fan
` (12 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: wenzong.fan @ 2017-09-13 2:42 UTC (permalink / raw)
To: yocto, mark.hatle, Joe_MacDonald
From: Wenzong Fan <wenzong.fan@windriver.com>
Uprev the recipe file as is.
Some packages have been moved out from policycoreutils, they will be
added as new packages and the policycoreutils.inc need to be cleaned
up from later commits accordingly.
Moved packages:
From: To:
- policycoreutils/gui gui
- policycoreutils/mcstrans mcstrans
- policycoreutils/restorecond restorecond
- policycoreutils/sandbox sandbox
- policycoreutils/sepolicy/dbus dbus
- policycoreutils/semodule_deps semodule-utils/semodule_deps
- policycoreutils/semodule_expand semodule-utils/semodule_expand
- policycoreutils/semodule_link semodule-utils/semodule_link
- policycoreutils/semodule_package semodule-utils/semodule_package
- policycoreutils/semanage python/semanage
- policycoreutils/audit2allow python/audit2allow
- policycoreutils/sepolgen-ifgen python/audit2allow/sepolgen-ifgen
- policycoreutils/sepolicy python/sepolicy
- policycoreutils/scripts/chcat python/chcat
Released package list refer to:
https://github.com/SELinuxProject/selinux/wiki/Releases
Cleanup the patch file that have been removed in 2.6:
- policycoreutils-fts_flags-FTS_NOCHDIR.patch
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
.../policycoreutils-fts_flags-FTS_NOCHDIR.patch | 25 ----------------------
...licycoreutils_2.6.bb => policycoreutils_2.7.bb} | 6 +++---
2 files changed, 3 insertions(+), 28 deletions(-)
delete mode 100644 recipes-security/selinux/policycoreutils/policycoreutils-fts_flags-FTS_NOCHDIR.patch
rename recipes-security/selinux/{policycoreutils_2.6.bb => policycoreutils_2.7.bb} (74%)
diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-fts_flags-FTS_NOCHDIR.patch b/recipes-security/selinux/policycoreutils/policycoreutils-fts_flags-FTS_NOCHDIR.patch
deleted file mode 100644
index fd04b51..0000000
--- a/recipes-security/selinux/policycoreutils/policycoreutils-fts_flags-FTS_NOCHDIR.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-This works around a bug in the default libc used by OE. FTS functions are
-supposed to change the current working directory as they walk the file
-hierarchy. The fts_accpath member of the FTSENT structure relies on this
-behavior and without it the path is not relative to cwd as expected.
-Supplying the FTS_NOCHDIR flag disables this optimization and causes
-fts_accpath to be relative to the directory where the traversal started.
-Use of this flag doesn't effect compatibility with glibc.
-
-An alternative fix could replace the use of fts_accpath with fts_path
-which is absolute.
-
-Signed-off-by: Philip Tricca <flihp@twobit.us>
-Index: policycoreutils/setfiles/setfiles.c
-===================================================================
---- policycoreutils.orig/setfiles/setfiles.c
-+++ policycoreutils/setfiles/setfiles.c
-@@ -194,7 +194,7 @@ int main(int argc, char **argv)
- r_opts.expand_realpath = 0;
- r_opts.abort_on_error = 1;
- r_opts.add_assoc = 1;
-- r_opts.fts_flags = FTS_PHYSICAL | FTS_XDEV;
-+ r_opts.fts_flags = FTS_PHYSICAL | FTS_XDEV | FTS_NOCHDIR;
- ctx_validate = 1;
- } else {
- /*
diff --git a/recipes-security/selinux/policycoreutils_2.6.bb b/recipes-security/selinux/policycoreutils_2.7.bb
similarity index 74%
rename from recipes-security/selinux/policycoreutils_2.6.bb
rename to recipes-security/selinux/policycoreutils_2.7.bb
index 6a625b3..50f15d0 100644
--- a/recipes-security/selinux/policycoreutils_2.6.bb
+++ b/recipes-security/selinux/policycoreutils_2.7.bb
@@ -1,10 +1,10 @@
-include selinux_20161014.inc
+include selinux_20170804.inc
include ${BPN}.inc
LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-SRC_URI[md5sum] = "0358f0136e2dd9a8c9e99f181aaab1b2"
-SRC_URI[sha256sum] = "68891b376f5048edc53c6ccb2fca44da3dc7f4563f4b6894e201d70c04a05a29"
+SRC_URI[md5sum] = "65311b66ae01f7b7ad7c2ea7401b68ed"
+SRC_URI[sha256sum] = "0a1b8a4a323b854981c6755ff025fe98a0f1cff307f109abb260f0490f13e4f4"
SRC_URI += "\
file://policycoreutils-fix-sepolicy-install-path.patch \
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 08/20] sepolgen: remove package
2017-09-13 2:42 [PATCH 00/20 V2] selinux: uprev to 2.7 (20170804) wenzong.fan
` (6 preceding siblings ...)
2017-09-13 2:42 ` [PATCH 07/20] policycoreutils: " wenzong.fan
@ 2017-09-13 2:42 ` wenzong.fan
2017-09-13 2:42 ` [PATCH 09/20] mcstrans: add package 2.7 (20170804) wenzong.fan
` (11 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: wenzong.fan @ 2017-09-13 2:42 UTC (permalink / raw)
To: yocto, mark.hatle, Joe_MacDonald
From: Wenzong Fan <wenzong.fan@windriver.com>
The package has been moved to selinux-python/sepolgen.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
recipes-security/selinux/sepolgen.inc | 34 --------------------------------
recipes-security/selinux/sepolgen_2.6.bb | 7 -------
recipes-security/selinux/sepolgen_git.bb | 7 -------
3 files changed, 48 deletions(-)
delete mode 100644 recipes-security/selinux/sepolgen.inc
delete mode 100644 recipes-security/selinux/sepolgen_2.6.bb
delete mode 100644 recipes-security/selinux/sepolgen_git.bb
diff --git a/recipes-security/selinux/sepolgen.inc b/recipes-security/selinux/sepolgen.inc
deleted file mode 100644
index daf213d..0000000
--- a/recipes-security/selinux/sepolgen.inc
+++ /dev/null
@@ -1,34 +0,0 @@
-SUMMARY = "Python modules for supporting various SELinux utilities."
-DESCRIPTION = "\
-This package contains a Python module that forms the core of the \
-modern audit2allow (which is a part of the package policycoreutils). \
-The sepolgen library is structured to give flexibility to the \
-application using it. The library contains: Reference Policy \
-Representation, which are Objects for representing policies and the \
-reference policy interfaces. Secondly, it has objects and algorithms \
-for representing access and sets of access in an abstract way and \
-searching that access. It also has a parser for reference policy \
-"headers". It contains infrastructure for parsing SELinux related \
-messages as produced by the audit system. It has facilities for \
-generating policy based on required access."
-
-SECTION = "base"
-LICENSE = "LGPLv2+"
-
-FILES_${PN} = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*"
-
-DEPENDS += "python"
-
-inherit python-dir
-
-FILES_${PN} += "${libdir}/python${PYTHON_BASEVERSION}/site-packages \
- /var/lib/sepolgen"
-
-do_install() {
- oe_runmake DESTDIR=${D} \
- PYTHONLIBDIR='${libdir}/python${PYTHON_BASEVERSION}/site-packages' \
- install
-}
-
-BBCLASSEXTEND = "native"
-
diff --git a/recipes-security/selinux/sepolgen_2.6.bb b/recipes-security/selinux/sepolgen_2.6.bb
deleted file mode 100644
index 7825863..0000000
--- a/recipes-security/selinux/sepolgen_2.6.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-include selinux_20161014.inc
-include ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "84faa46a0eb0b603e903efeed239c244"
-SRC_URI[sha256sum] = "6a327b1576d914e57ad796a541a7a9bcceefb14c445355559993de0fdb8e7a60"
diff --git a/recipes-security/selinux/sepolgen_git.bb b/recipes-security/selinux/sepolgen_git.bb
deleted file mode 100644
index 9b3cbe2..0000000
--- a/recipes-security/selinux/sepolgen_git.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-PR = "r99"
-PV = "1.2.1+git${SRCPV}"
-
-include selinux_git.inc
-include ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 09/20] mcstrans: add package 2.7 (20170804)
2017-09-13 2:42 [PATCH 00/20 V2] selinux: uprev to 2.7 (20170804) wenzong.fan
` (7 preceding siblings ...)
2017-09-13 2:42 ` [PATCH 08/20] sepolgen: remove package wenzong.fan
@ 2017-09-13 2:42 ` wenzong.fan
2017-09-13 2:42 ` [PATCH 10/20] restorecond: " wenzong.fan
` (10 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: wenzong.fan @ 2017-09-13 2:42 UTC (permalink / raw)
To: yocto, mark.hatle, Joe_MacDonald
From: Wenzong Fan <wenzong.fan@windriver.com>
Move policycoreutils/mcstrans to mcstrans:
* Move and rebase patches:
- mcstrans-de-bashify.patch
- 0001-mcstrans-fix-the-init-script.patch
* Remove useless patch:
- enable-mcstrans.patch
* Cleanup policycoreutils_2.7.bb and policycoreutils.inc.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
recipes-security/selinux/mcstrans.inc | 49 ++++++++++++++
.../0001-mcstrans-fix-the-init-script.patch | 9 +--
.../selinux/mcstrans/mcstrans-de-bashify.patch | 26 ++++++++
recipes-security/selinux/mcstrans_2.7.bb | 7 ++
recipes-security/selinux/policycoreutils.inc | 76 +---------------------
.../selinux/policycoreutils/enable-mcstrans.patch | 17 -----
.../policycoreutils/mcstrans-de-bashify.patch | 12 ----
recipes-security/selinux/policycoreutils_2.7.bb | 2 -
8 files changed, 88 insertions(+), 110 deletions(-)
create mode 100644 recipes-security/selinux/mcstrans.inc
rename recipes-security/selinux/{policycoreutils => mcstrans}/0001-mcstrans-fix-the-init-script.patch (74%)
create mode 100644 recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch
create mode 100644 recipes-security/selinux/mcstrans_2.7.bb
delete mode 100644 recipes-security/selinux/policycoreutils/enable-mcstrans.patch
delete mode 100644 recipes-security/selinux/policycoreutils/mcstrans-de-bashify.patch
diff --git a/recipes-security/selinux/mcstrans.inc b/recipes-security/selinux/mcstrans.inc
new file mode 100644
index 0000000..590e6d2
--- /dev/null
+++ b/recipes-security/selinux/mcstrans.inc
@@ -0,0 +1,49 @@
+SUMMARY = "Daemon to translate SELinux MCS/MLS sensitivity labels"
+DESCRIPTION = "\
+mcstrans provides an translation daemon to translate SELinux categories \
+from internal representations to user defined representation."
+
+SECTION = "base"
+LICENSE = "GPLv2+"
+
+SRC_URI += "file://mcstrans-de-bashify.patch \
+ file://0001-mcstrans-fix-the-init-script.patch \
+"
+
+inherit systemd update-rc.d
+
+DEPENDS += "libsepol libselinux libcap"
+
+EXTRA_OEMAKE += "SYSTEMDDIR=${D}${systemd_unitdir}"
+do_install_append() {
+ install -d ${D}${sbindir}
+ install -m 755 utils/untranscon ${D}${sbindir}/
+ install -m 755 utils/transcon ${D}${sbindir}/
+
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ install -d ${D}${sysconfdir}/tmpfiles.d
+ echo "d ${localstatedir}/run/setrans - - - -" \
+ > ${D}${sysconfdir}/tmpfiles.d/setrans.conf
+ else
+ install -d ${D}${sysconfdir}/default/volatiles
+ echo "d root root 0755 /var/run/setrans none" \
+ >${D}${sysconfdir}/default/volatiles/volatiles.80_mcstrans
+ fi
+ install -d ${D}${datadir}/mcstrans
+ cp -r share/* ${D}${datadir}/mcstrans/.
+}
+
+SYSTEMD_SERVICE_mcstrans = "mcstrans.service"
+INITSCRIPT_PACKAGES = "mcstrans"
+INITSCRIPT_NAME_mcstrans = "mcstrans"
+INITSCRIPT_PARAMS_mcstrans = "defaults"
+
+pkg_postinst_mcstrans () {
+ if [ -z "$D" ]; then
+ if command -v systemd-tmpfiles >/dev/null; then
+ systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/setrans.conf
+ elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
+ ${sysconfdir}/init.d/populate-volatile.sh update
+ fi
+ fi
+}
diff --git a/recipes-security/selinux/policycoreutils/0001-mcstrans-fix-the-init-script.patch b/recipes-security/selinux/mcstrans/0001-mcstrans-fix-the-init-script.patch
similarity index 74%
rename from recipes-security/selinux/policycoreutils/0001-mcstrans-fix-the-init-script.patch
rename to recipes-security/selinux/mcstrans/0001-mcstrans-fix-the-init-script.patch
index 39be80a..5f7163d 100644
--- a/recipes-security/selinux/policycoreutils/0001-mcstrans-fix-the-init-script.patch
+++ b/recipes-security/selinux/mcstrans/0001-mcstrans-fix-the-init-script.patch
@@ -5,14 +5,15 @@ Upstream-Status: Inappropriate [embedded specific]
replace daemon with start-stop-daemon, due to not daemon functions
Signed-off-by: Roy Li <rongqing.li@windriver.com>
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
- mcstrans/src/mcstrans.init | 2 +-
+ src/mcstrans.init | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/mcstrans/src/mcstrans.init b/mcstrans/src/mcstrans.init
+diff --git a/src/mcstrans.init b/src/mcstrans.init
index 2804ec0..c660290 100644
---- a/mcstrans/src/mcstrans.init
-+++ b/mcstrans/src/mcstrans.init
+--- a/src/mcstrans.init
++++ b/src/mcstrans.init
@@ -51,7 +51,7 @@ start(){
fi
diff --git a/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch b/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch
new file mode 100644
index 0000000..805d7e5
--- /dev/null
+++ b/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch
@@ -0,0 +1,26 @@
+commit 54875dcb50f5e40fc86d6fe98dde244bfe4751af
+Author: Joe MacDonald <joe_macdonald@mentor.com>
+Date: Fri Aug 7 15:16:45 2015 -0400
+
+ mcstrans: remove dependency on bash in initscript
+
+ There were no apparent bashisms in mcstrans.init, so remove the dependency
+ on bash.
+
+ Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
+
+Upstream-Status: Pending
+
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+---
+ src/mcstrans.init | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/mcstrans.init
++++ b/src/mcstrans.init
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ #
+ # mcstransd This starts and stops mcstransd
+ #
diff --git a/recipes-security/selinux/mcstrans_2.7.bb b/recipes-security/selinux/mcstrans_2.7.bb
new file mode 100644
index 0000000..2d5bbfd
--- /dev/null
+++ b/recipes-security/selinux/mcstrans_2.7.bb
@@ -0,0 +1,7 @@
+include selinux_20170804.inc
+include ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
+
+SRC_URI[md5sum] = "edba0f72fdf7fdd1ad0a2c6d102e8cfa"
+SRC_URI[sha256sum] = "cdca003282d160b50ad695ab5b013c05ca21387a419b2f89288534184d16e1e2"
diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc
index fe01004..e8f6e5f 100644
--- a/recipes-security/selinux/policycoreutils.inc
+++ b/recipes-security/selinux/policycoreutils.inc
@@ -10,7 +10,6 @@ LICENSE = "GPLv2+"
SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
file://policycoreutils-fixfiles-de-bashify.patch \
file://policycoreutils-sandbox-de-bashify.patch \
- file://mcstrans-de-bashify.patch \
"
PAM_SRC_URI = "file://pam.d/newrole \
@@ -21,9 +20,7 @@ DEPENDS += "libsepol libselinux libsemanage libcap gettext-native"
EXTRA_DEPENDS = "libcap-ng libcgroup setools"
DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}"
-inherit selinux systemd pythonnative update-rc.d
-
-PROVIDES += "mcstrans"
+inherit selinux pythonnative
DEPENDS += "${@target_selinux(d, 'libpam audit')}"
@@ -144,31 +141,8 @@ PACKAGES =+ "\
${PN}-sestatus \
${PN}-setfiles \
${PN}-setsebool \
- mcstrans \
- mcstrans-doc \
system-config-selinux \
"
-PKGV_mcstrans = "0.3.2"
-PKGV_mcstrans-doc = "0.3.2"
-SUMMARY_mcstrans = "Daemon to translate SELinux MCS/MLS sensitivity labels"
-DESCRIPTION_mcstrans = "\
- Security-enhanced Linux is a feature of the Linux kernel and a number \
- of utilities with enhanced security functionality designed to add \
- mandatory access controls to Linux. The Security-enhanced Linux \
- kernel contains new architectural components originally developed to \
- improve the security of the Flask operating system. These \
- architectural components provide general support for the enforcement \
- of many kinds of mandatory access control policies, including those \
- based on the concepts of Type Enforcement®, Role-based Access \
- Control, and Multi-level Security. \
- \
- mcstrans provides an translation daemon to translate SELinux categories \
- from internal representations to user defined representation. \
- "
-SUMMARY_mcstrans-doc = "${SUMMARY_mcstrans} man pages and examples"
-DESCRIPTION_mcstrans-doc = "${DESCRIPTION_mcstrans} \
- This package contains man pages and examples. \
- "
FILES_${PN}-audit2allow = "\
${bindir}/audit2allow \
${bindir}/audit2why \
@@ -240,22 +214,6 @@ FILES_${PN}-setsebool += "\
${sbindir}/setsebool \
${datadir}/bash-completion/completions/setsebool \
"
-FILES_mcstrans = "\
- ${base_sbindir}/mcstransd \
- ${sbindir}/untranscon \
- ${sbindir}/transcon \
- ${sysconfdir}/init.d/mcstrans \
- ${systemd_unitdir}/system/mcstrans.service \
- ${sysconfdir}/default/volatiles/volatiles.80_mcstrans \
- ${sysconfdir}/tmpfiles.d/setrans.conf \
-"
-
-FILES_mcstrans-doc = "\
- /usr/share/man/man8/mcstransd.8 \
- /usr/share/man/man8/mcs.8 \
- /usr/share/man/man8/setrans.conf.8 \
- ${datadir}/mcstrans \
-"
FILES_system-config-selinux = " \
${bindir}/sepolgen \
@@ -304,23 +262,6 @@ do_install_prepend() {
export SEMODULE_PATH=${sbindir} SYSTEMDDIR=${D}/${systemd_unitdir}
}
-do_install_append_class-target() {
- install -m 755 mcstrans/utils/untranscon ${D}${sbindir}/
- install -m 755 mcstrans/utils/transcon ${D}${sbindir}/
-
- if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
- install -d ${D}${sysconfdir}/tmpfiles.d
- echo "d ${localstatedir}/run/setrans - - - -" \
- > ${D}${sysconfdir}/tmpfiles.d/setrans.conf
- else
- install -d ${D}${sysconfdir}/default/volatiles
- echo "d root root 0755 /var/run/setrans none" \
- >${D}${sysconfdir}/default/volatiles/volatiles.80_mcstrans
- fi
- install -d ${D}${datadir}/mcstrans
- cp -r mcstrans/share/* ${D}${datadir}/mcstrans/.
