[yocto] [Yocto pyro] username adding via recipe in capital letters allowed?

2017-11-02 Thread Shrikant Bobade
Hi , I am using yocto pyro and for creating users via recipe using inherit useradd, followed http://git.yoctoproject.org/cgit/cgit.cgi/poky/tree/meta-skeleton/recipes-skeleton/useradd/useradd-example.bb?h=pyro with lowercase I am able to create user e.g user as expected. but just want to check us

Re: [yocto] SELinux with Busybox on morty

2017-07-25 Thread Shrikant Bobade
Hi Marco, On similar lines, as Joe suggested please try with refpolicy 2.20151208 from morty, also I would like to recommend start with refpolicy-minimum policy variant, then you can explore other variants like refpolicy-targeted. On Mon, Jul 24, 2017 at 1:15 PM, Marco Ostini wrote: > > Hi Joe &

Re: [yocto] [meta-selinux] What's the point of refpolicy-minimum?

2017-01-16 Thread Shrikant Bobade
Hi Joe, On Thu, Jan 12, 2017 at 8:57 PM, Joe MacDonald wrote: > > Hi guys, > > [Re: [meta-selinux] What's the point of refpolicy-minimum?] On 17.01.12 (Thu 12:57) wenzong fan wrote: > > > On 01/10/2017 10:48 PM, Joe MacDonald wrote: > > >Wenzong / Shrikant, > > > > > >I thought I knew the answer

Re: [yocto] [meta-selinux] What's the point of refpolicy-minimum?

2017-01-10 Thread Shrikant Bobade
Hi Joe, On Tue, Jan 10, 2017 at 8:18 PM, Joe MacDonald wrote: > > Wenzong / Shrikant, > > I thought I knew the answer to the above question, and maybe my > understanding is still correct, but I think I need to ask it now anyway. > > I don't use refpolicy-minimum for anything, so when I did the u

[yocto] [meta-selinux][PATCH 3/3] refpolicy_2.20151208/git: restrict systemd related patches

2016-09-20 Thread Shrikant Bobade
From: Shrikant Bobade restrict systemd related patches based on distro feature. Signed-off-by: Shrikant Bobade --- recipes-security/refpolicy/refpolicy_2.20151208.inc | 2 +- recipes-security/refpolicy/refpolicy_git.inc| 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff

[yocto] [meta-selinux][PATCH 2/3] cleanup 'virtual/refpolicy' & switch to 'refpolicy'

2016-09-20 Thread Shrikant Bobade
From: Shrikant Bobade this change drop complete use of 'virtual/refpolicy' & switch to 'refpolicy' use, the mix use of both results in mismatching policy varient selection. with use of 'virtual/refpolicy' at config. level, when we try to switch to other po

[yocto] [meta-selinux][PATCH 1/3] selinux-initsh.inc: selinux-init/autorelabel: add force reboot

2016-09-20 Thread Shrikant Bobade
From: Shrikant Bobade Add force reboot during SELinux init and autorelabel, required for smooth auto-reboot functionality with sysvinit as init manager. It is required only for sysvinit, so restricting only for sysvinit and not for systemd. Signed-off-by: Shrikant Bobade --- recipes-security

Re: [yocto] [meta-selinux] Regarding "systemd" support with refpolicy-minimum v20151208

2016-08-29 Thread Shrikant Bobade
systemd as init manager, below are reference logs. refpolicy-minimum with patch set: http://paste.ubuntu.com/23107423/ refpolicy-minimum without patch set: http://paste.ubuntu.com/23107437/ Please advise ! Thanks Shrikant On Fri, Jul 29, 2016 at 2:54 PM, Shrikant Bobade wrote: > Hi, > >

[yocto] [meta-selinux] [PATCH 9/9] refpolicy-minimum: systemd: fix for syslog

2016-08-29 Thread Shrikant Bobade
From: Shrikant Bobade syslog & getty related allow rules required to fix the syslog mixup with boot log, while using systemd as init manager. Signed-off-by: Shrikant Bobade --- ...-refpolicy-minimum-systemd-fix-for-syslog.patch | 69 ++ .../refpolicy/refpo

[yocto] [meta-selinux] [PATCH 6/9] refpolicy-minimum: systemd: mount: enable required refpolicy booleans

2016-08-29 Thread Shrikant Bobade
From: Shrikant Bobade enable required refpolicy booleans for these modules mount: allow_mount_anyfile & systemd:systemd_tmpfiles_manage_all Signed-off-by: Shrikant Bobade --- ...inimum-systemd-mount-enable-requiried-ref.patch | 47 ++ .../refpolicy/refpo

