On 03/21/2016 12:26 AM, Philip Tricca wrote:
> This was mostly straight forward. Had to refresh a single patch:
> poky-policy-fix-new-SELINUXMNT-in-sys.patch
Can we drop that one? Doesn't upstream already include rules for the
change from /selinux to /sys/fs/selinux, since that has been the defau
in the refpolicy
common include file that can be set elsewhere to enable this support.
Signed-off-by: Stephen Smalley
---
recipes-security/refpolicy/refpolicy_common.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/recipes-security/refpolicy/refpolicy_common.inc
b/recipes-security
selinux upstream commits c7cf5d8aa061b9616bf9d5e91139ce4fb40f532c
and f77021d720f12767576c25d751c75cacd7478614
Signed-off-by: Stephen Smalley
---
...bselinux-procattr-return-einval-for-0-pid.patch | 47 ++
...inux-procattr-return-error-on-invalid-pid.patch | 40
selinux upstream commit 5a8d8c499b2ef80eaa7b5abe2ec68d7101e613bf
Signed-off-by: Stephen Smalley
---
.../libselinux-only-mount-proc-if-necessary.patch | 54 ++
recipes-security/selinux/libselinux_2.5.bb | 1 +
2 files changed, 55 insertions(+)
create mode 100644
Signed-off-by: Stephen Smalley
---
...cycoreutils-fix-TypeError-for-seobject.py.patch | 27 -
.../policycoreutils-pp-builtin-roles.patch | 70 --
...-process-ValueError-for-sepolicy-seobject.patch | 23 ---
.../policycoreutils-semanage-edit-user.patch
libsemanage 2.5 renamed /var/lib/selinux/tmp to /var/lib/selinux/final;
update the refpolicy recipe accordingly.
Signed-off-by: Stephen Smalley
---
recipes-security/refpolicy/refpolicy_common.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/recipes-security/refpolicy
These include files are no longer used by any .bb files.
Signed-off-by: Stephen Smalley
---
recipes-security/selinux/selinux_20140506.inc | 5 -
recipes-security/selinux/selinux_20150202.inc | 5 -
2 files changed, 10 deletions(-)
delete mode 100644 recipes-security/selinux
Signed-off-by: Stephen Smalley
---
recipes-security/selinux/checkpolicy.inc| 2 +-
recipes-security/selinux/checkpolicy_2.4.bb | 7 ---
recipes-security/selinux/checkpolicy_2.5.bb | 7 +++
3 files changed, 8 insertions(+), 8 deletions(-)
delete mode 100644 recipes-security/selinux
SELinux Common Intermediate Language (CIL) policy compiler
Signed-off-by: Stephen Smalley
---
recipes-security/selinux/secilc.inc| 11 +++
recipes-security/selinux/secilc_2.5.bb | 7 +++
2 files changed, 18 insertions(+)
create mode 100644 recipes-security/selinux/secilc.inc
Signed-off-by: Stephen Smalley
---
recipes-security/selinux/sepolgen_1.2.1.bb | 7 ---
recipes-security/selinux/sepolgen_1.2.3.bb | 7 +++
2 files changed, 7 insertions(+), 7 deletions(-)
delete mode 100644 recipes-security/selinux/sepolgen_1.2.1.bb
create mode 100644 recipes-security
Signed-off-by: Stephen Smalley
---
recipes-security/selinux/libsemanage.inc | 3 ++
...ibsemanage-allow-to-disable-audit-support.patch | 49 ++
recipes-security/selinux/libsemanage_2.4.bb| 19 -
recipes-security/selinux/libsemanage_2.5.bb
Signed-off-by: Stephen Smalley
---
...bselinux-get-pywrap-depends-on-selinux.py.patch | 31 -
.../libselinux-make-O_CLOEXEC-optional.patch | 67 ++--
.../libselinux-mount-procfs-before-check.patch | 74 --
recipes-security/selinux
Signed-off-by: Stephen Smalley
---
recipes-security/selinux/libsepol_2.4.bb | 9 -
recipes-security/selinux/libsepol_2.5.bb | 9 +
2 files changed, 9 insertions(+), 9 deletions(-)
delete mode 100644 recipes-security/selinux/libsepol_2.4.bb
create mode 100644 recipes-security
Signed-off-by: Stephen Smalley
---
recipes-security/selinux/selinux_20160223.inc | 5 +
1 file changed, 5 insertions(+)
create mode 100644 recipes-security/selinux/selinux_20160223.inc
diff --git a/recipes-security/selinux/selinux_20160223.inc
b/recipes-security/selinux/selinux_20160223
SELinux support was merged upstream in at-3.1.18,
so this patch no longer applies and is not needed.
Signed-off-by: Stephen Smalley
---
recipes-extended/at/at/at-3.1.13-selinux.patch | 184 -
recipes-extended/at/at_%.bbappend | 6 -
2 files changed, 190
15 matches
Mail list logo