-}
-
do_install_virtclass-native() {
for PCU_CMD in ${PCU_NATIVE_CMDS} ; do
oe_runmake -C $PCU_CMD install \
@@ -342,18 +283,3 @@ do_install_append_class-target() {
# $ semanage permissive [OPTS]
install -d ${D}${localstatedir}/lib/selinux
}
-
-SYSTEMD_SERVICE_mcstrans = "mcstrans.service"
-INITSCRIPT_PACKAGES = "mcstrans"
-INITSCRIPT_NAME_mcstrans = "mcstrans"
-INITSCRIPT_PARAMS_mcstrans = "defaults"
-
-pkg_postinst_mcstrans () {
- if [ -z "$D" ]; then
- if command -v systemd-tmpfiles >/dev/null; then
- systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/setrans.conf
- elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
- ${sysconfdir}/init.d/populate-volatile.sh update
- fi
- fi
-}
diff --git a/recipes-security/selinux/policycoreutils/enable-mcstrans.patch b/recipes-security/selinux/policycoreutils/enable-mcstrans.patch
deleted file mode 100644
index e923903..0000000
--- a/recipes-security/selinux/policycoreutils/enable-mcstrans.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Add the "mcstrans" subdir so it gets built too.
-
-Upstream-Status: Inappropriate [embedded specific]
-
-Signed-off-by: Roy Li <rongqing.li@windriver.com>
-diff --git a/Makefile b/Makefile
-index 83ebd45..3ae784f 100644
---- a/Makefile
-+++ b/Makefile
-@@ -1,5 +1,7 @@
- SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui
-
-+SUBDIRS += mcstrans
-+
- INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
-
- ifeq (${INOTIFYH}, /usr/include/sys/inotify.h)
diff --git a/recipes-security/selinux/policycoreutils/mcstrans-de-bashify.patch b/recipes-security/selinux/policycoreutils/mcstrans-de-bashify.patch
deleted file mode 100644
index 86141a2..0000000
--- a/recipes-security/selinux/policycoreutils/mcstrans-de-bashify.patch
+++ /dev/null
@@ -1,12 +0,0 @@
----
- mcstrans/src/mcstrans.init | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/mcstrans/src/mcstrans.init
-+++ b/mcstrans/src/mcstrans.init
-@@ -1,4 +1,4 @@
--#!/bin/bash
-+#!/bin/sh
- #
- # mcstransd This starts and stops mcstransd
- #
diff --git a/recipes-security/selinux/policycoreutils_2.7.bb b/recipes-security/selinux/policycoreutils_2.7.bb
index 50f15d0..d407ac3 100644
--- a/recipes-security/selinux/policycoreutils_2.7.bb
+++ b/recipes-security/selinux/policycoreutils_2.7.bb
@@ -12,6 +12,4 @@ SRC_URI += "\
file://policycoreutils-loadpolicy-symlink.patch \
file://policycoreutils-process-ValueError-for-sepolicy-seobject.patch \
file://policycoreutils-fix-TypeError-for-seobject.py.patch \
- file://0001-mcstrans-fix-the-init-script.patch \
- file://enable-mcstrans.patch \
"
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 10/20] restorecond: add package 2.7 (20170804)
2017-09-13 2:42 [PATCH 00/20 V2] selinux: uprev to 2.7 (20170804) wenzong.fan
` (8 preceding siblings ...)
2017-09-13 2:42 ` [PATCH 09/20] mcstrans: add package 2.7 (20170804) wenzong.fan
@ 2017-09-13 2:42 ` wenzong.fan
2017-09-13 2:42 ` [PATCH 11/20] selinux-sandbox: " wenzong.fan
` (9 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: wenzong.fan @ 2017-09-13 2:42 UTC (permalink / raw)
To: yocto, mark.hatle, Joe_MacDonald
From: Wenzong Fan <wenzong.fan@windriver.com>
Move policycoreutils/restorecond to restorecond:
* Move and rebase patch:
- policycoreutils-make-O_CLOEXEC-optional.patch
* Cleanup policycoreutils_2.7.bb.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
recipes-security/selinux/policycoreutils_2.7.bb | 1 -
recipes-security/selinux/restorecond.inc | 28 ++++++++++++++++++++++
.../policycoreutils-make-O_CLOEXEC-optional.patch | 8 +++----
recipes-security/selinux/restorecond_2.7.bb | 7 ++++++
4 files changed, 39 insertions(+), 5 deletions(-)
create mode 100644 recipes-security/selinux/restorecond.inc
rename recipes-security/selinux/{policycoreutils => restorecond}/policycoreutils-make-O_CLOEXEC-optional.patch (90%)
create mode 100644 recipes-security/selinux/restorecond_2.7.bb
diff --git a/recipes-security/selinux/policycoreutils_2.7.bb b/recipes-security/selinux/policycoreutils_2.7.bb
index d407ac3..54ec69a 100644
--- a/recipes-security/selinux/policycoreutils_2.7.bb
+++ b/recipes-security/selinux/policycoreutils_2.7.bb
@@ -8,7 +8,6 @@ SRC_URI[sha256sum] = "0a1b8a4a323b854981c6755ff025fe98a0f1cff307f109abb260f0490f
SRC_URI += "\
file://policycoreutils-fix-sepolicy-install-path.patch \
- file://policycoreutils-make-O_CLOEXEC-optional.patch \
file://policycoreutils-loadpolicy-symlink.patch \
file://policycoreutils-process-ValueError-for-sepolicy-seobject.patch \
file://policycoreutils-fix-TypeError-for-seobject.py.patch \
diff --git a/recipes-security/selinux/restorecond.inc b/recipes-security/selinux/restorecond.inc
new file mode 100644
index 0000000..6f12d23
--- /dev/null
+++ b/recipes-security/selinux/restorecond.inc
@@ -0,0 +1,28 @@
+SUMMARY = "Daemon to watch for file creation and set default file context"
+DESCRIPTION = "\
+The restorecond daemon uses inotify to watch files listed in the \
+/etc/selinux/restorecond.conf, when they are created, this daemon \
+will make sure they have the correct file context associated with \
+the policy."
+
+SECTION = "base"
+LICENSE = "GPLv2+"
+
+SRC_URI += "file://policycoreutils-make-O_CLOEXEC-optional.patch \
+"
+
+inherit systemd update-rc.d
+
+DEPENDS += "libsepol libselinux libpcre dbus-glib glib-2.0 pkgconfig-native"
+
+FILES_${PN} += "${datadir}/dbus-1/services/org.selinux.Restorecond.service \
+"
+
+do_install_prepend() {
+ export SYSTEMDDIR=${D}/${systemd_unitdir}
+}
+
+SYSTEMD_SERVICE_restorecond = "restorecond.service"
+INITSCRIPT_PACKAGES = "restorecond"
+INITSCRIPT_NAME_restorecond = "restorecond"
+INITSCRIPT_PARAMS_restorecond = "defaults"
diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch b/recipes-security/selinux/restorecond/policycoreutils-make-O_CLOEXEC-optional.patch
similarity index 90%
rename from recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch
rename to recipes-security/selinux/restorecond/policycoreutils-make-O_CLOEXEC-optional.patch
index d50356e..ab1a10a 100644
--- a/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch
+++ b/recipes-security/selinux/restorecond/policycoreutils-make-O_CLOEXEC-optional.patch
@@ -16,13 +16,13 @@ Uptream-Status: Inappropriate [O_CLOEXEC has been in Linux since 2007 and POSIX
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
- restorecond/user.c | 8 +++++++-
+ user.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
-diff --git a/restorecond/user.c b/restorecond/user.c
+diff --git a/user.c b/user.c
index 2c28676..6235772 100644
---- a/restorecond/user.c
-+++ b/restorecond/user.c
+--- a/user.c
++++ b/user.c
@@ -202,7 +202,13 @@ static int local_server() {
perror("asprintf");
return -1;
diff --git a/recipes-security/selinux/restorecond_2.7.bb b/recipes-security/selinux/restorecond_2.7.bb
new file mode 100644
index 0000000..1f9a70c
--- /dev/null
+++ b/recipes-security/selinux/restorecond_2.7.bb
@@ -0,0 +1,7 @@
+include selinux_20170804.inc
+include ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "46f8ad0a37f955ef148d4e19b8cc8b1f"
+SRC_URI[sha256sum] = "cb8e0a8d706cb2c1f105125f3514dffffefcbcfb49199183a7f91ab0bdf1f24d"
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 11/20] selinux-sandbox: add package 2.7 (20170804)
2017-09-13 2:42 [PATCH 00/20 V2] selinux: uprev to 2.7 (20170804) wenzong.fan
` (9 preceding siblings ...)
2017-09-13 2:42 ` [PATCH 10/20] restorecond: " wenzong.fan
@ 2017-09-13 2:42 ` wenzong.fan
2017-09-13 2:42 ` [PATCH 12/20] selinux-python: " wenzong.fan
` (8 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: wenzong.fan @ 2017-09-13 2:42 UTC (permalink / raw)
To: yocto, mark.hatle, Joe_MacDonald
From: Wenzong Fan <wenzong.fan@windriver.com>
Move policycoreutils/sandbox to sandbox:
* Move and rebase patch:
- policycoreutils-sandbox-de-bashify.patch
* Cleanup policycoreutils.inc
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
recipes-security/selinux/policycoreutils.inc | 17 -------------
recipes-security/selinux/selinux-sandbox.inc | 28 ++++++++++++++++++++++
.../sandbox-de-bashify.patch} | 13 +++++-----
recipes-security/selinux/selinux-sandbox_2.7.bb | 7 ++++++
4 files changed, 42 insertions(+), 23 deletions(-)
create mode 100644 recipes-security/selinux/selinux-sandbox.inc
rename recipes-security/selinux/{policycoreutils/policycoreutils-sandbox-de-bashify.patch => selinux-sandbox/sandbox-de-bashify.patch} (79%)
create mode 100644 recipes-security/selinux/selinux-sandbox_2.7.bb
diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc
index e8f6e5f..9e45e0c 100644
--- a/recipes-security/selinux/policycoreutils.inc
+++ b/recipes-security/selinux/policycoreutils.inc
@@ -9,7 +9,6 @@ LICENSE = "GPLv2+"
SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
file://policycoreutils-fixfiles-de-bashify.patch \
- file://policycoreutils-sandbox-de-bashify.patch \
"
PAM_SRC_URI = "file://pam.d/newrole \
@@ -64,15 +63,6 @@ RDEPENDS_${BPN}-python += "\
libsemanage-python \
"
RDEPENDS_${BPN}-runinit += "libselinux"
-RDEPENDS_${BPN}-sandbox += "\
- python-math \
- python-shell \
- python-subprocess \
- python-textutils \
- python-unixadmin \
- libselinux-python \
- ${BPN}-python \
-"
RDEPENDS_${BPN}-secon += "libselinux"
RDEPENDS_${BPN}-semanage = "\
python-core \
@@ -128,7 +118,6 @@ PACKAGES =+ "\
${PN}-newrole \
${PN}-python \
${PN}-runinit \
- ${PN}-sandbox \
${PN}-secon \
${PN}-semanage \
${PN}-semodule \
@@ -171,12 +160,6 @@ FILES_${PN}-runinit += "\
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${sysconfdir}/pam.d/run_init', '', d)} \
"
FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolicy/.debug/* ${prefix}/libexec/selinux/hll/.debug"
-FILES_${PN}-sandbox += "\
- ${datadir}/sandbox/* \
- ${bindir}/sandbox \
- ${sbindir}/seunshare \
- ${sysconfdir}/sysconfig/sandbox \
-"
FILES_${PN}-secon += "${bindir}/secon"
FILES_${PN}-semanage = "\
${sbindir}/semanage \
diff --git a/recipes-security/selinux/selinux-sandbox.inc b/recipes-security/selinux/selinux-sandbox.inc
new file mode 100644
index 0000000..8616dd7
--- /dev/null
+++ b/recipes-security/selinux/selinux-sandbox.inc
@@ -0,0 +1,28 @@
+SUMMARY = "Run cmd under an SELinux sandbox"
+DESCRIPTION = "\
+Run application within a tightly confined SELinux domain. The default \
+sandbox domain only allows applications the ability to read and write \
+stdin, stdout and any other file descriptors handed to it."
+
+SECTION = "base"
+LICENSE = "GPLv2+"
+
+SRC_URI += "file://sandbox-de-bashify.patch \
+"
+
+DEPENDS += "libcap-ng libselinux"
+
+RDEPENDS_${PN} += "\
+ python-math \
+ python-shell \
+ python-subprocess \
+ python-textutils \
+ python-unixadmin \
+ libselinux-python \
+ selinux-python \
+"
+
+FILES_${PN} += "\
+ ${datadir}/sandbox/sandboxX.sh \
+ ${datadir}/sandbox/start \
+"
diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-sandbox-de-bashify.patch b/recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch
similarity index 79%
rename from recipes-security/selinux/policycoreutils/policycoreutils-sandbox-de-bashify.patch
rename to recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch
index c078ef6..18cef4b 100644
--- a/recipes-security/selinux/policycoreutils/policycoreutils-sandbox-de-bashify.patch
+++ b/recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch
@@ -9,25 +9,26 @@ sandboxX script, so point them at /bin/sh instead.
Upstream-Status: Pending
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
sandbox/sandbox.init | 2 +-
sandbox/sandboxX.sh | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
-diff --git a/sandbox/sandbox.init b/sandbox/sandbox.init
+diff --git a/sandbox.init b/sandbox.init
index b3979bf..1893dc8 100644
---- a/sandbox/sandbox.init
-+++ b/sandbox/sandbox.init
+--- a/sandbox.init
++++ b/sandbox.init
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
## BEGIN INIT INFO
# Provides: sandbox
# Default-Start: 3 4 5
-diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh
+diff --git a/sandboxX.sh b/sandboxX.sh
index eaa500d..8755d75 100644
---- a/sandbox/sandboxX.sh
-+++ b/sandbox/sandboxX.sh
+--- a/sandboxX.sh
++++ b/sandboxX.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
diff --git a/recipes-security/selinux/selinux-sandbox_2.7.bb b/recipes-security/selinux/selinux-sandbox_2.7.bb
new file mode 100644
index 0000000..1307ce7
--- /dev/null
+++ b/recipes-security/selinux/selinux-sandbox_2.7.bb
@@ -0,0 +1,7 @@
+include selinux_20170804.inc
+include ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "7360e9dc7b1757b7f82face655982bfa"
+SRC_URI[sha256sum] = "9490620380ab6d428a92869002a51ada0343ca35fa2a6905595745902a64c541"
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 12/20] selinux-python: add package 2.7 (20170804)
2017-09-13 2:42 [PATCH 00/20 V2] selinux: uprev to 2.7 (20170804) wenzong.fan
` (10 preceding siblings ...)