[yocto] [meta-selinux] [PATCH 8/9] refpolicy-minimum: systemd: fix for systemd tmp-files services

2016-08-29 Thread Shrikant Bobade
From: Shrikant Bobade fix for systemd tmp files setup services: systemd-journal-flush.service & systemd-logind.service. Signed-off-by: Shrikant Bobade --- ...inimum-systemd-fix-for-systemd-tmp-files-.patch | 111 + .../refpolicy/refpolicy-minimum_2.20151208.bb |

[yocto] [meta-selinux] [PATCH 7/9] refpolicy-minimum: systemd: fix for login & journal service

2016-08-29 Thread Shrikant Bobade
From: Shrikant Bobade 1. fix for systemd services: login & journal wile using refpolicy-minimum and systemd as init manager. 2. fix login duration after providing root password. Signed-off-by: Shrikant Bobade --- ...inimum-systemd-fix-for-login-journal-serv.patch |

[yocto] [meta-selinux] [PATCH 5/9] refpolicy-minimum: init: fix reboot with systemd as init manager.

2016-08-29 Thread Shrikant Bobade
From: Shrikant Bobade add allow rule to fix avc denial during system reboot. Signed-off-by: Shrikant Bobade --- ...inimum-init-fix-reboot-with-systemd-as-in.patch | 36 ++ .../refpolicy/refpolicy-minimum_2.20151208.bb | 1 + 2 files changed, 37 insertions(+) create

[yocto] [meta-selinux] [PATCH 4/9] refpolicy-minimum: locallogin: add allow rules for type local_login_t

2016-08-29 Thread Shrikant Bobade
From: Shrikant Bobade add allow rules for locallogin module avc denials. Signed-off-by: Shrikant Bobade --- ...inimum-locallogin-add-allow-rules-for-typ.patch | 53 ++ .../refpolicy/refpolicy-minimum_2.20151208.bb | 1 + 2 files changed, 54 insertions(+) create mode

[yocto] [meta-selinux] [PATCH 3/9] refpolicy-minimum: systemd: mount: logging: authlogin: add allow rules

2016-08-29 Thread Shrikant Bobade
From: Shrikant Bobade add allow rules for avc denails for systemd, mount, logging & authlogin modules. without this change we are getting avc. denials from these modules. Signed-off-by: Shrikant Bobade --- ...inimum-systemd-mount-logging-authlogin-ad.patch

[yocto] [meta-selinux] [PATCH 2/9] refpolicy-minimum: audit: logging: getty: audit related allow rules

2016-08-29 Thread Shrikant Bobade
From: Shrikant Bobade add allow rules for audit.log file & resolve dependent avc denials. Signed-off-by: Shrikant Bobade --- ...inimum-audit-logging-getty-audit-related-.patch | 67 ++ .../refpolicy/refpolicy-minimum_2.20151208.bb | 1 + 2 files changed

[yocto] [meta-selinux] [PATCH 1/9] refpolicy-minimum: systemd:unconfined:lib: add systemd services allow rules

2016-08-29 Thread Shrikant Bobade
From: Shrikant Bobade systemd allow rules for systemd service file operations: start, stop, restart & allow rule for unconfined systemd service. without this change we are geting avc denials and access denied to perform operations on service file. Signed-off-by: Shrikant Bobade --- ...in

Re: [yocto] [meta-selinux][PATCH 1/5] selinux-initsh.inc: add systemd support

2016-08-29 Thread Shrikant Bobade
Hi, @Ping, Thanks Shrikant On Mon, Aug 22, 2016 at 6:36 PM, Shrikant Bobade wrote: > From: Shrikant Bobade > > add support for systemd service file and handling of script required by > systemd service file. > > Signed-off-by: Shrikant Bobade > --- > recipes-

[yocto] [meta-selinux][PATCH] packagegroup-core-selinux: add auditd support for audit log

2016-08-24 Thread Shrikant Bobade
From: Shrikant Bobade this change provide dependency required by audit log file, to prepare it at /var/log/audit/audit.log and get cleaner boot log. without this change all avc denial messages mix with the boot log & it is difficult for avc denial analysis. Signed-off-by: Shrikant Bo

[yocto] [meta-selinux][PATCH 5/5] refpolicy_common.inc: add refpolicy minimum banner at selinux config.

