[yocto] [meta-selinux][PULL] refpolicy: update to 2.20190201 and git HEAD policies (2019-04-10 10:57:14 -0400)

Wed, 10 Apr 2019 08:54:34 -0700 

This is a huge, long-overdue update the refpolicy.  I apologise for it
blocking the other outstanding meta-selinux patches, but I've been
trying to limit the scope of changes while this happens.  Now that this
is cleared off the slate, I'll be gathering up the other meta-selinux
patches from the list.  I'll send out a follow-up on those as they're
merged and another when I think I'm done, so if I've missed your patch,
that'll be the time to ping me about it.

As for this, here's what I've done.

        - manually reviewed all patches that had been present in
          repolicy-* for both the old stable (2.20170204) and git
          versions

        - forked the SELinuxPolicy/refpolicy repo and applied all
          still-relevant patches to the RELEASE_2.20190201 branch

        - restructured the patches so that all patches that should
          reasonably apply to all variants (mcs, mls, minimum, standard
          and targeted) were in a common branch and only the ones that
          are specific to each variant would be in their own recipe

        - restructure the patches so that systemd and sysvinit patches
          were not applied to the same tree

        - created a parallel set of branches for each of these against
          current git HEAD

The results of this can be examined here:

        https://github.com/joeythesaint/refpolicy

Then each of these were exported and put in the appropriate SRC_URIs so
the branch structure is more-or-less preserved.

My goals with this approach were the following:

        - make it easier to keep refpolicy up to date, particularly for
          anyone wanting to use the git variants

        - make it easier to determine how your preferred version of
          refpolicy on Yocto differs from upstream refpolicy

        - limit the above differences to the minimum to achieve the goal
          of a functional Yocto system

        - eventually move us away from release tarballs entirely

That last point is why I'm preserving the refpolicy fork above.  I'd
like to keep going with this and so future refpolicy patches will first
be put in that repo then exported and applied to the SRC_URIs.  If you
have such a patch and want to send me a PR against the branch you think
it belongs on from github directly, that'd be awesome, but the old
method of patches to the mailing list will work fine too, just know that
this is the way I'm going to try to manage this for the foreseeable
future.  Ultimately, if this proves to work well, I would like to move
the refpolicy fork off github and house it on git.yoctoproject.org
beside meta-selinux, but the workflow needs to be properly validated
first.

One additional point, I intend to take another pass at revising this
stuff, ideally moving the huge number of common patches out as well.
There's still some that aren't necessary for base yocto but are for
additional layers.  That's fine for us to have, but I'd like to get
those moved to optional layer directories so we're making the best use
of that functionality we can.  If you have suggestions on which pieces
already present are good candidates, let me know.  Similarly, if you've
got additional policy patches you want to see included, feel free to
send them along, we can easily move them to optional locations inside
meta-selinux.

Finally, please everyone test this and provide feedback on anything that
doesn't work or looks strange.  This is easily the biggest change we've
had in meta-selinux in years and I expect there's still some wrinkles to
be ironed out.  And I really appreciate everyone's patience while we got
to this point and hope it's not too much more pain before we put a
ribbon on this and call it done.

I'll give this until at least the weekend before merging it to master,
pending comments or an overwhelming "please just do it" from the
community.

Thanks.

---

The following changes since commit a6a3cadb1ef3203a123d8f5f9df27832f55b2ce3:

  Backport patches from upstream to fix build with musl (2019-03-25 09:43:53 
+0100)

are available in the Git repository at:

  git://git.yoctoproject.org/meta-selinux yocto/master-next

for you to fetch changes up to 776da889b550ac9e5be414a8cc10fd86b1923264:

  refpolicy: update to 2.20190201 and git HEAD policies (2019-04-10 10:57:14 
-0400)

----------------------------------------------------------------
Joe MacDonald (1):
      refpolicy: update to 2.20190201 and git HEAD policies