2017-09-13 2:42 ` [PATCH 11/20] selinux-sandbox: " wenzong.fan
@ 2017-09-13 2:42 ` wenzong.fan
2017-09-13 2:42 ` [PATCH 13/20] semodule-utils: " wenzong.fan
` (7 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: wenzong.fan @ 2017-09-13 2:42 UTC (permalink / raw)
To: yocto, mark.hatle, Joe_MacDonald
From: Wenzong Fan <wenzong.fan@windriver.com>
Move packages to python/*:
- policycoreutils/semanage -> python/semanage
- policycoreutils/audit2allow -> python/audit2allow
- policycoreutils/sepolgen-ifgen -> python/audit2allow/sepolgen-ifgen
- policycoreutils/sepolicy -> python/sepolicy
- policycoreutils/scripts/chcat -> python/chcat
- sepolgen -> python/sepolgen
* Move and rebase patches:
- policycoreutils-fix-TypeError-for-seobject.py.patch
- policycoreutils-fix-sepolicy-install-path.patch
- policycoreutils-process-ValueError-for-sepolicy-seobject.patch
* Cleanup policycoreutils.inc and policycoreutils_2.7.bb
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
recipes-security/selinux/policycoreutils.inc | 80 +---------------
recipes-security/selinux/policycoreutils_2.7.bb | 3 -
recipes-security/selinux/selinux-python.inc | 106 +++++++++++++++++++++
.../fix-TypeError-for-seobject.py.patch} | 0
.../fix-sepolicy-install-path.patch} | 0
...process-ValueError-for-sepolicy-seobject.patch} | 0
recipes-security/selinux/selinux-python_2.7.bb | 7 ++
7 files changed, 115 insertions(+), 81 deletions(-)
create mode 100644 recipes-security/selinux/selinux-python.inc
rename recipes-security/selinux/{policycoreutils/policycoreutils-fix-TypeError-for-seobject.py.patch => selinux-python/fix-TypeError-for-seobject.py.patch} (100%)
rename recipes-security/selinux/{policycoreutils/policycoreutils-fix-sepolicy-install-path.patch => selinux-python/fix-sepolicy-install-path.patch} (100%)
rename recipes-security/selinux/{policycoreutils/policycoreutils-process-ValueError-for-sepolicy-seobject.patch => selinux-python/process-ValueError-for-sepolicy-seobject.patch} (100%)
create mode 100644 recipes-security/selinux/selinux-python_2.7.bb
diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc
index 9e45e0c..05fd43d 100644
--- a/recipes-security/selinux/policycoreutils.inc
+++ b/recipes-security/selinux/policycoreutils.inc
@@ -23,19 +23,6 @@ inherit selinux pythonnative
DEPENDS += "${@target_selinux(d, 'libpam audit')}"
-RDEPENDS_${BPN}-audit2allow = "\
- python-textutils \
- libselinux-python \
- sepolgen \
-"
-RDEPENDS_${BPN}-chcat = "\
- python-codecs \
- python-shell \
- python-stringold \
- python-unixadmin \
- ${BPN}-python \
- libselinux-python \
-"
RDEPENDS_${BPN}-fixfiles += "\
${BPN}-setfiles \
"
@@ -51,27 +38,8 @@ RDEPENDS_${BPN}-newrole += "\
libcap-ng \
libselinux \
"
-RDEPENDS_${BPN}-python += "\
- python-codecs \
- python-io \
- python-ipy \
- python-re \
- python-stringold \
- python-syslog \
- python-unixadmin \
- libselinux-python \
- libsemanage-python \
-"
RDEPENDS_${BPN}-runinit += "libselinux"
RDEPENDS_${BPN}-secon += "libselinux"
-RDEPENDS_${BPN}-semanage = "\
- python-core \
- python-ipy \
- python-compression \
- python-xml \
- ${BPN}-python \
- libselinux-python \
-"
RDEPENDS_${BPN}-semodule += "\
libsepol \
libselinux \
@@ -82,16 +50,6 @@ DEPENDS_${BPN}-semodule-deps += "libsepol"
RDEPENDS_${BPN}-semodule-expand += "libsepol libselinux"
RDEPENDS_${BPN}-semodule-link += "libsepol libselinux"
RDEPENDS_${BPN}-semodule-package += "libsepol libselinux"
-RDEPENDS_${BPN}-sepolicy += "\
- python-argparse \
- python-codecs \
- python-core \
- python-syslog \
- ${BPN}-python \
-"
-# static link to libsepol
-DEPENDS_${BPN}-sepolgen-ifgen += "libsepol"
-RDEPENDS_${BPN}-sepolgen-ifgen += "python libselinux-python"
RDEPENDS_${BPN}-sestatus += "libselinux"
RDEPENDS_${BPN}-setfiles += "\
libselinux \
@@ -102,43 +60,30 @@ RDEPENDS_${BPN}-setsebool += "\
libselinux \
libsemanage \
"
-RDEPENDS_${BPN} += "setools setools-libs ${BPN}-python"
+RDEPENDS_${BPN} += "setools setools-libs selinux-python"
WARN_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${WARN_QA}', d)}"
ERROR_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${ERROR_QA}', d)}"
PACKAGES =+ "\
- ${PN}-audit2allow \
- ${PN}-chcat \
${PN}-fixfiles \
${PN}-genhomedircon \
${PN}-hll \
${PN}-loadpolicy \
${PN}-newrole \
- ${PN}-python \
${PN}-runinit \
${PN}-secon \
- ${PN}-semanage \
${PN}-semodule \
${PN}-semodule-deps \
${PN}-semodule-expand \
${PN}-semodule-link \
${PN}-semodule-package \
- ${PN}-sepolgen-ifgen \
- ${PN}-sepolicy \
${PN}-sestatus \
${PN}-setfiles \
${PN}-setsebool \
system-config-selinux \
"
-FILES_${PN}-audit2allow = "\
- ${bindir}/audit2allow \
- ${bindir}/audit2why \
-"
-FILES_${PN}-chcat = "\
- ${bindir}/chcat \
-"
FILES_${PN}-fixfiles += "${base_sbindir}/fixfiles"
FILES_${PN}-genhomedircon += "${sbindir}/genhomedircon"
FILES_${PN}-loadpolicy += "\
@@ -149,22 +94,13 @@ FILES_${PN}-newrole += "\
${bindir}/newrole \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${sysconfdir}/pam.d/newrole', '', d)} \
"
-FILES_${PN}-python = "\
- ${libdir}/python${PYTHON_BASEVERSION}/site-packages/seobject.py* \
- ${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolicy*.egg-info \
- ${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolicy/* \
-"
FILES_${PN}-runinit += "\
${sbindir}/run_init \
${sbindir}/open_init_pty \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${sysconfdir}/pam.d/run_init', '', d)} \
"
-FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolicy/.debug/* ${prefix}/libexec/selinux/hll/.debug"
+FILES_${PN}-dbg += "${prefix}/libexec/selinux/hll/.debug"
FILES_${PN}-secon += "${bindir}/secon"
-FILES_${PN}-semanage = "\
- ${sbindir}/semanage \
- ${datadir}/bash-completion/completions/semanage \
-"
FILES_${PN}-semodule += "${sbindir}/semodule"
FILES_${PN}-semodule-deps += "${bindir}/semodule_deps"
FILES_${PN}-semodule-expand += "${bindir}/semodule_expand"
@@ -174,17 +110,6 @@ FILES_${PN}-semodule-package += "\
${bindir}/semodule_unpackage \
"
FILES_${PN}-hll += "${prefix}/libexec/selinux/hll/*"
-
-FILES_${PN}-sepolicy += "\
- ${bindir}/sepolicy \
- ${datadir}/bash-completion/completions/sepolicy \
- ${datadir}/dbus-1/system-services/org.selinux.service \
- ${datadir}/polkit-1/actions/org.selinux.policy \
-"
-FILES_${PN}-sepolgen-ifgen += "\
- ${bindir}/sepolgen-ifgen \
- ${bindir}/sepolgen-ifgen-attr-helper \
-"
FILES_${PN}-sestatus += "\
${sbindir}/sestatus \
${sysconfdir}/sestatus.conf \
@@ -199,7 +124,6 @@ FILES_${PN}-setsebool += "\
"
FILES_system-config-selinux = " \
- ${bindir}/sepolgen \
${datadir}/system-config-selinux/* \
${datadir}/icons/hicolor/ \
${datadir}/polkit-1/actions/org.selinux.config.policy \
diff --git a/recipes-security/selinux/policycoreutils_2.7.bb b/recipes-security/selinux/policycoreutils_2.7.bb
index 54ec69a..aa4870d 100644
--- a/recipes-security/selinux/policycoreutils_2.7.bb
+++ b/recipes-security/selinux/policycoreutils_2.7.bb
@@ -7,8 +7,5 @@ SRC_URI[md5sum] = "65311b66ae01f7b7ad7c2ea7401b68ed"
SRC_URI[sha256sum] = "0a1b8a4a323b854981c6755ff025fe98a0f1cff307f109abb260f0490f13e4f4"
SRC_URI += "\
- file://policycoreutils-fix-sepolicy-install-path.patch \
file://policycoreutils-loadpolicy-symlink.patch \
- file://policycoreutils-process-ValueError-for-sepolicy-seobject.patch \
- file://policycoreutils-fix-TypeError-for-seobject.py.patch \
"
diff --git a/recipes-security/selinux/selinux-python.inc b/recipes-security/selinux/selinux-python.inc
new file mode 100644
index 0000000..cc907ae
--- /dev/null
+++ b/recipes-security/selinux/selinux-python.inc
@@ -0,0 +1,106 @@
+SUMMARY = "Python modules and various SELinux utilities."
+DESCRIPTION = "\
+This package contains Python modules sepolgen, sepolicy; And the \
+SELinux utilities audit2allow, chcat, semanage ..."
+
+SECTION = "base"
+LICENSE = "GPLv2+"
+
+SRC_URI += "file://fix-sepolicy-install-path.patch \
+ file://fix-TypeError-for-seobject.py.patch \
+ file://process-ValueError-for-sepolicy-seobject.patch \
+"
+
+inherit python-dir
+
+DEPENDS += "python-native libsepol"
+RDEPENDS_${BPN}-audit2allow += "\
+ python-textutils \
+ libselinux-python \
+ ${BPN}-sepolgen \
+"
+RDEPENDS_${BPN}-chcat += "\
+ python-codecs \
+ python-shell \
+ python-stringold \
+ python-unixadmin \
+ libselinux-python \
+ ${BPN} \
+"
+RDEPENDS_${BPN} += "\
+ python-codecs \
+ python-io \
+ python-ipy \
+ python-re \
+ python-stringold \
+ python-syslog \
+ python-unixadmin \
+ libselinux-python \
+ libsemanage-python \
+"
+RDEPENDS_${BPN}-semanage += "\
+ python-core \
+ python-ipy \
+ python-compression \
+ python-xml \
+ libselinux-python \
+ ${BPN} \
+"
+RDEPENDS_${BPN}-sepolicy += "\
+ python-argparse \
+ python-codecs \
+ python-core \
+ python-syslog \
+ ${BPN} \
+"
+RDEPENDS_${BPN}-sepolgen-ifgen += "\
+ python \
+ libselinux-python \
+"
+
+PACKAGES =+ "\
+ ${PN}-audit2allow \
+ ${PN}-sepolgen-ifgen \
+ ${PN}-chcat \
+ ${PN}-semanage \
+ ${PN}-sepolgen \
+ ${PN}-sepolicy \
+"
+FILES_${PN}-audit2allow = "\
+ ${bindir}/audit2allow \
+ ${bindir}/audit2why \
+"
+FILES_${PN}-chcat = "\
+ ${bindir}/chcat \
+"
+FILES_${PN}-semanage = "\
+ ${sbindir}/semanage \
+ ${datadir}/bash-completion/completions/semanage \
+"
+# The ${bindir}/sepolgen is a symlink to ${bindir}/sepolicy
+FILES_${PN}-sepolicy += "\
+ ${bindir}/sepolgen \
+ ${bindir}/sepolicy \
+ ${datadir}/bash-completion/completions/sepolicy \
+"
+FILES_${PN}-sepolgen-ifgen += "\
+ ${bindir}/sepolgen-ifgen \
+ ${bindir}/sepolgen-ifgen-attr-helper \
+"
+FILES_${PN}-sepolgen += "\
+ ${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolgen* \
+ ${localstatedir}/lib/sepolgen/perm_map \
+"
+# Map to policycoreutils-python in 2.6
+FILES_${PN} += "\
+ ${libdir}/python${PYTHON_BASEVERSION}/site-packages/seobject.py* \
+ ${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolicy*.egg-info \
+ ${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolicy/* \
+"
+
+EXTRA_OEMAKE += "LIBSEPOLA=${STAGING_LIBDIR}/libsepol.a"
+do_install() {
+ oe_runmake DESTDIR=${D} \
+ PYTHONLIBDIR='${libdir}/python${PYTHON_BASEVERSION}/site-packages' \
+ install
+}
diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-fix-TypeError-for-seobject.py.patch b/recipes-security/selinux/selinux-python/fix-TypeError-for-seobject.py.patch
similarity index 100%
rename from recipes-security/selinux/policycoreutils/policycoreutils-fix-TypeError-for-seobject.py.patch
rename to recipes-security/selinux/selinux-python/fix-TypeError-for-seobject.py.patch
diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-fix-sepolicy-install-path.patch b/recipes-security/selinux/selinux-python/fix-sepolicy-install-path.patch
similarity index 100%
rename from recipes-security/selinux/policycoreutils/policycoreutils-fix-sepolicy-install-path.patch
rename to recipes-security/selinux/selinux-python/fix-sepolicy-install-path.patch
diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-process-ValueError-for-sepolicy-seobject.patch b/recipes-security/selinux/selinux-python/process-ValueError-for-sepolicy-seobject.patch
similarity index 100%
rename from recipes-security/selinux/policycoreutils/policycoreutils-process-ValueError-for-sepolicy-seobject.patch
rename to recipes-security/selinux/selinux-python/process-ValueError-for-sepolicy-seobject.patch
diff --git a/recipes-security/selinux/selinux-python_2.7.bb b/recipes-security/selinux/selinux-python_2.7.bb
new file mode 100644
index 0000000..f98be5f
--- /dev/null
+++ b/recipes-security/selinux/selinux-python_2.7.bb
@@ -0,0 +1,7 @@
+include selinux_20170804.inc
+include ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "b118229d34a6aec34471c3c2c9cac172"
+SRC_URI[sha256sum] = "4217cb965ecda96c91e15ffcc2e7ddd13ecc2bf5631100f3cd072a7616f140ed"
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 13/20] semodule-utils: add package 2.7 (20170804)
2017-09-13 2:42 [PATCH 00/20 V2] selinux: uprev to 2.7 (20170804) wenzong.fan
` (11 preceding siblings ...)