2016-08-22 Thread Shrikant Bobade
From: Shrikant Bobade Signed-off-by: Shrikant Bobade --- recipes-security/refpolicy/refpolicy_common.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc index e1eac50..a9dc466 100644 --- a

[yocto] [meta-selinux][PATCH 4/5] selinux-labeldev: add systemd service file support

2016-08-22 Thread Shrikant Bobade
From: Shrikant Bobade add systemd service file for handling selinux labeldev, this change improves handling of systemd service functionality like:status check, debug etc. compared to sysvinit compatibility mode scripts. Signed-off-by: Shrikant Bobade --- .../selinux/selinux-labeldev/selinux

[yocto] [meta-selinux][PATCH 3/5] selinux-autorelabel: add systemd service file support

2016-08-22 Thread Shrikant Bobade
From: Shrikant Bobade add systemd service file for handling selinux autorelabel, this change improves handling of systemd service functionality like:status check, re-run, debug etc. compared to sysvinit compatibility mode scripts. Signed-off-by: Shrikant Bobade --- .../selinux/selinux

[yocto] [meta-selinux][PATCH 2/5] selinux-init: add systemd service file support

2016-08-22 Thread Shrikant Bobade
From: Shrikant Bobade add systemd service file for handling selinux initialization, this change improves handling of systemd service functionality like:status check, debug etc. compared to sysvinit compatibility mode scripts. Signed-off-by: Shrikant Bobade --- recipes-security/selinux/selinux

[yocto] [meta-selinux][PATCH 1/5] selinux-initsh.inc: add systemd support

2016-08-22 Thread Shrikant Bobade
From: Shrikant Bobade add support for systemd service file and handling of script required by systemd service file. Signed-off-by: Shrikant Bobade --- recipes-security/selinux/selinux-initsh.inc | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/recipes-security

Re: [yocto] [meta-selinux] Regarding "systemd" support with refpolicy-minimum v20151208

2016-07-29 Thread Shrikant Bobade
ta-poky meta-yocto-bsp= "master:039f47ad197a9a53109c9f3deadd9c35e62c056d" meta-selinux = "master:d0f889259b610c3365962775c6e96a7cba407177" Please advice, It will be a great help ! Thanks Shrikant On Fri, Jul 1, 2016 at 7:13 PM, Shrikant Bobade wrote: > Hi, > > Using refpolicy

[yocto] [meta-selinux][RFC 8/8] systemd: fix for systemd tmp-files services

2016-07-29 Thread Shrikant Bobade
From: Shrikant Bobade fix for systemd tmp files setup services: systemd-journal-flush.service & systemd-logind.service. Signed-off-by: Shrikant Bobade --- ...ystemd-fix-for-systemd-tmp-files-services.patch | 110 + .../refpolicy/refpolicy_2.20151208.inc |

[yocto] [meta-selinux][RFC 7/8] systemd: fix for login & journal service

2016-07-29 Thread Shrikant Bobade
From: Shrikant Bobade 1. fix for systemd services: login & journal wile using refpolicy-minimum and systemd as init manager. 2. fix login duration after providing root password. Signed-off-by: Shrikant Bobade --- ...007-systemd-fix-for-login-journal-service.patch |

[yocto] [meta-selinux][RFC 6/8] systemd: mount: enable requiried refpolicy booleans

2016-07-29 Thread Shrikant Bobade
From: Shrikant Bobade enable required refpolicy booleans for these modules mount: allow_mount_anyfile & systemd:systemd_tmpfiles_manage_all Signed-off-by: Shrikant Bobade --- ...mount-enable-requiried-refpolicy-booleans.patch | 43 ++ .../refpolicy/refpolicy_2.20151208

[yocto] [meta-selinux][RFC 5/8] init: fix reboot with systemd as init manager.