 README                                             |  16 +-
 .../refpolicy-2.20170204/poky-fc-clock.patch       |  20 --
 .../poky-fc-corecommands.patch                     |  24 --
 .../refpolicy-2.20170204/poky-fc-dmesg.patch       |  18 --
 .../poky-fc-fix-real-path_login.patch              |  37 ---
 .../poky-fc-fix-real-path_shadow.patch             |  34 ---
 .../refpolicy-2.20170204/poky-fc-fstools.patch     |  75 ------
 .../refpolicy-2.20170204/poky-fc-ftpwho-dir.patch  |  27 ---
 .../refpolicy-2.20170204/poky-fc-iptables.patch    |  24 --
 .../refpolicy-2.20170204/poky-fc-mta.patch         |  27 ---
 .../refpolicy-2.20170204/poky-fc-netutils.patch    |  24 --
 .../refpolicy-2.20170204/poky-fc-nscd.patch        |  25 --
 .../refpolicy-2.20170204/poky-fc-rpm.patch         |  23 --
 .../refpolicy-2.20170204/poky-fc-screen.patch      |  23 --
 .../refpolicy-2.20170204/poky-fc-su.patch          |  20 --
 .../refpolicy-2.20170204/poky-fc-subs_dist.patch   |  33 ---
 .../refpolicy-2.20170204/poky-fc-sysnetwork.patch  |  48 ----
 .../refpolicy-2.20170204/poky-fc-udevd.patch       |  38 ---
 .../poky-fc-update-alternatives_bash.patch         |  24 --
 .../poky-fc-update-alternatives_hostname.patch     |  21 --
 .../poky-fc-update-alternatives_sysklogd.patch     |  62 -----
 .../poky-fc-update-alternatives_sysvinit.patch     |  57 -----
 ...ky-policy-add-rules-for-syslogd_t-symlink.patch |  30 ---
 ...licy-add-rules-for-var-log-symlink-apache.patch |  31 ---
 ...rules-for-var-log-symlink-audisp_remote_t.patch |  29 ---
 ...poky-policy-add-rules-for-var-log-symlink.patch | 185 ---------------
 ...-policy-allow-nfsd-to-exec-shell-commands.patch |  60 -----
 ...-policy-allow-setfiles_t-to-read-symlinks.patch |  30 ---
 .../poky-policy-fix-dmesg-to-use-dev-kmsg.patch    |  37 ---
 .../poky-policy-fix-new-SELINUXMNT-in-sys.patch    | 259 ---------------------
 ...olicy-fix-setfiles-statvfs-get-file-count.patch |  32 ---
 ...-volatile-alias-common-var-volatile-paths.patch |  36 +++
 ...001-fix-update-alternatives-for-sysvinit.patch} |  51 ++--
 ...nimum-audit-logging-getty-audit-related-.patch} |  17 +-
 ...-busybox-set-aliases-for-bin-sbin-and-usr.patch |  31 +++
 ...nimum-locallogin-add-allow-rules-for-typ.patch} |  11 +-
 ...ysklogd-apply-policy-to-sysklogd-symlink.patch} |  49 ++--
 ...nimum-systemd-unconfined-lib-add-systemd.patch} |  34 +--
 ...-apply-policy-to-common-yocto-hostname-al.patch |  27 +++
 ...nimum-systemd-mount-logging-authlogin-ad.patch} |  39 ++--
 ...ply-usr-bin-bash-context-to-bin-bash.bash.patch |  30 +++
 ...inimum-init-fix-reboot-with-systemd-as-in.patch |   9 +-
 ...nf-label-resolv.conf-in-var-run-properly.patch} |  24 +-
 ...inimum-systemd-mount-enable-required-refp.patch |  92 ++++++++
 ...ogin-apply-login-context-to-login.shadow.patch} |  22 +-
 ...inimum-systemd-fix-for-login-journal-serv.patch |  33 +--
 .../0008-fc-bind-fix-real-path-for-bind.patch}     |  25 +-
 ...inimum-systemd-fix-for-systemd-tmp-files-.patch |  34 ++-
 .../0009-fc-hwclock-add-hwclock-alternatives.patch |  28 +++