2017-09-13 2:42 ` [PATCH 12/20] selinux-python: " wenzong.fan
@ 2017-09-13 2:42 ` wenzong.fan
2017-09-13 2:42 ` [PATCH 14/20] selinux-dbus: " wenzong.fan
` (6 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: wenzong.fan @ 2017-09-13 2:42 UTC (permalink / raw)
To: yocto, mark.hatle, Joe_MacDonald
From: Wenzong Fan <wenzong.fan@windriver.com>
Move policycoreutils/semodule_* to semodule-utils/*:
- policycoreutils/semodule_deps -> semodule-utils/semodule_deps
- policycoreutils/semodule_expand -> semodule-utils/semodule_expand
- policycoreutils/semodule_link -> semodule-utils/semodule_link
- policycoreutils/semodule_package -> semodule-utils/semodule_package
* Cleanup policycoreutils.inc
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
recipes-security/selinux/policycoreutils.inc | 13 +------------
recipes-security/selinux/semodule-utils.inc | 27 ++++++++++++++++++++++++++
recipes-security/selinux/semodule-utils_2.7.bb | 7 +++++++
3 files changed, 35 insertions(+), 12 deletions(-)
create mode 100644 recipes-security/selinux/semodule-utils.inc
create mode 100644 recipes-security/selinux/semodule-utils_2.7.bb
diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc
index 05fd43d..8a9027b 100644
--- a/recipes-security/selinux/policycoreutils.inc
+++ b/recipes-security/selinux/policycoreutils.inc
@@ -75,10 +75,6 @@ PACKAGES =+ "\
${PN}-runinit \
${PN}-secon \
${PN}-semodule \
- ${PN}-semodule-deps \
- ${PN}-semodule-expand \
- ${PN}-semodule-link \
- ${PN}-semodule-package \
${PN}-sestatus \
${PN}-setfiles \
${PN}-setsebool \
@@ -102,13 +98,6 @@ FILES_${PN}-runinit += "\
FILES_${PN}-dbg += "${prefix}/libexec/selinux/hll/.debug"
FILES_${PN}-secon += "${bindir}/secon"
FILES_${PN}-semodule += "${sbindir}/semodule"
-FILES_${PN}-semodule-deps += "${bindir}/semodule_deps"
-FILES_${PN}-semodule-expand += "${bindir}/semodule_expand"
-FILES_${PN}-semodule-link += "${bindir}/semodule_link"
-FILES_${PN}-semodule-package += "\
- ${bindir}/semodule_package \
- ${bindir}/semodule_unpackage \
-"
FILES_${PN}-hll += "${prefix}/libexec/selinux/hll/*"
FILES_${PN}-sestatus += "\
${sbindir}/sestatus \
@@ -142,7 +131,7 @@ EXTRA_OEMAKE += "INITDIR=${D}/etc/init.d"
BBCLASSEXTEND = "native"
-PCU_NATIVE_CMDS = "setfiles semodule_package semodule semodule_link semodule_expand semodule_deps hll"
+PCU_NATIVE_CMDS = "setfiles semodule hll"
do_compile_virtclass-native() {
for PCU_CMD in ${PCU_NATIVE_CMDS} ; do
diff --git a/recipes-security/selinux/semodule-utils.inc b/recipes-security/selinux/semodule-utils.inc
new file mode 100644
index 0000000..1e92745
--- /dev/null
+++ b/recipes-security/selinux/semodule-utils.inc
@@ -0,0 +1,27 @@
+SUMMARY = "Utilities to manipulate SELinux policy module package"
+DESCRIPTION = "\
+The utilities to create, expand, link and show the dependencies between \
+the SELinux policy module packages."
+
+SECTION = "base"
+LICENSE = "GPLv2+"
+
+DEPENDS += "libsepol"
+
+EXTRA_OEMAKE += "LIBSEPOLA=${STAGING_LIBDIR}/libsepol.a"
+
+PACKAGES =+ "\
+ ${PN}-semodule-deps \
+ ${PN}-semodule-expand \
+ ${PN}-semodule-link \
+ ${PN}-semodule-package \
+"
+FILES_${PN}-semodule-deps += "${bindir}/semodule_deps"
+FILES_${PN}-semodule-expand += "${bindir}/semodule_expand"
+FILES_${PN}-semodule-link += "${bindir}/semodule_link"
+FILES_${PN}-semodule-package += "\
+ ${bindir}/semodule_package \
+ ${bindir}/semodule_unpackage \
+"
+
+BBCLASSEXTEND = "native"
diff --git a/recipes-security/selinux/semodule-utils_2.7.bb b/recipes-security/selinux/semodule-utils_2.7.bb
new file mode 100644
index 0000000..fbb88bf
--- /dev/null
+++ b/recipes-security/selinux/semodule-utils_2.7.bb
@@ -0,0 +1,7 @@
+include selinux_20170804.inc
+include ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "678e3a5225f9645d40fd9d13bbaa156f"
+SRC_URI[sha256sum] = "90c98b3362a43b4da2a51a9176820a56f3e615225e23e3395bc566c4490786ba"
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 14/20] selinux-dbus: add package 2.7 (20170804)
2017-09-13 2:42 [PATCH 00/20 V2] selinux: uprev to 2.7 (20170804) wenzong.fan
` (12 preceding siblings ...)
2017-09-13 2:42 ` [PATCH 13/20] semodule-utils: " wenzong.fan
@ 2017-09-13 2:42 ` wenzong.fan
2017-09-13 2:42 ` [PATCH 15/20] selinux-gui: " wenzong.fan
` (5 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: wenzong.fan @ 2017-09-13 2:42 UTC (permalink / raw)
To: yocto, mark.hatle, Joe_MacDonald
From: Wenzong Fan <wenzong.fan@windriver.com>
Move policycoreutils/sepolicy/dbus to dbus.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
recipes-security/selinux/selinux-dbus.inc | 14 ++++++++++++++
recipes-security/selinux/selinux-dbus_2.7.bb | 7 +++++++
2 files changed, 21 insertions(+)
create mode 100644 recipes-security/selinux/selinux-dbus.inc
create mode 100644 recipes-security/selinux/selinux-dbus_2.7.bb
diff --git a/recipes-security/selinux/selinux-dbus.inc b/recipes-security/selinux/selinux-dbus.inc
new file mode 100644
index 0000000..1b66136
--- /dev/null
+++ b/recipes-security/selinux/selinux-dbus.inc
@@ -0,0 +1,14 @@
+SUMMARY = "SELinux dbus service files"
+DESCRIPTION = "\
+Provide SELinux dbus service files and scripts."
+
+SECTION = "base"
+LICENSE = "GPLv2+"
+
+RDEPENDS_${PN} += "python selinux-python-sepolicy"
+
+FILES_${PN} += "\
+ ${datadir}/system-config-selinux/selinux_server.py \
+ ${datadir}/polkit-1/actions/org.selinux.policy \
+ ${datadir}/dbus-1/system-services/org.selinux.service \
+"
diff --git a/recipes-security/selinux/selinux-dbus_2.7.bb b/recipes-security/selinux/selinux-dbus_2.7.bb
new file mode 100644
index 0000000..a4f14ed
--- /dev/null
+++ b/recipes-security/selinux/selinux-dbus_2.7.bb
@@ -0,0 +1,7 @@
+include selinux_20170804.inc
+include ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "6944aa95cfb44e4d76b1aff48b38f08e"
+SRC_URI[sha256sum] = "a7f3dbe68c0d02cd1cbe6aac06e87c2957668cb88083389654fabacb79641ae4"
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 15/20] selinux-gui: add package 2.7 (20170804)
2017-09-13 2:42 [PATCH 00/20 V2] selinux: uprev to 2.7 (20170804) wenzong.fan
` (13 preceding siblings ...)
2017-09-13 2:42 ` [PATCH 14/20] selinux-dbus: " wenzong.fan
@ 2017-09-13 2:42 ` wenzong.fan
2017-09-13 2:42 ` [PATCH 16/20] policycoreutils: fixes for 2.7 uprev wenzong.fan
` (4 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: wenzong.fan @ 2017-09-13 2:42 UTC (permalink / raw)
To: yocto, mark.hatle, Joe_MacDonald
From: Wenzong Fan <wenzong.fan@windriver.com>
Move policycoreutils/gui to gui and cleanup policycoreutils.inc.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
recipes-security/selinux/policycoreutils.inc | 7 -------
recipes-security/selinux/selinux-gui.inc | 15 +++++++++++++++
recipes-security/selinux/selinux-gui_2.7.bb | 7 +++++++
3 files changed, 22 insertions(+), 7 deletions(-)
create mode 100644 recipes-security/selinux/selinux-gui.inc
create mode 100644 recipes-security/selinux/selinux-gui_2.7.bb
diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc
index 8a9027b..5e03ba0 100644
--- a/recipes-security/selinux/policycoreutils.inc
+++ b/recipes-security/selinux/policycoreutils.inc
@@ -78,7 +78,6 @@ PACKAGES =+ "\
${PN}-sestatus \
${PN}-setfiles \
${PN}-setsebool \
- system-config-selinux \
"
FILES_${PN}-fixfiles += "${base_sbindir}/fixfiles"
FILES_${PN}-genhomedircon += "${sbindir}/genhomedircon"
@@ -112,12 +111,6 @@ FILES_${PN}-setsebool += "\
${datadir}/bash-completion/completions/setsebool \
"
-FILES_system-config-selinux = " \
- ${datadir}/system-config-selinux/* \
- ${datadir}/icons/hicolor/ \
- ${datadir}/polkit-1/actions/org.selinux.config.policy \
-"
-
export STAGING_INCDIR
export STAGING_LIBDIR
export BUILD_SYS
diff --git a/recipes-security/selinux/selinux-gui.inc b/recipes-security/selinux/selinux-gui.inc
new file mode 100644
index 0000000..1096f3f
--- /dev/null
+++ b/recipes-security/selinux/selinux-gui.inc
@@ -0,0 +1,15 @@
+SUMMARY = "SELinux GUI tools"
+DESCRIPTION = "\
+Provide SELinux Management tool (system-config-selinux) and SELinux \
+Policy Generation Tool (selinux-polgengui)"
+
+SECTION = "base"
+LICENSE = "GPLv2+"
+
+RDEPENDS_${PN} += "python"
+
+FILES_${PN} += " \
+ ${datadir}/system-config-selinux/* \
+ ${datadir}/icons/hicolor/* \
+ ${datadir}/polkit-1/actions/org.selinux.config.policy \
+"
diff --git a/recipes-security/selinux/selinux-gui_2.7.bb b/recipes-security/selinux/selinux-gui_2.7.bb
new file mode 100644
index 0000000..3531591
--- /dev/null
+++ b/recipes-security/selinux/selinux-gui_2.7.bb
@@ -0,0 +1,7 @@
+include selinux_20170804.inc
+include ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "f3555cb50a9e67b42bc917ede1982c7d"
+SRC_URI[sha256sum] = "693fb3347041b5a2273c52c33be0a256b109e60f2039ae1d7e90ba8a2ec0324f"
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 16/20] policycoreutils: fixes for 2.7 uprev
2017-09-13 2:42 [PATCH 00/20 V2] selinux: uprev to 2.7 (20170804) wenzong.fan
` (14 preceding siblings ...)
2017-09-13 2:42 ` [PATCH 15/20] selinux-gui: " wenzong.fan
@ 2017-09-13 2:42 ` wenzong.fan
2017-09-13 2:42 ` [PATCH 17/20] refpolicy_common: depends on semodule-utils-native wenzong.fan
` (3 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: wenzong.fan @ 2017-09-13 2:42 UTC (permalink / raw)
To: yocto, mark.hatle, Joe_MacDonald
From: Wenzong Fan <wenzong.fan@windriver.com>
Remove setools from DEPENDS/RDEPENDS, it was required by sepolicy,
sepolgen, semanage which have been moved to python/*.
Rebase patch:
- policycoreutils-fixfiles-de-bashify.patch
Drop useless patch:
- policycoreutils-loadpolicy-symlink.patch
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
recipes-security/selinux/policycoreutils.inc | 4 +-
.../policycoreutils-fixfiles-de-bashify.patch | 53 ++++++++++------------
recipes-security/selinux/policycoreutils_2.7.bb | 3 --
3 files changed, 27 insertions(+), 33 deletions(-)
diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc
index 5e03ba0..fc181f7 100644
--- a/recipes-security/selinux/policycoreutils.inc
+++ b/recipes-security/selinux/policycoreutils.inc
@@ -16,7 +16,7 @@ PAM_SRC_URI = "file://pam.d/newrole \
"
DEPENDS += "libsepol libselinux libsemanage libcap gettext-native"
-EXTRA_DEPENDS = "libcap-ng libcgroup setools"
+EXTRA_DEPENDS = "libcap-ng libcgroup"
DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}"
inherit selinux pythonnative
@@ -60,7 +60,7 @@ RDEPENDS_${BPN}-setsebool += "\
libselinux \
libsemanage \
"
-RDEPENDS_${BPN} += "setools setools-libs selinux-python"
+RDEPENDS_${BPN} += "selinux-python"
WARN_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${WARN_QA}', d)}"
ERROR_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${ERROR_QA}', d)}"
diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch b/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch
index 44d7525..0144de7 100644
--- a/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch
+++ b/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch
@@ -13,12 +13,13 @@ so we'll try that instead.
Upstream-Status: Pending
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
- scripts/fixfiles | 26 +++++++++++++++-----------
- 1 file changed, 15 insertions(+), 11 deletions(-)
+ scripts/fixfiles | 23 ++++++++++++++---------
+ 1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/scripts/fixfiles b/scripts/fixfiles
-index 5c29eb9..10a5078 100755
+index 1aa330f..a10837d 100755
--- a/scripts/fixfiles
+++ b/scripts/fixfiles
@@ -1,4 +1,4 @@
@@ -27,29 +28,39 @@ index 5c29eb9..10a5078 100755
# fixfiles
#
# Script to restore labels on a SELinux box
-@@ -25,7 +25,7 @@
+@@ -27,7 +27,7 @@ set -o nounset
# number if the current kernel version is greater than 2.6.30, a negative
# number if the current is less than 2.6.30 and 0 if they are the same.
#
-function useseclabel {
-+useseclabel() {
++useseclabel {
VER=`uname -r`
SUP=2.6.30
expr '(' "$VER" : '\([^.]*\)' ')' '-' '(' "$SUP" : '\([^.]*\)' ')' '|' \
-@@ -91,9 +91,9 @@ exclude_dirs_from_relabelling() {
+@@ -93,9 +93,10 @@ exclude_dirs_from_relabelling() {
# skip not absolute path
# skip not directory
[ -z "${i}" ] && continue
-- [[ "${i}" =~ "^[[:blank:]]*#" ]] && continue
+- [[ "${i}" =~ ^[[:blank:]]*# ]] && continue
- [[ ! "${i}" =~ ^/.* ]] && continue
- [[ ! -d "${i}" ]] && continue
+ echo "${i}" | egrep -q '^[[:space:]]*#' && continue
+ echo "${i}" | egrep -v '^/.*' && continue
+ [ ! -d "${i}" ] && continue
++
exclude_from_relabelling="$exclude_from_relabelling -e $i"
- logit "skipping the directory $i"
done < /etc/selinux/fixfiles_exclude_dirs
-@@ -205,8 +205,12 @@ fi
+ fi
+@@ -138,7 +139,7 @@ fi
+ # Log directories excluded from relabelling by configuration file
+ #
+ LogExcluded() {
+-for i in ${EXCLUDEDIRS//-e / }; do
++for i in `echo ${EXCLUDEDIRS} | sed -e 's/-e / /g'`; do
+ echo "skipping the directory $i"
+ done
+ }
+@@ -201,8 +202,12 @@ fi
}
rpmlist() {
@@ -64,29 +75,15 @@ index 5c29eb9..10a5078 100755
}
#
-@@ -233,10 +237,10 @@ if [ -n "${exclude_dirs}" ]
- then
- TEMPFCFILE=`mktemp ${FC}.XXXXXXXXXX`
- test -z "$TEMPFCFILE" && exit
-- /bin/cp -p ${FC} ${TEMPFCFILE} &>/dev/null || exit
-- tmpdirs=${tempdirs//-e/}
-- for p in ${tmpdirs}
-+ /bin/cp -p ${FC} ${TEMPFCFILE} >/dev/null 2>&1 || exit
-+ for p in ${tempdirs}
- do
-+ [ ${p} = "-e" ] && continue
- p="${p%/}"
- p1="${p}(/.*)? -- <<none>>"
- echo "${p1}" >> $TEMPFCFILE
-@@ -288,7 +292,7 @@ relabel() {
- restore Relabel
+@@ -276,7 +281,7 @@ relabel() {
+ exit 1
fi
- if [ $fullFlag == 1 ]; then
-+ if [ $fullFlag = 1 ]; then
++ if [ $fullFlag = 1 ]; then
fullrelabel
+ return
fi
-
--
-1.9.1
+2.13.0
diff --git a/recipes-security/selinux/policycoreutils_2.7.bb b/recipes-security/selinux/policycoreutils_2.7.bb
index aa4870d..78bf031 100644
--- a/recipes-security/selinux/policycoreutils_2.7.bb
+++ b/recipes-security/selinux/policycoreutils_2.7.bb
@@ -6,6 +6,3 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
SRC_URI[md5sum] = "65311b66ae01f7b7ad7c2ea7401b68ed"
SRC_URI[sha256sum] = "0a1b8a4a323b854981c6755ff025fe98a0f1cff307f109abb260f0490f13e4f4"
-SRC_URI += "\
- file://policycoreutils-loadpolicy-symlink.patch \
- "
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 17/20] refpolicy_common: depends on semodule-utils-native
2017-09-13 2:42 [PATCH 00/20 V2] selinux: uprev to 2.7 (20170804) wenzong.fan
` (15 preceding siblings ...)