2016-07-29 Thread Shrikant Bobade
From: Shrikant Bobade add allow rule to fix avc denial during system reboot. Signed-off-by: Shrikant Bobade --- ...t-fix-reboot-with-systemd-as-init-manager.patch | 35 ++ .../refpolicy/refpolicy_2.20151208.inc | 1 + 2 files changed, 36 insertions(+) create

[yocto] [meta-selinux][RFC 4/8] locallogin: add allow rules for type local_login_t

2016-07-29 Thread Shrikant Bobade
From: Shrikant Bobade add allow rules for locallogin module avc denials. Signed-off-by: Shrikant Bobade --- ...in-add-allow-rules-for-type-local_login_t.patch | 52 ++ .../refpolicy/refpolicy_2.20151208.inc | 1 + 2 files changed, 53 insertions(+) create mode

[yocto] [meta-selinux][RFC 2/8] audit: logging: getty: audit related allow rules

2016-07-29 Thread Shrikant Bobade
From: Shrikant Bobade add allow rules for audit.log file & resolve dependent avc denials. Signed-off-by: Shrikant Bobade --- ...t-logging-getty-audit-related-allow-rules.patch | 66 ++ .../refpolicy/refpolicy_2.20151208.inc | 1 + 2 files changed

[yocto] [meta-selinux][RFC 3/8] systemd: mount: logging: authlogin: add allow rules

2016-07-29 Thread Shrikant Bobade
From: Shrikant Bobade add allow rules for avc denails for systemd, mount, logging & authlogin modules. without this change we are getting avc. denials from these modules. Signed-off-by: Shrikant Bobade --- ...d-mount-logging-authlogin-add-allow-rules.patch

[yocto] [meta-selinux][RFC 1/8] systemd:unconfined:lib: add systemd services allow rules

2016-07-29 Thread Shrikant Bobade
From: Shrikant Bobade systemd allow rules for systemd service file operations: start, stop, restart & allow rule for unconfined systemd service. without this change we are geting avc denials and access denied to perform operations service file. Signed-off-by: Shrikant Bobade --- ...onf

[yocto] [meta-selinux] Regarding "systemd" support with refpolicy-minimum v20151208

2016-07-01 Thread Shrikant Bobade
Hi, Using refpolicy-minimum v20151208 with systemd as init manager, I am facing few issues during enforcing mode, 1. systemd service status check, start & stop 2. auditd logfile error, so it is mixing with the boot log. 3. also other avc denials related to tmpfs & other types etc.. setup detail

[yocto] [meta-selinux][PATCH] eudev: add wildcard version

2016-06-15 Thread Shrikant Bobade
From: Shrikant Bobade eudev version at poky updated to v3.2 from v3.1.5, so moving it to use wildcard in order to fix the parsing error. Signed-off-by: Shrikant Bobade --- recipes-core/eudev/eudev_%.bbappend | 3 +++ recipes-core/eudev/eudev_3.1.5.bbappend | 3 --- 2 files changed, 3

[yocto] [meta-selinux][PATCH] packagegroup-selinux-policycoreutils: add policycoreutils-hll

2016-05-31 Thread Shrikant Bobade
From: Shrikant Bobade we need policycoreutils-hll to insert custom policy module/package, without it semodule install fail with error: libsemanage.semanage_pipe_data: Unable to execute /usr/libexec/selinux/hll/ pp : No such file or directory libsemanage.semanage_direct_commit: Failed to compile

[yocto] [meta-selinux][PATCH] iproute2: fix qa warning by using with-selinux

2016-05-31 Thread Shrikant Bobade
From: Shrikant Bobade WARNING: iproute2-4.6.0-r0 do_package_qa: QA Issue: iproute2-ss rdepends on libselinux, but it isn't a build dependency, missing libselinux in DEPENDS or PACKAGECONFIG? [build-deps] Signed-off-by: Shrikant Bobade --- recipes-connectivity/iproute2/iproute2_%.bbappen

[yocto] [meta-selinux][PATCH] libselinux_git: fix warnings of unavailable patches

2016-05-26 Thread Shrikant Bobade
From: Shrikant Bobade Drop unavailable patches entry to fix the warning, even we are using libselinux v2.5 these warnings pop-up during recipes parsing. WARNING:..libselinux_git.bb: Unable to get checksum for libselinux SRC_URI entry libselinux-get-pywrap-depends-on-selinux.py.patch: file could

[yocto] [meta-selinux][PATCH] refpolicy-minimum_git: add systemd dependent policy modules

2016-05-26 Thread Shrikant Bobade
From: Shrikant Bobade with systemd enabled refpolicy-minimum build breaks due to missing dependent policy modules, so add the dependent modules: clock, systemd, udev conditionally based on DISTRO_FEATURES. dependent systemd policy modules needed to fix these errors: * Failed to resolve

[yocto] [meta-selinux][PATCH 2/2] refpolicy-minimum_2.20151208: add systemd dependent policy modules