2017-09-13 2:42 ` [PATCH 16/20] policycoreutils: fixes for 2.7 uprev wenzong.fan
@ 2017-09-13 2:42 ` wenzong.fan
2017-09-13 2:43 ` [PATCH 18/20] setools: uprev to 4.1.1 wenzong.fan
` (2 subsequent siblings)
19 siblings, 0 replies; 21+ messages in thread
From: wenzong.fan @ 2017-09-13 2:42 UTC (permalink / raw)
To: yocto, mark.hatle, Joe_MacDonald
From: Wenzong Fan <wenzong.fan@windriver.com>
Those tools have been moved from policycoreutils to semodule-utils:
semodule_deps, semodule_expand, semodule_link, semodule_package
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
recipes-security/refpolicy/refpolicy_common.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index 4a7b7eb..2ce02ac 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -29,7 +29,7 @@ FILES_${PN}-dev =+ " \
EXTRANATIVEPATH += "bzip2-native"
-DEPENDS += "bzip2-replacement-native checkpolicy-native policycoreutils-native m4-native"
+DEPENDS += "bzip2-replacement-native checkpolicy-native policycoreutils-native semodule-utils-native m4-native"
RDEPENDS_${PN}-dev =+ " \
python \
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 18/20] setools: uprev to 4.1.1
2017-09-13 2:42 [PATCH 00/20 V2] selinux: uprev to 2.7 (20170804) wenzong.fan
` (16 preceding siblings ...)
2017-09-13 2:42 ` [PATCH 17/20] refpolicy_common: depends on semodule-utils-native wenzong.fan
@ 2017-09-13 2:43 ` wenzong.fan
2017-09-13 2:43 ` [PATCH 19/20] packagegroup-*: sync package names wenzong.fan
2017-09-13 2:43 ` [PATCH 20/20] selinux-python: add setools to RDEPENDS wenzong.fan
19 siblings, 0 replies; 21+ messages in thread
From: wenzong.fan @ 2017-09-13 2:43 UTC (permalink / raw)
To: yocto, mark.hatle, Joe_MacDonald
From: Wenzong Fan <wenzong.fan@windriver.com>
SETools v4 is a rewrite of SETools in Python, details refer to:
https://github.com/TresysTechnology/setools/wiki/Changes-Since-SETools-v3
Changes for upreving:
* removed setools_3.3.8.bb and all useless patch
* add patches to fix cross-compiling issues:
- setools4-fixes-for-cross-compiling.patch
- setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
...-Don-t-check-selinux-policies-if-disabled.patch | 25 --
.../setools-Fix-man-pages-and-getoptions.patch | 80 ------
.../setools-Fix-output-to-match-policy-lines.patch | 36 ---
...-Fix-python-setools-Makefile.am-for-cross.patch | 33 ---
...-sepol-calls-to-work-with-latest-libsepol.patch | 36 ---
.../setools-Fix-test-bug-for-unary-operator.patch | 25 --
.../setools/setools-Remove-unused-variables.patch | 279 ---------------------
...s-Update-for-2015-02-02-Userspace-release.patch | 114 ---------
.../setools/setools/setools-configure-ac.patch | 107 --------
.../setools-configure-with-latest-libsepol.patch | 33 ---
.../setools/setools/setools-cross-ar.patch | 17 --
.../setools-neverallow-rules-all-always-fail.patch | 31 ---
...ols-seinfo-should-exit-with-correct-errno.patch | 134 ----------
recipes-security/setools/setools/setools.pam | 4 -
...x-cross-compiling-errors-for-powerpc-mips.patch | 35 +++
.../setools4-fixes-for-cross-compiling.patch | 40 +++
recipes-security/setools/setools_3.3.8.bb | 103 --------
recipes-security/setools/setools_4.1.1.bb | 35 +++
18 files changed, 110 insertions(+), 1057 deletions(-)
delete mode 100644 recipes-security/setools/setools/setools-Don-t-check-selinux-policies-if-disabled.patch
delete mode 100644 recipes-security/setools/setools/setools-Fix-man-pages-and-getoptions.patch
delete mode 100644 recipes-security/setools/setools/setools-Fix-output-to-match-policy-lines.patch
delete mode 100644 recipes-security/setools/setools/setools-Fix-python-setools-Makefile.am-for-cross.patch
delete mode 100644 recipes-security/setools/setools/setools-Fix-sepol-calls-to-work-with-latest-libsepol.patch
delete mode 100644 recipes-security/setools/setools/setools-Fix-test-bug-for-unary-operator.patch
delete mode 100644 recipes-security/setools/setools/setools-Remove-unused-variables.patch
delete mode 100644 recipes-security/setools/setools/setools-Update-for-2015-02-02-Userspace-release.patch
delete mode 100644 recipes-security/setools/setools/setools-configure-ac.patch
delete mode 100644 recipes-security/setools/setools/setools-configure-with-latest-libsepol.patch
delete mode 100644 recipes-security/setools/setools/setools-cross-ar.patch
delete mode 100644 recipes-security/setools/setools/setools-neverallow-rules-all-always-fail.patch
delete mode 100644 recipes-security/setools/setools/setools-seinfo-should-exit-with-correct-errno.patch
delete mode 100644 recipes-security/setools/setools/setools.pam
create mode 100644 recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
create mode 100644 recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch
delete mode 100644 recipes-security/setools/setools_3.3.8.bb
create mode 100644 recipes-security/setools/setools_4.1.1.bb
diff --git a/recipes-security/setools/setools/setools-Don-t-check-selinux-policies-if-disabled.patch b/recipes-security/setools/setools/setools-Don-t-check-selinux-policies-if-disabled.patch
deleted file mode 100644
index ed841e8..0000000
--- a/recipes-security/setools/setools/setools-Don-t-check-selinux-policies-if-disabled.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 7515aa80e7ead8d3016ea161e5d0eb9c59399278 Mon Sep 17 00:00:00 2001
-From: Xin Ouyang <Xin.Ouyang@windriver.com>
-Date: Wed, 7 Mar 2012 14:36:19 +0800
-Subject: [PATCH] setools: Don't check selinux policies if disabled.
-
----
- configure.ac | 2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index e1db271..899e5e9 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -390,7 +390,7 @@ if test "x${enable_selinux_check}" = "xyes"; then
- use_selinux=yes
- fi
- else
-- use_selinux=yes
-+ use_selinux=no
- fi
-
- AC_CACHE_SAVE
---
-1.7.5.4
-
diff --git a/recipes-security/setools/setools/setools-Fix-man-pages-and-getoptions.patch b/recipes-security/setools/setools/setools-Fix-man-pages-and-getoptions.patch
deleted file mode 100644
index 455da1e..0000000
--- a/recipes-security/setools/setools/setools-Fix-man-pages-and-getoptions.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From ecaccf49ee95fe2c3a57a0d2184aaec98a967172 Mon Sep 17 00:00:00 2001
-From: Xin Ouyang <Xin.Ouyang@windriver.com>
-Date: Wed, 7 Mar 2012 10:53:36 +0800
-Subject: [PATCH 3/7] setools: Fix man pages and getoptions
-
-Integrated from Fedora:
-https://community.dev.fedoraproject.org/packages/setools/sources/patches/
----
- man/replcon.1 | 2 ++
- man/seinfo.1 | 6 +++++-
- seaudit/seaudit-report.c | 2 +-
- sediff/sediff.c | 2 +-
- 4 files changed, 9 insertions(+), 3 deletions(-)
-
-diff --git a/man/replcon.1 b/man/replcon.1
-index 8aca08a..478dc51 100644
---- a/man/replcon.1
-+++ b/man/replcon.1
-@@ -44,6 +44,8 @@ Search for files which include PATH.
- .IP "-c CLASS, --class=CLASS"
- Search only files of object class CLASS.
- .SH OPTIONS
-+.IP "-R, --regex"
-+Enable regular expressions
- .IP "-v, --verbose"
- Display context info during replacement.
- .IP "-h, --help"
-diff --git a/man/seinfo.1 b/man/seinfo.1
-index 8612119..6bc17db 100644
---- a/man/seinfo.1
-+++ b/man/seinfo.1
-@@ -76,6 +76,10 @@ There is no expanded information for this component.
- .IP "--nodecon[=ADDR]"
- Print a list of node contexts or, if ADDR is provided, print the statement for the node with address ADDR.
- There is no expanded information for this component.
-+.IP "--polcap"
-+Print policy capabilities.
-+.IP "--permissive"
-+Print permissive types.
- .IP "--portcon[=PORT]"
- Print a list of port contexts or, if PORT is provided, print the statement for port PORT.
- There is no expanded information for this component.
-@@ -93,7 +97,7 @@ These details include the types assigned to an attribute or role and the permiss
- This option is not available for all component types; see the description of each component for the details this option will provide.
- .IP "--stats"
- Print policy statistics including policy type and version information and counts of all components and rules.
--.IP "-l"
-+.IP "-l, --line-breaks"
- Print line breaks when displaying constraint statements.
- .IP "-h, --help"
- Print help information and exit.
-diff --git a/seaudit/seaudit-report.c b/seaudit/seaudit-report.c
-index af3c6fb..d436c18 100644
---- a/seaudit/seaudit-report.c
-+++ b/seaudit/seaudit-report.c
-@@ -100,7 +100,7 @@ static void seaudit_report_info_usage(const char *program_name, int brief)
- printf(" -s, --stdin read log data from standard input\n");
- printf(" -m, --malformed include malformed log messages\n");
- printf(" -o FILE, --output=FILE output to FILE\n");
-- printf(" --config=FILE read configuration from FILE\n");
-+ printf(" -c FILE, --config=FILE read configuration from FILE\n");
- printf(" --html set output format to HTML\n");
- printf(" --stylesheet=FILE HTML style sheet for formatting HTML report\n");
- printf(" (ignored if --html is not given)\n");
-diff --git a/sediff/sediff.c b/sediff/sediff.c
-index 6022775..341c650 100644
---- a/sediff/sediff.c
-+++ b/sediff/sediff.c
-@@ -420,7 +420,7 @@ int main(int argc, char **argv)
- poldiff_t *diff = NULL;
- size_t total = 0;
-
-- while ((optc = getopt_long(argc, argv, "ctarubANDLMCRqhV", longopts, NULL)) != -1) {
-+ while ((optc = getopt_long(argc, argv, "ctarubAqhV", longopts, NULL)) != -1) {
- switch (optc) {
- case 0:
- break;
---
-1.7.5.4
-
diff --git a/recipes-security/setools/setools/setools-Fix-output-to-match-policy-lines.patch b/recipes-security/setools/setools/setools-Fix-output-to-match-policy-lines.patch
deleted file mode 100644
index c397aa6..0000000
--- a/recipes-security/setools/setools/setools-Fix-output-to-match-policy-lines.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 81f2221ab707ca8d5e204b0f9be61d537888e439 Mon Sep 17 00:00:00 2001
-From: Xin Ouyang <Xin.Ouyang@windriver.com>
-Date: Wed, 7 Mar 2012 11:03:00 +0800
-Subject: [PATCH 7/7] setools: Fix output to match policy lines
-
-Integrated from Fedora:
-https://community.dev.fedoraproject.org/packages/setools/sources/patches/
----
- libapol/src/ftrule-query.c | 4 ++--
- 1 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/libapol/src/ftrule-query.c b/libapol/src/ftrule-query.c
-index 9c7a23b..1d5f5c8 100644
---- a/libapol/src/ftrule-query.c
-+++ b/libapol/src/ftrule-query.c
-@@ -282,7 +282,7 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena
- error = errno;
- goto err;
- }
-- if (apol_str_appendf(&tmp, &tmp_sz, "transition_type %s ", tmp_name)) {
-+ if (apol_str_appendf(&tmp, &tmp_sz, "type_transition %s ", tmp_name)) {
- error = errno;
- ERR(policy, "%s", strerror(error));
- goto err;
-@@ -338,7 +338,7 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena
- goto err;
- }
-
-- if (apol_str_appendf(&tmp, &tmp_sz, " %s", tmp_name)) {
-+ if (apol_str_appendf(&tmp, &tmp_sz, " \"%s\"", tmp_name)) {
- error = errno;
- ERR(policy, "%s", strerror(error));
- goto err;
---
-1.7.5.4
-
diff --git a/recipes-security/setools/setools/setools-Fix-python-setools-Makefile.am-for-cross.patch b/recipes-security/setools/setools/setools-Fix-python-setools-Makefile.am-for-cross.patch
deleted file mode 100644
index c4d062a..0000000
--- a/recipes-security/setools/setools/setools-Fix-python-setools-Makefile.am-for-cross.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 7d386c429202b393aa4ca281a11b5e1f2259b109 Mon Sep 17 00:00:00 2001
-From: Xin Ouyang <Xin.Ouyang@windriver.com>
-Date: Wed, 7 Mar 2012 15:43:41 +0800
-Subject: [PATCH] setools: Fix python/setools/Makefile.am for cross.
-
----
- python/setools/Makefile.am | 6 +++---
- 1 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/python/setools/Makefile.am b/python/setools/Makefile.am
-index c4635fb..80aa385 100644
---- a/python/setools/Makefile.am
-+++ b/python/setools/Makefile.am
-@@ -22,13 +22,13 @@ sesearch_SOURCES = sesearch.c
- python-build: sesearch.c seinfo.c
- @mkdir -p setools
- @cp __init__.py setools
-- LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" INCLUDES="$(QPOL_CFLAGS) $(APOL_CFLAGS)" $(PYTHON) setup.py build
-+ CC="${CC}" LDSHARED="$(CC) -shared" LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG) $(PYTHON_LDFLAGS)" INCLUDES="$(QPOL_CFLAGS) $(APOL_CFLAGS) $(PYTHON_CPPFLAGS)" ${PYTHON} setup.py build
-
- install-exec-hook:
-- $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
-+ $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR) --install-lib=$(PYTHON_SITE_PKG)`
-
- uninstall-hook:
-- $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
-+ $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR) --install-lib=$(PYTHON_SITE_PKG)`
-
- clean-local:
- $(PYTHON) setup.py clean -a
---
-1.7.5.4
-
diff --git a/recipes-security/setools/setools/setools-Fix-sepol-calls-to-work-with-latest-libsepol.patch b/recipes-security/setools/setools/setools-Fix-sepol-calls-to-work-with-latest-libsepol.patch
deleted file mode 100644
index 8519ab2..0000000
--- a/recipes-security/setools/setools/setools-Fix-sepol-calls-to-work-with-latest-libsepol.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 16d3a0b41273be4289f70d1d63fb983721bb60c0 Mon Sep 17 00:00:00 2001
-From: Xin Ouyang <Xin.Ouyang@windriver.com>
-Date: Wed, 7 Mar 2012 10:54:55 +0800
-Subject: [PATCH 4/7] setools: Fix sepol calls to work with latest libsepol
-
-Integrated from Fedora:
-https://community.dev.fedoraproject.org/packages/setools/sources/patches/
----
- configure.ac | 4 ++--
- 1 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index e837e03..3c11e23 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -505,7 +505,7 @@ AC_COMPILE_IFELSE(
- [AC_LANG_SOURCE([
- #include <sepol/policydb/expand.h>
- int main () {
-- return role_set_expand(NULL, NULL, NULL, NULL);
-+ return role_set_expand(NULL, NULL, NULL, NULL, NULL);
- }])],
- sepol_new_user_role_mapping="yes",
- sepol_new_user_role_mapping="no")
-@@ -541,7 +541,7 @@ if test ${sepol_check_boolmap} = "yes"; then
- [AC_LANG_SOURCE([
- #include <sepol/policydb/expand.h>
- int main () {
-- return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0);
-+ return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0);
- }])],
- AC_MSG_RESULT([yes]),
- AC_MSG_ERROR([this version of libsepol is incompatible with SETools]))
---
-1.7.5.4
-
diff --git a/recipes-security/setools/setools/setools-Fix-test-bug-for-unary-operator.patch b/recipes-security/setools/setools/setools-Fix-test-bug-for-unary-operator.patch
deleted file mode 100644
index 7b6e539..0000000
--- a/recipes-security/setools/setools/setools-Fix-test-bug-for-unary-operator.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 5f574dc0fb68fe07c5b611ca34c01b8484735aab Mon Sep 17 00:00:00 2001
-From: Xin Ouyang <Xin.Ouyang@windriver.com>
-Date: Wed, 7 Mar 2012 14:47:44 +0800
-Subject: [PATCH] setools: Fix "test" bug for unary operator.
-
-configure: line 22969: test: =: unary operator expected
----
- configure.ac | 1 +
- 1 files changed, 1 insertions(+), 0 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 899e5e9..6854c69 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -233,6 +233,7 @@ if test ${do_swigify} = "yes"; then
- AC_PROG_SWIG(2.0.0)
- fi
- build_apol=yes
-+do_swigify_tcl=no
- AC_ARG_ENABLE(swig-tcl,
- AC_HELP_STRING([--enable-swig-tcl],
- [build SWIG interfaces for Tcl (default)]),
---
-1.7.5.4
-
diff --git a/recipes-security/setools/setools/setools-Remove-unused-variables.patch b/recipes-security/setools/setools/setools-Remove-unused-variables.patch
deleted file mode 100644
index f991819..0000000
--- a/recipes-security/setools/setools/setools-Remove-unused-variables.patch
+++ /dev/null
@@ -1,279 +0,0 @@
-From d8a4502fae7118796558e523a6dc0a6a5f9adec9 Mon Sep 17 00:00:00 2001
-From: Xin Ouyang <Xin.Ouyang@windriver.com>
-Date: Wed, 7 Mar 2012 11:02:10 +0800
-Subject: [PATCH 6/7] setools: Remove unused variables
-
-Integrated from Fedora:
-https://community.dev.fedoraproject.org/packages/setools/sources/patches/
----
- libapol/src/ftrule-query.c | 11 ++----
- libqpol/src/ftrule_query.c | 2 -
- secmds/sesearch.c | 86 +++++++++++++++++++++++++++++++++-----------
- 3 files changed, 68 insertions(+), 31 deletions(-)
-
-diff --git a/libapol/src/ftrule-query.c b/libapol/src/ftrule-query.c
-index dc248de..9c7a23b 100644
---- a/libapol/src/ftrule-query.c
-+++ b/libapol/src/ftrule-query.c
-@@ -45,14 +45,11 @@ struct apol_filename_trans_query
- int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filename_trans_query_t * t, apol_vector_t ** v)
- {
- apol_vector_t *source_list = NULL, *target_list = NULL, *class_list = NULL, *default_list = NULL;
-- int retval = -1, source_as_any = 0, is_regex = 0, append_filename_trans;
-- char *bool_name = NULL;
-+ int retval = -1, source_as_any = 0, is_regex = 0;
- *v = NULL;
-- unsigned int flags = 0;
-- qpol_iterator_t *iter = NULL, *type_iter = NULL;
-+ qpol_iterator_t *iter = NULL;
-
- if (t != NULL) {
-- flags = t->flags;
- is_regex = t->flags & APOL_QUERY_REGEX;
- if (t->source != NULL &&
- (source_list =
-@@ -104,7 +101,7 @@ int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filenam
- if (qpol_iterator_get_item(iter, (void **)&filename_trans) < 0) {
- goto cleanup;
- }
-- int match_source = 0, match_target = 0, match_default = 0, match_bool = 0;
-+ int match_source = 0, match_target = 0, match_default = 0;
- size_t i;
-
- if (source_list == NULL) {
-@@ -265,10 +262,8 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena
- {
- char *tmp = NULL;
- const char *tmp_name = NULL;
-- const char *filename_trans_type_str;
- int error = 0;
- size_t tmp_sz = 0;
-- uint32_t filename_trans_type = 0;
- const qpol_type_t *type = NULL;
- const qpol_class_t *obj_class = NULL;
-
-diff --git a/libqpol/src/ftrule_query.c b/libqpol/src/ftrule_query.c
-index d6db848..3148d30 100644
---- a/libqpol/src/ftrule_query.c
-+++ b/libqpol/src/ftrule_query.c
-@@ -254,7 +254,6 @@ int qpol_filename_trans_get_default_type(const qpol_policy_t * policy, const qpo
-
- int qpol_filename_trans_get_filename(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, const char ** name)
- {
-- policydb_t *db = NULL;
- filename_trans_t *ft = NULL;
-
- if (name) {
-@@ -267,7 +266,6 @@ int qpol_filename_trans_get_filename(const qpol_policy_t * policy, const qpol_fi
- return STATUS_ERR;
- }
-
-- db = &policy->p->p;
- ft = (filename_trans_t *) rule;
-
- *name = ft->name;
-diff --git a/secmds/sesearch.c b/secmds/sesearch.c
-index e44b3bc..319ffe7 100644
---- a/secmds/sesearch.c
-+++ b/secmds/sesearch.c
-@@ -72,6 +72,7 @@ static struct option const longopts[] = {
-
- {"source", required_argument, NULL, 's'},
- {"target", required_argument, NULL, 't'},
-+ {"default", required_argument, NULL, 'D'},
- {"role_source", required_argument, NULL, EXPR_ROLE_SOURCE},
- {"role_target", required_argument, NULL, EXPR_ROLE_TARGET},
- {"class", required_argument, NULL, 'c'},
-@@ -92,6 +93,7 @@ typedef struct options
- {
- char *src_name;
- char *tgt_name;
-+ char *default_name;
- char *src_role_name;
- char *tgt_role_name;
- char *class_name;
-@@ -293,7 +295,8 @@ static void print_syn_av_results(const apol_policy_t * policy, const options_t *
- tmp = apol_cond_expr_render(policy, cond);
- enable_char = (enabled ? 'E' : 'D');
- branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F');
-- asprintf(&expr, "[ %s ]", tmp);
-+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
-+ goto cleanup;
- free(tmp);
- tmp = NULL;
- if (!expr)
-@@ -356,7 +359,8 @@ static void print_av_results(const apol_policy_t * policy, const options_t * opt
- qpol_iterator_destroy(&iter);
- enable_char = (enabled ? 'E' : 'D');
- branch_char = (list ? 'T' : 'F');
-- asprintf(&expr, "[ %s ]", tmp);
-+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
-+ goto cleanup;
- free(tmp);
- tmp = NULL;
- if (!expr)
-@@ -488,7 +492,8 @@ static void print_syn_te_results(const apol_policy_t * policy, const options_t *
- tmp = apol_cond_expr_render(policy, cond);
- enable_char = (enabled ? 'E' : 'D');
- branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F');
-- asprintf(&expr, "[ %s ]", tmp);
-+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
-+ goto cleanup;
- free(tmp);
- tmp = NULL;
- if (!expr)
-@@ -553,7 +558,8 @@ static void print_te_results(const apol_policy_t * policy, const options_t * opt
- qpol_iterator_destroy(&iter);
- enable_char = (enabled ? 'E' : 'D');
- branch_char = (list ? 'T' : 'F');
-- asprintf(&expr, "[ %s ]", tmp);
-+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
-+ goto cleanup;
- free(tmp);
- tmp = NULL;
- if (!expr)
-@@ -586,7 +592,7 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt,
- return -1;
- }
-
-- if (!opt->type == QPOL_RULE_TYPE_TRANS && !opt->all) {
-+ if (!opt->type && !opt->all) {
- *v = NULL;
- return 0; /* no search to do */
- }
-@@ -600,17 +606,44 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt,
-
- apol_filename_trans_query_set_regex(policy, ftq, opt->useregex);
- if (opt->src_name) {
-- if (apol_filename_trans_query_set_source(policy, ftq, opt->src_name)) {
-+ if (apol_filename_trans_query_set_source(policy, ftq, opt->src_name, opt->indirect)) {
- error = errno;
- goto err;
- }
- }
-+
- if (opt->tgt_name) {
- if (apol_filename_trans_query_set_target(policy, ftq, opt->tgt_name, opt->indirect)) {
- error = errno;
- goto err;
- }
- }
-+ if (opt->default_name) {
-+ if (apol_filename_trans_query_set_default(policy, ftq, opt->default_name)) {
-+ error = errno;
-+ goto err;
-+ }
-+ }
-+
-+ if (opt->class_name) {
-+ if (opt->class_vector == NULL) {
-+ if (apol_filename_trans_query_append_class(policy, ftq, opt->class_name)) {
-+ error = errno;
-+ goto err;
-+ }
-+ } else {
-+ for (size_t i = 0; i < apol_vector_get_size(opt->class_vector); ++i) {
-+ char *class_name;
-+ class_name = apol_vector_get_element(opt->class_vector, i);
-+ if (!class_name)
-+ continue;
-+ if (apol_filename_trans_query_append_class(policy, ftq, class_name)) {
-+ error = errno;
-+ goto err;
-+ }
-+ }
-+ }
-+ }
-
- if (apol_filename_trans_get_by_query(policy, ftq, v)) {
- error = errno;
-@@ -630,37 +663,36 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt,
-
- static void print_ft_results(const apol_policy_t * policy, const options_t * opt, const apol_vector_t * v)
- {
-- qpol_policy_t *q = apol_policy_get_qpol(policy);
-- size_t i, num_rules = 0;
-- const qpol_filename_trans_t *rule = NULL;
-- char *tmp = NULL, *rule_str = NULL, *expr = NULL;
-+ size_t i, num_filename_trans = 0;
-+ const qpol_filename_trans_t *filename_trans = NULL;
-+ char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL;
- char enable_char = ' ', branch_char = ' ';
- qpol_iterator_t *iter = NULL;
- const qpol_cond_t *cond = NULL;
- uint32_t enabled = 0, list = 0;
-
-- if (!(num_rules = apol_vector_get_size(v)))
-+ if (!(num_filename_trans = apol_vector_get_size(v)))
- goto cleanup;
-
-- fprintf(stdout, "Found %zd named file transition rules:\n", num_rules);
-+ fprintf(stdout, "Found %zd named file transition filename_trans:\n", num_filename_trans);
-
-- for (i = 0; i < num_rules; i++) {
-+ for (i = 0; i < num_filename_trans; i++) {
- enable_char = branch_char = ' ';
-- if (!(rule = apol_vector_get_element(v, i)))
-+ if (!(filename_trans = apol_vector_get_element(v, i)))
- goto cleanup;
-
-- if (!(rule_str = apol_filename_trans_render(policy, rule)))
-+ if (!(filename_trans_str = apol_filename_trans_render(policy, filename_trans)))
- goto cleanup;
-- fprintf(stdout, "%s %s\n", rule_str, expr ? expr : "");
-- free(rule_str);
-- rule_str = NULL;
-+ fprintf(stdout, "%s %s\n", filename_trans_str, expr ? expr : "");
-+ free(filename_trans_str);
-+ filename_trans_str = NULL;
- free(expr);
- expr = NULL;
- }
-
- cleanup:
- free(tmp);
-- free(rule_str);
-+ free(filename_trans_str);
- free(expr);
- }
-
-@@ -930,7 +962,7 @@ int main(int argc, char **argv)
-
- memset(&cmd_opts, 0, sizeof(cmd_opts));
- cmd_opts.indirect = true;
-- while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dRnSChV", longopts, NULL)) != -1) {
-+ while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dD:RnSChV", longopts, NULL)) != -1) {
- switch (optc) {
- case 0:
- break;
-@@ -946,6 +978,18 @@ int main(int argc, char **argv)
- exit(1);
- }
- break;
-+ case 'D': /* source */
-+ if (optarg == 0) {
-+ usage(argv[0], 1);
-+ printf("Missing source default type for -D (--default)\n");
-+ exit(1);
-+ }
-+ cmd_opts.default_name = strdup(optarg);
-+ if (!cmd_opts.default_name) {
-+
-+ exit(1);
-+ }
-+ break;
- case 't': /* target */
- if (optarg == 0) {
- usage(argv[0], 1);
-@@ -1218,7 +1262,7 @@ int main(int argc, char **argv)
- fprintf(stdout, "\n");
- }
-
-- if (cmd_opts.all || cmd_opts.type == QPOL_RULE_TYPE_TRANS) {
-+ if (cmd_opts.all || cmd_opts.type) {
- apol_vector_destroy(&v);
- if (perform_ft_query(policy, &cmd_opts, &v)) {
- rt = 1;
---
-1.7.5.4
-
diff --git a/recipes-security/setools/setools/setools-Update-for-2015-02-02-Userspace-release.patch b/recipes-security/setools/setools/setools-Update-for-2015-02-02-Userspace-release.patch
deleted file mode 100644
index c8fc3f5..0000000
--- a/recipes-security/setools/setools/setools-Update-for-2015-02-02-Userspace-release.patch
+++ /dev/null
@@ -1,114 +0,0 @@
-From f1e5b208d507171968ca4d2eeefd7980f1004a3c Mon Sep 17 00:00:00 2001
-From: Chris PeBenito <cpebenito@tresys.com>
-Date: Thu, 12 Feb 2015 08:55:12 -0500
-Subject: [PATCH] Update for 2015-02-02 Userspace release (2.4)
-
-SETools now requires libsepol 2.4 and libselinux 2.4.
----
- configure.ac | 6 +++---
- libqpol/src/policy_define.c | 4 ++--
- libqpol/src/policy_extend.c | 4 ++--
- libqpol/src/syn_rule_query.c | 6 +++---
- secmds/replcon.cc | 2 +-
- 5 files changed, 11 insertions(+), 11 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 80395e6..ae20da7 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -25,9 +25,9 @@ libseaudit_version=4.5
- setoolsdir='${prefix}/share/setools-3.3'
- javadir='${prefix}/share/java'
-
--version_min_sepol_major=1
--version_min_sepol_minor=12
--version_min_sepol_patch=27
-+version_min_sepol_major=2
-+version_min_sepol_minor=4
-+version_min_sepol_patch=0
-
- dnl *** end of tunable values ***
-
-diff --git a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
-index 229779c..15f70ba 100644
---- a/libqpol/src/policy_define.c
-+++ b/libqpol/src/policy_define.c
-@@ -1661,7 +1661,7 @@ int define_compute_type_helper(int which, avrule_t ** rule)
- goto bad;
- }
- class_perm_node_init(perm);
-- perm->class = i + 1;
-+ perm->tclass = i + 1;
- perm->data = datum->s.value;
- perm->next = avrule->perms;
- avrule->perms = perm;
-@@ -1901,7 +1901,7 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
- goto out;
- }
- class_perm_node_init(cur_perms);
-- cur_perms->class = i + 1;
-+ cur_perms->tclass = i + 1;
- if (!perms)
- perms = cur_perms;
- if (tail)
-diff --git a/libqpol/src/policy_extend.c b/libqpol/src/policy_extend.c
-index 5325a87..1417271 100644
---- a/libqpol/src/policy_extend.c
-+++ b/libqpol/src/policy_extend.c
-@@ -843,7 +843,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
- for (class_node = rule->perms; class_node; class_node = class_node->next) {
- key.rule_type = rule->specified;
- key.source_val = key.target_val = i + 1;
-- key.class_val = class_node->class;
-+ key.class_val = class_node->tclass;
- key.cond = cond;
- if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
- goto err;
-@@ -856,7 +856,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
- key.rule_type = rule->specified;
- key.source_val = i + 1;
- key.target_val = j + 1;
-- key.class_val = class_node->class;
-+ key.class_val = class_node->tclass;
- key.cond = cond;
- if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
- goto err;
-diff --git a/libqpol/src/syn_rule_query.c b/libqpol/src/syn_rule_query.c
-index 3e63204..d7578f1 100644
---- a/libqpol/src/syn_rule_query.c
-+++ b/libqpol/src/syn_rule_query.c
-@@ -67,7 +67,7 @@ static void *syn_rule_class_state_get_cur(const qpol_iterator_t * iter)
- return NULL;
- }
-
-- return db->class_val_to_struct[srcs->cur->class - 1];
-+ return db->class_val_to_struct[srcs->cur->tclass - 1];
- }
-
- static int syn_rule_class_state_next(qpol_iterator_t * iter)
-@@ -465,10 +465,10 @@ int qpol_syn_avrule_get_perm_iter(const qpol_policy_t * policy, const qpol_syn_a
- }
-
- for (node = internal_rule->perms; node; node = node->next) {
-- for (i = 0; i < db->class_val_to_struct[node->class - 1]->permissions.nprim; i++) {
-+ for (i = 0; i < db->class_val_to_struct[node->tclass - 1]->permissions.nprim; i++) {
- if (!(node->data & (1 << i)))
- continue;
-- tmp = sepol_av_to_string(db, node->class, (sepol_access_vector_t) (1 << i));
-+ tmp = sepol_av_to_string(db, node->tclass, (sepol_access_vector_t) (1 << i));
- if (tmp) {
- tmp++; /* remove prepended space */
- for (cur = 0; cur < perm_list_sz; cur++)
-diff --git a/secmds/replcon.cc b/secmds/replcon.cc
-index 34f7c1a..307c39f 100644
---- a/secmds/replcon.cc
-+++ b/secmds/replcon.cc
-@@ -60,7 +60,7 @@ static struct option const longopts[] = {
- {NULL, 0, NULL, 0}
- };
-
--extern int lsetfilecon_raw(const char *, security_context_t) __attribute__ ((weak));
-+extern int lsetfilecon_raw(const char *, const char *) __attribute__ ((weak));
-
- /**
- * As that setools must work with older libselinux versions that may
diff --git a/recipes-security/setools/setools/setools-configure-ac.patch b/recipes-security/setools/setools/setools-configure-ac.patch
deleted file mode 100644
index 5b8e440..0000000
--- a/recipes-security/setools/setools/setools-configure-ac.patch
+++ /dev/null
@@ -1,107 +0,0 @@
----
- configure.ac | 37 ++++++++++++++-----------------------
- 1 file changed, 14 insertions(+), 23 deletions(-)
-
---- a/configure.ac
-+++ b/configure.ac
-@@ -216,9 +216,6 @@
- do_swigify_java=yes
- do_swigify=yes
- fi
--
--AM_PATH_PYTHON(2.7)
--
- AC_ARG_ENABLE(swig-python,
- AC_HELP_STRING([--enable-swig-python],
- [build SWIG interfaces for Python]),
-@@ -227,6 +224,7 @@
- if test ${do_swigify} = no; then
- AC_PROG_SWIG(2.0.0)
- fi
-+ AM_PATH_PYTHON(2.7)
- SWIG_PYTHON
- do_swigify_python=yes
- do_swigify=yes
-@@ -411,32 +409,19 @@
- selinux_devel="/usr")
- sepol_devel_incdir="${sepol_devel}/include"
- selinux_devel_incdir="${selinux_devel}/include"
--dnl if /lib64 exists then use that directory, otherwise revert to just /lib
--for dir in lib64 lib ; do
-- sepol_devel_libdir="${sepol_devel}/${dir}"
-- if test -f ${sepol_devel_libdir}/libsepol.so ; then
-- break
-- fi
--done
--for dir in lib64 lib ; do
-- selinux_devel_libdir="${selinux_devel}/${dir}"
-- if test -f ${selinux_devel_libdir}/libselinux.so ; then
-- break
-- fi
--done
-+dnl We pass in sepol_devel of usr/lib{32/64}/.., dirname strips the ..