2016-05-25 Thread Shrikant Bobade
From: Shrikant Bobade with systemd enabled refpolicy-minimum build breaks due to missing dependent policy modules, so add the dependent modules: clock, systemd, udev conditionally based on DISTRO_FEATURES. dependent systemd policy modules needed to fix these errors: * Failed to resolve

[yocto] [meta-selinux][PATCH 1/2] refpolicy_common.inc: enable conditional systemd support

2016-05-25 Thread Shrikant Bobade
From: Shrikant Bobade refpolicy now introduced systemd support using POLICY_SYSTEMD variable, with systemd enabled setup we need the refpolicy with systemd support, so enable systemd support based on DISTRO_FEATURES. Signed-off-by: Shrikant Bobade --- recipes-security/refpolicy

Re: [yocto] [meta-selinux] Jethro branch

2016-03-02 Thread Shrikant Bobade
Checked jethro branch, image booting successfully, policy loads well & label file-system thanks ! used distro : poky-selinux & image: core-image-selinux meta-yocto-bsp= "branch_jethro:b1f23d1254682866236bfaeb843c0d8aa332efc2" meta-selinux = "branch_jethro:4c75d9cbcf1d75043c7c5ab315aa383d9

[yocto] [meta-selinux] Enquiry Regarding build break of libsepol & libselinux w.r.to 5.2.0

2015-09-29 Thread Shrikant Bobade
obade/Mentor/POKY_meta-selinux_poky_master/meta-selinux/recipes-security/selinux/libselinux_2.4.bb, do_install Summary: There were 2 WARNING messages shown. Summary: There were 2 ERROR messages shown, returning a non-zero exit code. sbobade@sbobade-VirtualBox:~/Mentor/POKY

[yocto] [meta-selinux][PATCH v2] audit: fix qa warning, update config option

2015-08-14 Thread Shrikant Bobade
From: Shrikant Bobade update config option '--with-armeb' to '--with-arm' for audit qa warning fix. Signed-off-by: Shrikant Bobade --- recipes-security/audit/audit_2.4.3.bb |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-security/audit/audit

Re: [yocto] [meta-selinux][PATCH] audit: fix qa warning of unrecognised config

2015-08-14 Thread Shrikant Bobade
On Fri, Aug 14, 2015 at 2:29 PM, Khem Raj wrote: > On Fri, Aug 14, 2015 at 1:53 AM, Shrikant Bobade > wrote: > > Hi, > > > > observed: WARNING: QA Issue: audit: configure was passed unrecognised > > options: --with-armeb [unknown-configure-option] > > on cor

Re: [yocto] [meta-selinux][PATCH] audit: fix qa warning of unrecognised config

2015-08-14 Thread Shrikant Bobade
armv5 thumb dsp" TARGET_FPU= "soft" meta meta-yocto meta-yocto-bsp= "master:a533776d6ff83b6e3e830137455b8382d002768b" meta-selinux = "master:684ee9401f33db7c9d5b183988d89c688c9dd0be" Thanks Shrikant On Fri, Aug 14, 2015 at 2:16 PM, Shrikant Bobade wrote: > From: Shrikant Bobade >

[yocto] [meta-selinux][PATCH] audit: fix qa warning of unrecognised config

2015-08-14 Thread Shrikant Bobade
From: Shrikant Bobade remove --with-armeb=yes to fix the configure unrecognised option qa warning. Signed-off-by: Shrikant Bobade --- recipes-security/audit/audit_2.4.3.bb |1 - 1 file changed, 1 deletion(-) diff --git a/recipes-security/audit/audit_2.4.3.bb b/recipes-security/audit

Re: [yocto] [meta-selinux][PATCH v1] libpam: use wildcard for version and cleanup

2015-08-12 Thread Shrikant Bobade
On Tue, Aug 11, 2015 at 7:07 PM, Joe MacDonald wrote: > [Re: [yocto] [meta-selinux][PATCH v1] libpam: use wildcard for version and > cleanup] On 15.08.11 (Tue 16:39) Shrikant Bobade wrote: > > > Hi Philip, > > > > > > On Tue, Aug 11, 2015 at 10:39 AM, Phil

Re: [yocto] [meta-selinux] [PATCH] audit: remove add-system-call-table-for-ARM.patch

2015-08-11 Thread Shrikant Bobade
Thanks for an update. Works for me too.. Thanks Shrikant On Tue, Aug 11, 2015 at 11:07 AM, Robert Yang wrote: > There isn't lib/machinetabs.h any more, there isn't data structures like > "static const char machine_strings", either. > > This fixed a do_patch error when arm. > > Signed-off-by: R

Re: [yocto] [meta-selinux][PATCH v1] libpam: use wildcard for version and cleanup

2015-08-11 Thread Shrikant Bobade
Hi Philip, On Tue, Aug 11, 2015 at 10:39 AM, Philip Tricca wrote: > Hey Shrikant, > > On 07/30/2015 02:31 AM, Shrikant Bobade wrote: > > This patch provides green build for core-image-selinux > > (meta-selinux:master & poky:master) against libpam upgrade from 1.1.