-+sepol_devel_libdir=`dirname ${sepol_devel}`
-+selinux_devel_libdir=`dirname ${selinux_devel}`
- AC_MSG_CHECKING([for sepol/sepol.h])
- selinux_save_CFLAGS="${CFLAGS}"
- selinux_save_CPPFLAGS="${CPPFLAGS}"
- CFLAGS="${CFLAGS} -I${sepol_devel_incdir} -I${selinux_devel_incdir}"
- CPPFLAGS="${CPPFLAGS} -I${sepol_devel_incdir} -I${selinux_devel_incdir}"
- AC_CHECK_HEADER([sepol/sepol.h], , AC_MSG_ERROR([could not find sepol headers at $sepol_devel_incdir - make sure libsepol-devel is installed]))
--AC_CHECK_LIB([sepol], [sepol_policydb_read], ,
-- AC_MSG_ERROR([could not find libsepol at $sepol_devel_libdir]))
-+LIBS="-lsepol $LIBS"
- AC_CHECK_HEADER([selinux/selinux.h], , AC_MSG_ERROR([could not find selinux headers at $selinux_devel_incdir - make sure libselinux-devel is installed]))
- AC_CHECK_HEADER([selinux/context.h], , AC_MSG_ERROR([could not find selinux headers at $selinux_devel_incdir - make sure libselinux-devel is installed]))
--AC_CHECK_LIB([selinux], [selinux_policy_root], ,
--AC_MSG_ERROR([could not find libselinux at $selinux_devel_libdir]),
-- -lsepol)
-+LIBS="-lselinux $LIBS"
- SELINUX_LIB_FLAG="-L${sepol_devel_libdir} -L${selinux_devel_libdir}"
- CFLAGS="${selinux_save_CFLAGS}"
- CPPFLAGS="${selinux_save_CPPFLAGS}"
-@@ -448,8 +433,6 @@
- sepol_srcdir="")
- if test "x${sepol_srcdir}" = "x"; then
- sepol_srcdir=${sepol_devel_libdir}
-- AC_CHECK_FILE([${sepol_srcdir}/libsepol.a],,
-- AC_MSG_ERROR([make sure libsepol-static is installed]))
- else
- AC_MSG_CHECKING([for compatible sepol source tree])
- sepol_version=${sepol_srcdir}/VERSION
-@@ -556,6 +539,7 @@
- sepol_new_errcodes="yes",
- sepol_new_errcodes="no")
-
-+if test x"${ac_cv_policydb_version_max}" = x ; then
- AC_RUN_IFELSE(
- [AC_LANG_SOURCE([
- #include <sepol/policydb/policydb.h>
-@@ -571,6 +555,9 @@
- }])],
- sepol_policy_version_max=`cat conftest.data`,
- AC_MSG_FAILURE([could not determine maximum libsepol policy version]))
-+else
-+ sepol_policy_version_max=${ac_cv_policydb_version_max}
-+fi
- AC_DEFINE_UNQUOTED(SEPOL_POLICY_VERSION_MAX, ${sepol_policy_version_max}, [maximum policy version supported by libsepol])
- CFLAGS="${sepol_save_CFLAGS}"
- CPPFLAGS="${sepol_save_CPPFLAGS}"
-@@ -578,6 +565,7 @@
- if test ${use_selinux} = "yes"; then
- dnl Locate selinux policy root directory
- AC_MSG_CHECKING([for selinux policy root])
-+ if test x"${ac_cv_selinux_policy_root}" = x ; then
- changequote(<<<,>>>)dnl
- cat > ./conftest.c <<EOF
- #include <stdlib.h>
-@@ -596,6 +584,9 @@
- CFLAGS="${SELINUX_CFLAGS} ${SELINUX_LIB_FLAG} -lselinux -lsepol ${CFLAGS}"
- gcc ${CFLAGS} -o conftest conftest.c >&5
- selinux_policy_dir=`./conftest`
-+ else
-+ selinux_policy_dir=${ac_cv_selinux_policy_root}
-+ fi
- AC_MSG_RESULT(${selinux_policy_dir})
- CFLAGS="${selinux_save_CFLAGS}"
- fi
diff --git a/recipes-security/setools/setools/setools-configure-with-latest-libsepol.patch b/recipes-security/setools/setools/setools-configure-with-latest-libsepol.patch
deleted file mode 100644
index 84ac3dc..0000000
--- a/recipes-security/setools/setools/setools-configure-with-latest-libsepol.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 2b58d92add64b53b16cbb438e7b69e85d046afd1 Mon Sep 17 00:00:00 2001
-From: Dan Walsh <dwalsh@redhat.com>
-Date: Tue, 20 Sep 2011 15:46:38 -0400
-Subject: [PATCH 5/6] Fix sepol calls to work with latest libsepol
-
----
- configure.ac | 4 ++--
- 1 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index e837e03..3c11e23 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -505,7 +505,7 @@ AC_COMPILE_IFELSE(
- [AC_LANG_SOURCE([
- #include <sepol/policydb/expand.h>
- int main () {
-- return role_set_expand(NULL, NULL, NULL, NULL);
-+ return role_set_expand(NULL, NULL, NULL, NULL, NULL);
- }])],
- sepol_new_user_role_mapping="yes",
- sepol_new_user_role_mapping="no")
-@@ -541,7 +541,7 @@ if test ${sepol_check_boolmap} = "yes"; then
- [AC_LANG_SOURCE([
- #include <sepol/policydb/expand.h>
- int main () {
-- return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0);
-+ return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0);
- }])],
- AC_MSG_RESULT([yes]),
- AC_MSG_ERROR([this version of libsepol is incompatible with SETools]))
---
-1.7.6.2
diff --git a/recipes-security/setools/setools/setools-cross-ar.patch b/recipes-security/setools/setools/setools-cross-ar.patch
deleted file mode 100644
index eba24c2..0000000
--- a/recipes-security/setools/setools/setools-cross-ar.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Use the specified $(AR), not "ar", for cross-compiling.
-
----
- libqpol/src/Makefile.am | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/libqpol/src/Makefile.am
-+++ b/libqpol/src/Makefile.am
-@@ -64,7 +64,7 @@
- mkdir -p $@
- rm -f $@/*
- cp $< $@
-- (cd $@; ar x libsepol.a)
-+ (cd $@; $(AR) x libsepol.a)
-
- $(qpolso_DATA): $(tmp_sepol) $(libqpol_so_OBJS) libqpol.map
- $(CC) -shared -o $@ $(libqpol_so_OBJS) $(AM_LDFLAGS) $(LDFLAGS) -Wl,-soname,$(LIBQPOL_SONAME),--version-script=$(srcdir)/libqpol.map,-z,defs -Wl,--whole-archive $(sepol_srcdir)/libsepol.a -Wl,--no-whole-archive @SELINUX_LIB_FLAG@ -lselinux -lsepol -lbz2
diff --git a/recipes-security/setools/setools/setools-neverallow-rules-all-always-fail.patch b/recipes-security/setools/setools/setools-neverallow-rules-all-always-fail.patch
deleted file mode 100644
index a165dae..0000000
--- a/recipes-security/setools/setools/setools-neverallow-rules-all-always-fail.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 4360fae5a6fbee9c8866573fe5a8af2fdae4944d Mon Sep 17 00:00:00 2001
-From: Xin Ouyang <Xin.Ouyang@windriver.com>
-Date: Fri, 9 Mar 2012 10:18:35 +0800
-Subject: [PATCH] setools: neverallow rules all always fail.
-
-Since we do not ship neverallow rules all always fail.
-ERROR: Cannot get avrules: Neverallow rules requested but not available
-ERROR: Operation not supported
----
- libqpol/src/avrule_query.c | 3 +++
- 1 files changed, 3 insertions(+), 0 deletions(-)
-
-diff --git a/libqpol/src/avrule_query.c b/libqpol/src/avrule_query.c
-index 749565b..e7d42fc 100644
---- a/libqpol/src/avrule_query.c
-+++ b/libqpol/src/avrule_query.c
-@@ -57,8 +57,11 @@ int qpol_policy_get_avrule_iter(const qpol_policy_t * policy, uint32_t rule_type
-
- if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) {
- ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available");
-+ /*
- errno = ENOTSUP;
- return STATUS_ERR;
-+ */
-+ return STATUS_SUCCESS;
- }
-
- db = &policy->p->p;
---
-1.7.5.4
-
diff --git a/recipes-security/setools/setools/setools-seinfo-should-exit-with-correct-errno.patch b/recipes-security/setools/setools/setools-seinfo-should-exit-with-correct-errno.patch
deleted file mode 100644
index a9cec6e..0000000
--- a/recipes-security/setools/setools/setools-seinfo-should-exit-with-correct-errno.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-From 65ff2020dd1119cf45ad4eb74e63b21fb8f63389 Mon Sep 17 00:00:00 2001
-From: Xin Ouyang <Xin.Ouyang@windriver.com>
-Date: Wed, 7 Mar 2012 10:48:07 +0800
-Subject: [PATCH 2/7] setools: seinfo should exit with correct errno.
-
-Integrated from Fedora:
-https://community.dev.fedoraproject.org/packages/setools/sources/patches/
----
- secmds/seinfo.c | 51 +++++++++++++++++++++++++++------------------------
- 1 files changed, 27 insertions(+), 24 deletions(-)
-
-diff --git a/secmds/seinfo.c b/secmds/seinfo.c
-index fdf23e9..3088f88 100644
---- a/secmds/seinfo.c
-+++ b/secmds/seinfo.c
-@@ -827,7 +827,7 @@ static int print_sens(FILE * fp, const char *name, int expand, const apol_policy
- */
- static int print_cats(FILE * fp, const char *name, int expand, const apol_policy_t * policydb)
- {
-- int retval = 0;
-+ int retval = -1;
- apol_cat_query_t *query = NULL;
- apol_vector_t *v = NULL;
- const qpol_cat_t *cat_datum = NULL;
-@@ -911,9 +911,10 @@ static int print_fsuse(FILE * fp, const char *type, const apol_policy_t * policy
- fprintf(fp, " %s\n", tmp);
- free(tmp);
- }
-- if (type && !apol_vector_get_size(v))
-+ if (type && !apol_vector_get_size(v)) {
- ERR(policydb, "No fs_use statement for filesystem of type %s.", type);
--
-+ goto cleanup;
-+ }
- retval = 0;
- cleanup:
- apol_fs_use_query_destroy(&query);
-@@ -949,7 +950,6 @@ static int print_genfscon(FILE * fp, const char *type, const apol_policy_t * pol
- ERR(policydb, "%s", strerror(ENOMEM));
- goto cleanup;
- }
--
- if (apol_genfscon_query_set_filesystem(policydb, query, type))
- goto cleanup;
- if (apol_genfscon_get_by_query(policydb, query, &v))
-@@ -967,8 +967,10 @@ static int print_genfscon(FILE * fp, const char *type, const apol_policy_t * pol
- free(tmp);
- }
-
-- if (type && !apol_vector_get_size(v))
-+ if (type && !apol_vector_get_size(v)) {
- ERR(policydb, "No genfscon statement for filesystem of type %s.", type);
-+ goto cleanup;
-+ }
-
- retval = 0;
- cleanup:
-@@ -1646,6 +1648,7 @@ cleanup: // close and destroy iterators etc.
-
- int main(int argc, char **argv)
- {
-+ int rc = 0;
- int classes, types, attribs, roles, users, all, expand, stats, rt, optc, isids, bools, sens, cats, fsuse, genfs, netif,
- node, port, permissives, polcaps, constrain, linebreaks;
- apol_policy_t *policydb = NULL;
-@@ -1851,46 +1854,46 @@ int main(int argc, char **argv)
-
- /* display requested info */
- if (stats || all)
-- print_stats(stdout, policydb);
-+ rc = print_stats(stdout, policydb);
- if (classes || all)
-- print_classes(stdout, class_name, expand, policydb);
-+ rc = print_classes(stdout, class_name, expand, policydb);
- if (types || all)
-- print_types(stdout, type_name, expand, policydb);
-+ rc = print_types(stdout, type_name, expand, policydb);
- if (attribs || all)
-- print_attribs(stdout, attrib_name, expand, policydb);
-+ rc = print_attribs(stdout, attrib_name, expand, policydb);
- if (roles || all)
-- print_roles(stdout, role_name, expand, policydb);
-+ rc = print_roles(stdout, role_name, expand, policydb);
- if (users || all)
-- print_users(stdout, user_name, expand, policydb);
-+ rc = print_users(stdout, user_name, expand, policydb);
- if (bools || all)
-- print_booleans(stdout, bool_name, expand, policydb);
-+ rc = print_booleans(stdout, bool_name, expand, policydb);
- if (sens || all)
-- print_sens(stdout, sens_name, expand, policydb);
-+ rc = print_sens(stdout, sens_name, expand, policydb);
- if (cats || all)
-- print_cats(stdout, cat_name, expand, policydb);
-+ rc = print_cats(stdout, cat_name, expand, policydb);
- if (fsuse || all)
-- print_fsuse(stdout, fsuse_type, policydb);
-+ rc = print_fsuse(stdout, fsuse_type, policydb);
- if (genfs || all)
-- print_genfscon(stdout, genfs_type, policydb);
-+ rc = print_genfscon(stdout, genfs_type, policydb);
- if (netif || all)
-- print_netifcon(stdout, netif_name, policydb);
-+ rc = print_netifcon(stdout, netif_name, policydb);
- if (node || all)
-- print_nodecon(stdout, node_addr, policydb);
-+ rc = print_nodecon(stdout, node_addr, policydb);
- if (port || all)
-- print_portcon(stdout, port_num, protocol, policydb);
-+ rc = print_portcon(stdout, port_num, protocol, policydb);
- if (isids || all)
-- print_isids(stdout, isid_name, expand, policydb);
-+ rc = print_isids(stdout, isid_name, expand, policydb);
- if (permissives || all)
-- print_permissives(stdout, permissive_name, expand, policydb);
-+ rc = print_permissives(stdout, permissive_name, expand, policydb);
- if (polcaps || all)
-- print_polcaps(stdout, polcap_name, expand, policydb);
-+ rc = print_polcaps(stdout, polcap_name, expand, policydb);
- if (constrain || all)
-- print_constraints(stdout, expand, policydb, linebreaks);
-+ rc = print_constraints(stdout, expand, policydb, linebreaks);
-
- apol_policy_destroy(&policydb);
- apol_policy_path_destroy(&pol_path);
- free(policy_file);
-- exit(0);
-+ exit(rc);
- }
-
- /**
---
-1.7.5.4
-
diff --git a/recipes-security/setools/setools/setools.pam b/recipes-security/setools/setools/setools.pam
deleted file mode 100644
index c7d67e3..0000000
--- a/recipes-security/setools/setools/setools.pam
+++ /dev/null
@@ -1,4 +0,0 @@
-#%PAM-1.0
-auth include config-util
-account include config-util
-session include config-util
diff --git a/recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch b/recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
new file mode 100644
index 0000000..88b8c8c
--- /dev/null
+++ b/recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
@@ -0,0 +1,35 @@
+From dc86d880ae0d66233679112a2bf0115c39df68f1 Mon Sep 17 00:00:00 2001
+From: Wenzong Fan <wenzong.fan@windriver.com>
+Date: Fri, 17 Feb 2017 08:57:35 +0000
+Subject: [PATCH] setools4: fix cross-compiling errors for powerpc, mips
+
+Fix build errors:
+| libqpol/policy.c: In function 'qpol_binpol_version':
+| libqpol/policy.c:95:24: error: implicit declaration of function 'bswap_32' [-Werror=implicit-function-declaration]
+| #define le32_to_cpu(x) bswap_32(x)
+
+Upstream-Status: Pending
+
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+---
+ libqpol/policy.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/libqpol/policy.c b/libqpol/policy.c
+index ae3acb5..b5b87f9 100644
+--- a/libqpol/policy.c
++++ b/libqpol/policy.c
+@@ -45,6 +45,10 @@
+ # include <asm/types.h>
+ #endif
+
++#if defined(_ARCH_PPC) || defined(mips)
++#include <byteswap.h>
++#endif
++
+ #include <sepol/debug.h>
+ #include <sepol/handle.h>
+ #include <sepol/policydb/flask_types.h>
+--
+2.11.0
+
diff --git a/recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch b/recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch
new file mode 100644
index 0000000..18bb055
--- /dev/null
+++ b/recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch
@@ -0,0 +1,40 @@
+From a104374147b398838edc04e937c92e762ea3f5d9 Mon Sep 17 00:00:00 2001
+From: Wenzong Fan <wenzong.fan@windriver.com>
+Date: Tue, 14 Feb 2017 06:32:35 +0000
+Subject: [PATCH] setools4: fixes for cross compiling
+
+* search libsepol from $STAGING_LIBDIR
+* fix manual install path as '/usr/share/man/man1'
+
+Upstream-Status: Inappropriate [embedded specific]
+
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+---
+ setup.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/setup.py b/setup.py
+index 2ca44c9..300ff70 100644
+--- a/setup.py
++++ b/setup.py
+@@ -77,7 +77,7 @@ class BuildExtCommand(build_ext):
+ build_ext.run(self)
+
+
+-base_lib_dirs = ['.', '/usr/lib64', '/usr/lib', '/usr/local/lib']
++base_lib_dirs = [os.environ["STAGING_LIBDIR"]]
+ include_dirs = ['libqpol', 'libqpol/include']
+
+ try:
+@@ -182,7 +182,7 @@ setup(name='setools',
+ 'build_qhc': QtHelpCommand},
+ packages=['setools', 'setools.diff', 'setools.policyrep', 'setoolsgui', 'setoolsgui.apol'],
+ scripts=['apol', 'sediff', 'seinfo', 'seinfoflow', 'sesearch', 'sedta'],
+- data_files=[(join(sys.prefix, 'share/man/man1'), glob.glob("man/*.1"))],
++ data_files=[('/usr/share/man/man1', glob.glob("man/*.1"))],
+ package_data={'': ['*.ui', '*.qhc', '*.qch'], 'setools': ['perm_map']},
+ ext_modules=ext_py_mods,
+ test_suite='tests',
+--
+2.13.0
+
diff --git a/recipes-security/setools/setools_3.3.8.bb b/recipes-security/setools/setools_3.3.8.bb
deleted file mode 100644
index 99296ca..0000000
--- a/recipes-security/setools/setools_3.3.8.bb
+++ /dev/null
@@ -1,103 +0,0 @@
-SUMMARY = "Policy analysis tools for SELinux"
-DESCRIPTION = "\
-SETools is a collection of graphical tools, command-line tools, and \
-libraries designed to facilitate SELinux policy analysis. \
-\n\
-This meta-package depends upon the main packages necessary to run \
-SETools."