[yocto] [meta-selinux][PATCH 8/8] README : update supported refpolicy version details

2015-08-03 Thread Shrikant Bobade
From: Shrikant Bobade README updated with the supported refpolicy version details and information of refpolicy building from git repository. Signed-off-by: Shrikant Bobade --- README | 15 +++ 1 file changed, 15 insertions(+) diff --git a/README b/README index 3fe8af4..afee84a

[yocto] [meta-selinux][PATCH 7/8] refpolicy-minimum: update base refpolicy to git repo

2015-08-03 Thread Shrikant Bobade
From: Shrikant Bobade A simple forward-port of refpolicy-minimum to use the refpolicy from git repository. Signed-off-by: Shrikant Bobade --- .../refpolicy/refpolicy-minimum_git.bb | 48 1 file changed, 48 insertions(+) create mode 100644 recipes-security

[yocto] [meta-selinux][PATCH 6/8] refpolicy-standard: update base refpolicy to git repo

2015-08-03 Thread Shrikant Bobade
From: Shrikant Bobade A simple forward-port of refpolicy-standard to use the refpolicy from git repository. Signed-off-by: Shrikant Bobade --- .../refpolicy/refpolicy-standard_git.bb|8 1 file changed, 8 insertions(+) create mode 100644 recipes-security/refpolicy

[yocto] [meta-selinux][PATCH 5/8] refpolicy-mls: update base refpolicy to git repo

2015-08-03 Thread Shrikant Bobade
From: Shrikant Bobade A simple forward-port of refpolicy-mls to use the refpolicy from git repository. Signed-off-by: Shrikant Bobade --- recipes-security/refpolicy/refpolicy-mls_git.bb | 10 ++ 1 file changed, 10 insertions(+) create mode 100644 recipes-security/refpolicy

[yocto] [meta-selinux][PATCH 4/8] refpolicy-mcs: update base refpolicy to git repo

2015-08-03 Thread Shrikant Bobade
From: Shrikant Bobade A simple forward-port of refpolicy-mcs to use the refpolicy from git repository. Signed-off-by: Shrikant Bobade --- recipes-security/refpolicy/refpolicy-mcs_git.bb | 11 +++ 1 file changed, 11 insertions(+) create mode 100644 recipes-security/refpolicy

[yocto] [meta-selinux][PATCH 3/8] refpolicy-targeted: update base refpolicy to git repo

2015-08-03 Thread Shrikant Bobade
From: Shrikant Bobade A simple forward-port of refpolicy-targeted to use the refpolicy from git repository. Signed-off-by: Shrikant Bobade --- .../refpolicy/refpolicy-targeted_git.bb| 20 1 file changed, 20 insertions(+) create mode 100644 recipes-security

[yocto] [meta-selinux][PATCH 2/8] refpolicy git: rebase patches with code base

2015-08-03 Thread Shrikant Bobade
From: Shrikant Bobade During forward-port of these patches from refpolicy 20140311, requires rebase with the refpolicy git repos head master code base,in order to resolve the patch conflicts. Signed-off-by: Shrikant Bobade --- .../refpolicy/refpolicy-git/poky-fc-fstools.patch | 49

[yocto] [meta-selinux][PATCH 1/8] refpolicy git: update refpolicy to git repository

2015-08-03 Thread Shrikant Bobade
From: Shrikant Bobade A straight update from refpolicy 2.20140311 to refpolicy git repository for the core policy variants and forward-porting of policy patches as appropriate. This approach is useful for building refpolicy & refpolicy-contrib directly from the git repos, rather than rel

[yocto] [meta-selinux][PATCH 7/7] refpolicy-minimum: update base refpolicy 20141203

2015-07-30 Thread Shrikant Bobade
From: Shrikant Bobade A simple forward-port of refpolicy-minimum to use the 20141203 base refpolicy. Signed-off-by: Shrikant Bobade --- .../refpolicy/refpolicy-minimum_2.20141203.bb | 48 1 file changed, 48 insertions(+) create mode 100644 recipes-security

[yocto] [meta-selinux][PATCH 6/7] refpolicy-standard: update base refpolicy 20141203

2015-07-30 Thread Shrikant Bobade
From: Shrikant Bobade A simple forward-port of refpolicy-standard to use the 20141203 base refpolicy. Signed-off-by: Shrikant Bobade --- .../refpolicy/refpolicy-standard_2.20141203.bb |8 1 file changed, 8 insertions(+) create mode 100644 recipes-security/refpolicy/refpolicy

[yocto] [meta-selinux][PATCH 5/7] refpolicy-mls: update base refpolicy 20141203

2015-07-30 Thread Shrikant Bobade
From: Shrikant Bobade A simple forward-port of refpolicy-mls to use the 20141203 base refpolicy. Signed-off-by: Shrikant Bobade --- .../refpolicy/refpolicy-mls_2.20141203.bb | 10 ++ 1 file changed, 10 insertions(+) create mode 100644 recipes-security/refpolicy/refpolicy

[yocto] [meta-selinux][PATCH 4/7] refpolicy-mcs: update base refpolicy 20141203

2015-07-30 Thread Shrikant Bobade
From: Shrikant Bobade A simple forward-port of refpolicy-mcs to use the 20141203 base refpolicy. Signed-off-by: Shrikant Bobade --- .../refpolicy/refpolicy-mcs_2.20141203.bb | 11 +++ 1 file changed, 11 insertions(+) create mode 100644 recipes-security/refpolicy/refpolicy

[yocto] [meta-selinux][PATCH 3/7] refpolicy-targeted: update base refpolicy 20141203

2015-07-30 Thread Shrikant Bobade
From: Shrikant Bobade A simple forward-port of refpolicy-targeted to use the 20141203 base refpolicy. Signed-off-by: Shrikant Bobade --- .../refpolicy/refpolicy-targeted_2.20141203.bb | 20 1 file changed, 20 insertions(+) create mode 100644 recipes-security

[yocto] [meta-selinux][PATCH 2/7] refpolicy 20141203: rebase patches with code base

2015-07-30 Thread Shrikant Bobade
From: Shrikant Bobade During forward-port of these patches from refpolicy 2014120311, requires rebase with the refpolicy 20141203 code base, in order to resolve the patch conflicts. Signed-off-by: Shrikant Bobade --- .../refpolicy-2.20141203/poky-fc-fstools.patch | 49

[yocto] [meta-selinux][PATCH 1/7] refpolicy: update refpolicy to 20141203 release

2015-07-30 Thread Shrikant Bobade
From: Shrikant Bobade A straight update from refpolicy 2.20140311 to 2.20141203 for the core policy variants and forward-porting of policy patches as appropriate. ref: https://github.com/TresysTechnology/refpolicy/wiki Signed-off-by: Shrikant Bobade --- .../ftp-add-ftpd_t-to

[yocto] [meta-selinux][PATCH 2/2] README: update supported linux-yocto versions

2015-07-30 Thread Shrikant Bobade
From: Shrikant Bobade README updated with the list of supported linux-yocto versions and details to use it while preparing selinux enabled images. Signed-off-by: Shrikant Bobade --- README | 10 ++ 1 file changed, 10 insertions(+) diff --git a/README b/README index 3fe8af4..22d7599

[yocto] [meta-selinux][PATCH 1/2] linux-yocto: enable selinux support for kernel v4.1

2015-07-30 Thread Shrikant Bobade
From: Shrikant Bobade The default kernel is now v4.1. So we need the selinux support for kernel v4.1, inorder to get selinux enabled images out of box. Signed-off-by: Shrikant Bobade --- recipes-kernel/linux/linux-yocto_4.1.bbappend |8 1 file changed, 8 insertions(+) create

Re: [yocto] [meta-selinux][PATCH v1] libpam: use wildcard for version and cleanup

2015-07-30 Thread Shrikant Bobade
the login issue appears even with disabled selinux support (selinux=0). Thanks Shrikant Bobade On Thu, Jul 30, 2015 at 2:55 PM, Shrikant Bobade wrote: > From: Shrikant Bobade > > use wildcard for version: adopting libpam upgrade from 1.1.6 to 1.2.1, > cleanup older recipe and remov