-SECTION = "base"
-LICENSE = "GPLv2 & LGPLv2.1"
-
-SRC_URI = "https://raw.githubusercontent.com/wiki/TresysTechnology/setools3/files/dists/setools-${PV}/setools-${PV}.tar.bz2"
-SRC_URI[md5sum] = "d68d0d4e4da0f01da0f208782ff04b91"
-SRC_URI[sha256sum] = "44387ecc9a231ec536a937783440cd8960a72c51f14bffc1604b7525e341e999"
-
-SRC_URI += "file://setools-neverallow-rules-all-always-fail.patch"
-SRC_URI += "file://setools-Fix-sepol-calls-to-work-with-latest-libsepol.patch"
-
-SRC_URI += "file://setools-Don-t-check-selinux-policies-if-disabled.patch"
-SRC_URI += "file://setools-configure-ac.patch"
-SRC_URI += "file://setools-cross-ar.patch"
-
-SRC_URI += "file://setools-Fix-test-bug-for-unary-operator.patch"
-SRC_URI += "file://setools-Fix-python-setools-Makefile.am-for-cross.patch"
-
-SRC_URI += "file://setools-Update-for-2015-02-02-Userspace-release.patch"
-
-LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=26035c503c68ae1098177934ac0cc795 \
- file://${S}/COPYING.GPL;md5=751419260aa954499f7abaabaa882bbe \
- file://${S}/COPYING.LGPL;md5=fbc093901857fcd118f065f900982c24"
-
-CFLAGS_append = " -fPIC"
-CXXFLAGS_append = " -fPIC"
-
-DEPENDS += "bison-native flex-native python libsepol libselinux libxml2"
-
-PACKAGE_BEFORE_PN += "${PN}-libs"
-
-RPROVIDES_${PN} += "${PN}-console"
-
-FILES_${PN}-dbg += "\
- ${libdir}/python${PYTHON_BASEVERSION}/site-packages/setools/.debug \
- "
-
-FILES_${PN}-libs = "\
- ${libdir}/libqpol.so.* \
- ${libdir}/libapol.so.* \
- ${libdir}/libpoldiff.so.* \
- ${libdir}/libsefs.so.* \
- ${libdir}/libseaudit.so.* \
- ${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.egg-info \
- ${libdir}/python${PYTHON_BASEVERSION}/site-packages/setools/*.so* \
- ${libdir}/python${PYTHON_BASEVERSION}/site-packages/setools/*.py* \
- "
-
-FILES_${PN} += "\
- ${bindir}/seinfo \
- ${bindir}/sesearch \
- ${bindir}/indexcon \
- ${bindir}/findcon \
- ${bindir}/replcon \
- ${bindir}/sechecker \
- ${bindir}/sediff \
- ${datadir}/setools-3.3/sechecker-profiles \
- ${datadir}/setools-3.3/sechecker_help.txt \
- ${datadir}/setools-3.3/sediff_help.txt \
- ${datadir}/setools-3.3/sediffx* \
- ${mandir}/man1/findcon.1.gz \
- ${mandir}/man1/indexcon.1.gz \
- ${mandir}/man1/replcon.1.gz \
- ${mandir}/man1/sechecker.1.gz \
- ${mandir}/man1/sediff.1.gz \
- ${mandir}/man1/seinfo.1.gz \
- ${mandir}/man1/sesearch.1.gz \
- "
-
-inherit autotools pythonnative
-
-# need to export these variables for python-config to work
-export BUILD_SYS
-export HOST_SYS
-export STAGING_INCDIR
-export STAGING_LIBDIR
-
-EXTRA_OECONF = "-disable-bwidget-check --disable-selinux-check \
- --disable-swig-python --disable-swig-java --disable-swig-tcl \
- --disable-profiling --disable-gui --with-tk=no --with-tcl=no \
- --with-sepol-devel=${STAGING_LIBDIR}/.. \
- --with-selinux-devel=${STAGING_LIBDIR}/.."
-
-do_configure_prepend() {
- export ac_cv_policydb_version_max=26
- export PYTHON=python
- export PYLIBVER='python${PYTHON_BASEVERSION}'
- export PYTHON_CPPFLAGS="-I${STAGING_INCDIR}/${PYLIBVER}"
- export PYTHON_LDFLAGS="${STAGING_LIBDIR}/lib${PYLIBVER}.so"
- export PYTHON_SITE_PKG="${libdir}/${PYLIBVER}/site-packages"
-}
-
-do_install_append() {
- rm -f ${D}/${libdir}/*.a
-}
-
-BBCLASSEXTEND = "native"
diff --git a/recipes-security/setools/setools_4.1.1.bb b/recipes-security/setools/setools_4.1.1.bb
new file mode 100644
index 0000000..0bbc52b
--- /dev/null
+++ b/recipes-security/setools/setools_4.1.1.bb
@@ -0,0 +1,35 @@
+SUMMARY = "Policy analysis tools for SELinux"
+DESCRIPTION = "\
+SETools is a collection of graphical tools, command-line tools, and \
+libraries designed to facilitate SELinux policy analysis. \
+\n\
+This meta-package depends upon the main packages necessary to run \
+SETools."
+SECTION = "base"
+LICENSE = "GPLv2 & LGPLv2.1"
+
+SRC_URI = "https://github.com/TresysTechnology/setools/archive/${PV}.tar.gz;downloadfilename=setools-${PV}.tar.gz \
+ file://setools4-fixes-for-cross-compiling.patch \
+ file://setools4-fix-cross-compiling-errors-for-powerpc-mips.patch \
+"
+
+SRC_URI[md5sum] = "54cf5c0ca2aa4ef7c6ac153981af34cd"
+SRC_URI[sha256sum] = "46a927ea2b163cbe1d35cc35da43e45853e13720c7e02d4cf75a498783c19610"
+
+LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=83a5eb6974c11f30785e90d0eeccf40c \
+ file://${S}/COPYING.GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+ file://${S}/COPYING.LGPL;md5=4fbd65380cdd255951079008b364516c"
+
+DEPENDS += "bison-native flex-native swig-native python libsepol"
+# TODO: depends on meta-python, disable the RDEPENDS for now:
+# RDEPENDS_${PN} += "python-networkx python-enum34 python-decorator python-setuptools"
+
+RPROVIDES_${PN} += "${PN}-console"
+
+inherit setuptools
+
+do_install_append() {
+ # Need PyQt5 support, disable gui tools
+ rm -f ${D}${bindir}/apol
+ rm -rf ${D}${libdir}/${PYTHON_DIR}/site-packages/setoolsgui
+}
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 19/20] packagegroup-*: sync package names
2017-09-13 2:42 [PATCH 00/20 V2] selinux: uprev to 2.7 (20170804) wenzong.fan
` (17 preceding siblings ...)
2017-09-13 2:43 ` [PATCH 18/20] setools: uprev to 4.1.1 wenzong.fan
@ 2017-09-13 2:43 ` wenzong.fan
2017-09-13 2:43 ` [PATCH 20/20] selinux-python: add setools to RDEPENDS wenzong.fan
19 siblings, 0 replies; 21+ messages in thread
From: wenzong.fan @ 2017-09-13 2:43 UTC (permalink / raw)
To: yocto, mark.hatle, Joe_MacDonald
From: Wenzong Fan <wenzong.fan@windriver.com>
Some new packages added after SELinux uprev to 2.7, sync the package
names accordingly:
policycoreutils-audit2allow -> selinux-python-audit2allow
policycoreutils-chcat -> selinux-python-chcat
policycoreutils-python -> selinux-python
policycoreutils-semanage -> selinux-python-semanage
policycoreutils-sandbox -> selinux-sandbox
policycoreutils-sepolgen-ifgen -> selinux-python-sepolgen-ifgen
policycoreutils-sepolicy -> selinux-python-sepolicy,
selinux-dbus
policycoreutils-semodule-deps -> semodule-utils-semodule-deps
policycoreutils-semodule-expand -> semodule-utils-semodule-expand
policycoreutils-semodule-link -> semodule-utils-semodule-link
policycoreutils-semodule-package -> semodule-utils-semodule-package
system-config-selinux -> selinux-gui
sepolgen -> selinux-python-sepolgen
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
.../packagegroups/packagegroup-core-selinux.bb | 2 +-
.../packagegroup-selinux-policycoreutils.bb | 25 +++++++++++-----------
2 files changed, 14 insertions(+), 13 deletions(-)
diff --git a/recipes-security/packagegroups/packagegroup-core-selinux.bb b/recipes-security/packagegroups/packagegroup-core-selinux.bb
index 128dfba..fd501d6 100644
--- a/recipes-security/packagegroups/packagegroup-core-selinux.bb
+++ b/recipes-security/packagegroups/packagegroup-core-selinux.bb
@@ -17,7 +17,7 @@ RDEPENDS_${PN} = " \
libselinux-bin \
libsemanage \
checkpolicy \
- sepolgen \
+ selinux-python-sepolgen \
packagegroup-selinux-policycoreutils \
setools \
setools-console \
diff --git a/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb b/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb
index b566134..e1ddee6 100644
--- a/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb
+++ b/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb
@@ -12,27 +12,28 @@ PACKAGES = "\
ALLOW_EMPTY_${PN} = "1"
RDEPENDS_${PN} = "\
- policycoreutils-audit2allow \
- policycoreutils-chcat \
policycoreutils-fixfiles \
policycoreutils-genhomedircon \
policycoreutils-loadpolicy \
policycoreutils-newrole \
- policycoreutils-python \
policycoreutils-runinit \
- policycoreutils-sandbox \
policycoreutils-secon \
- policycoreutils-semanage \
policycoreutils-semodule \
- policycoreutils-semodule-deps \
- policycoreutils-semodule-expand \
- policycoreutils-semodule-link \
- policycoreutils-semodule-package \
- policycoreutils-sepolgen-ifgen \
- policycoreutils-sepolicy \
policycoreutils-sestatus \
policycoreutils-setfiles \
policycoreutils-setsebool \
policycoreutils-hll \
- system-config-selinux \
+ semodule-utils-semodule-deps \
+ semodule-utils-semodule-expand \
+ semodule-utils-semodule-link \
+ semodule-utils-semodule-package \
+ selinux-python-audit2allow \
+ selinux-python-sepolgen-ifgen \
+ selinux-python-semanage \
+ selinux-python-sepolicy \
+ selinux-python-chcat \
+ selinux-python \
+ selinux-sandbox \
+ selinux-dbus \
+ selinux-gui \
"
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 20/20] selinux-python: add setools to RDEPENDS
2017-09-13 2:42 [PATCH 00/20 V2] selinux: uprev to 2.7 (20170804) wenzong.fan
` (18 preceding siblings ...)
2017-09-13 2:43 ` [PATCH 19/20] packagegroup-*: sync package names wenzong.fan
@ 2017-09-13 2:43 ` wenzong.fan
19 siblings, 0 replies; 21+ messages in thread
From: wenzong.fan @ 2017-09-13 2:43 UTC (permalink / raw)
To: yocto, mark.hatle, Joe_MacDonald
From: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
recipes-security/selinux/selinux-python.inc | 1 +
1 file changed, 1 insertion(+)
diff --git a/recipes-security/selinux/selinux-python.inc b/recipes-security/selinux/selinux-python.inc
index cc907ae..55060e3 100644
--- a/recipes-security/selinux/selinux-python.inc
+++ b/recipes-security/selinux/selinux-python.inc
@@ -37,6 +37,7 @@ RDEPENDS_${BPN} += "\
python-unixadmin \
libselinux-python \
libsemanage-python \
+ setools \
"
RDEPENDS_${BPN}-semanage += "\
python-core \
--
2.13.0
^ permalink raw reply related [flat|nested] 21+ messages in thread
end of thread, other threads:[~2017-09-13 2:43 UTC | newest]
Thread overview: 21+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-13 2:42 [PATCH 00/20 V2] selinux: uprev to 2.7 (20170804) wenzong.fan
2017-09-13 2:42 ` [PATCH 01/20] selinux: uprev include file to 20170804 wenzong.fan
2017-09-13 2:42 ` [PATCH 02/20] libsepol: uprev to 2.7 (20170804) wenzong.fan
2017-09-13 2:42 ` [PATCH 03/20] libselinux: " wenzong.fan
2017-09-13 2:42 ` [PATCH 04/20] libsemanage: " wenzong.fan
2017-09-13 2:42 ` [PATCH 05/20] checkpolicy: " wenzong.fan
2017-09-13 2:42 ` [PATCH 06/20] secilc: " wenzong.fan
2017-09-13 2:42 ` [PATCH 07/20] policycoreutils: " wenzong.fan
2017-09-13 2:42 ` [PATCH 08/20] sepolgen: remove package wenzong.fan
2017-09-13 2:42 ` [PATCH 09/20] mcstrans: add package 2.7 (20170804) wenzong.fan
2017-09-13 2:42 ` [PATCH 10/20] restorecond: " wenzong.fan
2017-09-13 2:42 ` [PATCH 11/20] selinux-sandbox: " wenzong.fan
2017-09-13 2:42 ` [PATCH 12/20] selinux-python: " wenzong.fan
2017-09-13 2:42 ` [PATCH 13/20] semodule-utils: " wenzong.fan
2017-09-13 2:42 ` [PATCH 14/20] selinux-dbus: " wenzong.fan
2017-09-13 2:42 ` [PATCH 15/20] selinux-gui: " wenzong.fan
2017-09-13 2:42 ` [PATCH 16/20] policycoreutils: fixes for 2.7 uprev wenzong.fan
2017-09-13 2:42 ` [PATCH 17/20] refpolicy_common: depends on semodule-utils-native wenzong.fan
2017-09-13 2:43 ` [PATCH 18/20] setools: uprev to 4.1.1 wenzong.fan
2017-09-13 2:43 ` [PATCH 19/20] packagegroup-*: sync package names wenzong.fan
2017-09-13 2:43 ` [PATCH 20/20] selinux-python: add setools to RDEPENDS wenzong.fan
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.