[yocto] [meta-selinux][PATCH v1] libpam: use wildcard for version and cleanup

2015-07-30 Thread Shrikant Bobade
From: Shrikant Bobade use wildcard for version: adopting libpam upgrade from 1.1.6 to 1.2.1, cleanup older recipe and remove patch sepermit-add-DESTDIR-prefix.patch since the changes already available with latest source. Signed-off-by: Shrikant Bobade --- .../pam/libpam/sepermit-add-DESTDIR

[yocto] [meta-selinux][PATCH] libpam: use wildcard for version and cleanup

2015-07-30 Thread Shrikant Bobade
From: Shrikant Bobade use wildcard for version: adopting libpam upgrade from 1.6.1 to 1.2.1, cleanup older recipe and remove patch sepermit-add-DESTDIR-prefix.patch since the changes already available with latest source. Signed-off-by: Shrikant Bobade --- .../pam/libpam/sepermit-add-DESTDIR

[yocto] [meta-selinux][PATCH] linux-yocto: enable selinux support for kernel v3.19

2015-06-05 Thread Shrikant Bobade
From: Shrikant Bobade The default kernel is now v3.19. So we need the selinux support for kernel v3.19, inorder to get selinux enabled images out of box. Signed-off-by: Shrikant Bobade --- recipes-kernel/linux/linux-yocto_3.19.bbappend |8 1 file changed, 8 insertions(+) create

Re: [yocto] [meta-selinux][PATCH 3/3] pkggrp-core-selinux: coreutils addition

2015-01-05 Thread Shrikant Bobade
Hello, Please provide review comments or feedback if any, It will be a great help. @Ping. Thanks Shrikant On Wed, Nov 19, 2014 at 1:46 PM, Shrikant Bobade wrote: > From: Shrikant Bobade > > To add coreutils to packagegroup-core-selinux > inorder to get chcon avaibility. >

Re: [yocto] [meta-selinux][PATCH 2/3] selinux-init: update for systemd

2015-01-05 Thread Shrikant Bobade
Hello, Please provide review comments or feedback if any, It will be a great help. @Ping. Thanks Shrikant On Wed, Nov 19, 2014 at 1:43 PM, Shrikant Bobade wrote: > From: Shrikant Bobade > > selinux-init.sh updated to reboot system > normally to fix the labelling during systemd

Re: [yocto] [meta-selinux][PATCH 1/3] V2 refpolicy:20140311 update for systemd

2015-01-05 Thread Shrikant Bobade
Hello, Please provide review comments or feedback if any, It will be a great help. @Ping. Thanks Shrikant On Wed, Nov 19, 2014 at 1:43 PM, Shrikant Bobade wrote: > From: Shrikant Bobade > > Systemd init type and related allow rules > updated for refpolicy. > > Signed-off-b

[yocto] [meta-selinux][PATCH 3/3] pkggrp-core-selinux: coreutils addition

2014-11-19 Thread Shrikant Bobade
From: Shrikant Bobade To add coreutils to packagegroup-core-selinux inorder to get chcon avaibility. Signed-off-by: Shrikant Bobade --- .../packagegroups/packagegroup-core-selinux.bb |1 + 1 file changed, 1 insertion(+) diff --git a/recipes-security/packagegroups/packagegroup-core

[yocto] [meta-selinux][PATCH 2/3] selinux-init: update for systemd

2014-11-19 Thread Shrikant Bobade
From: Shrikant Bobade selinux-init.sh updated to reboot system normally to fix the labelling during systemd execution. Due to force reboot labelling won't be proper and system continuously reboot to label it like first time boot. Signed-off-by: Shrikant Bobade --- .../selinux/selinux-c

[yocto] [meta-selinux][PATCH 1/3] V2 refpolicy:20140311 update for systemd

2014-11-19 Thread Shrikant Bobade
From: Shrikant Bobade Systemd init type and related allow rules updated for refpolicy. Signed-off-by: Shrikant Bobade --- .../refpolicy-update-for_systemd.patch | 46 .../refpolicy/refpolicy_2.20140311.inc |1 + 2 files changed, 47 insertions

[yocto] [meta-selinux][PATCH] refpolicy:20140311 update for systemd

2014-11-18 Thread Shrikant Bobade
From: Shrikant Bobade Systemd init type and related allow rules updated for refpolicy. Signed-off-by: Shrikant Bobade --- .../refpolicy-update-for_systemd.patch | 50 .../refpolicy/refpolicy_2.20140311.inc |1 + 2 files changed, 51 insertions