 ...-refpolicy-minimum-systemd-fix-for-syslog.patch |  13 +-
 ...-dmesg-apply-policy-to-dmesg-alternatives.patch |  24 ++
 ...-fc-ssh-apply-policy-to-ssh-alternatives.patch} |  21 +-
 ...snetwork-apply-policy-to-ip-alternatives.patch} |  35 ++-
 ...c-udev-apply-policy-to-udevadm-in-libexec.patch |  28 +++
 ...pm-apply-rpm_exec-policy-to-cpio-binaries.patch |  29 +++
 ...15-fc-su-apply-policy-to-su-alternatives.patch} |  18 +-
 ...016-fc-fstools-fix-real-path-for-fstools.patch} |  58 ++---
 ...e-logging-Add-the-syslogd_t-to-trusted-o.patch} |  18 +-
 ...le-logging-add-rules-for-the-symlink-of-v.patch | 100 ++++++++
 ...le-logging-add-rules-for-syslogd-symlink-.patch |  33 +++
 ...e-logging-add-domain-rules-for-the-subdi.patch} |  18 +-
 ...e-files-add-rules-for-the-symlink-of-tmp.patch} |  69 ++----
 ...e-terminals-add-rules-for-bsdpty_device_.patch} |  60 ++---
 ...e-terminals-don-t-audit-tty_device_t-in-.patch} |  18 +-
 ...ule-rpc-allow-nfsd-to-exec-shell-commands.patch |  29 +++
 ...e-rpc-fix-policy-for-nfsserver-to-mount-.patch} |  96 ++++----
 ...odule-sysfs-fix-for-new-SELINUXMNT-in-sys.patch | 126 ++++++++++
 ...y-module-rpc-allow-sysadm-to-run-rpcinfo.patch} |  24 +-
 ...e-userdomain-fix-selinux-utils-to-manage.patch} |  28 +--
 ...le-selinuxutil-fix-setfiles-statvfs-to-ge.patch |  33 +++
 ...le-admin-fix-dmesg-to-use-dev-kmsg-as-def.patch |  25 ++
 ...e-ftp-add-ftpd_t-to-mls_file_write_all_l.patch} |  26 ++-
 ...e-init-update-for-systemd-related-allow-.patch} |  16 +-
 ...cy-minimum-make-sysadmin-module-optional.patch} |  28 +--
 ...le-apache-add-rules-for-the-symlink-of-va.patch |  33 +++
 ...-volatile-alias-common-var-volatile-paths.patch |  36 +++
 ...0001-fix-update-alternatives-for-sysvinit.patch |  53 +++++
 ...inimum-audit-logging-getty-audit-related-.patch |  68 ++++++
 ...-busybox-set-aliases-for-bin-sbin-and-usr.patch |  31 +++
 ...inimum-locallogin-add-allow-rules-for-typ.patch |  54 +++++
 ...sysklogd-apply-policy-to-sysklogd-symlink.patch |  57 +++++
 ...inimum-systemd-unconfined-lib-add-systemd.patch | 121 ++++++++++
 ...-apply-policy-to-common-yocto-hostname-al.patch |  27 +++
 ...inimum-systemd-mount-logging-authlogin-ad.patch |  96 ++++++++
 ...ply-usr-bin-bash-context-to-bin-bash.bash.patch |  30 +++
 ...inimum-init-fix-reboot-with-systemd-as-in.patch |  37 +++
 ...nf-label-resolv.conf-in-var-run-properly.patch} |  26 ++-
 ...inimum-systemd-mount-enable-required-refp.patch |  92 ++++++++
 ...login-apply-login-context-to-login.shadow.patch |  27 +++
 ...inimum-systemd-fix-for-login-journal-serv.patch | 103 ++++++++
 ...h => 0008-fc-bind-fix-real-path-for-bind.patch} |  25 +-
 ...inimum-systemd-fix-for-systemd-tmp-files-.patch | 110 +++++++++
 .../0009-fc-hwclock-add-hwclock-alternatives.patch |  28 +++
 ...-refpolicy-minimum-systemd-fix-for-syslog.patch |  70 ++++++
 ...-dmesg-apply-policy-to-dmesg-alternatives.patch |  24 ++
 ...-fc-ssh-apply-policy-to-ssh-alternatives.patch} |  21 +-
 ...ysnetwork-apply-policy-to-ip-alternatives.patch |  48 ++++
 ...c-udev-apply-policy-to-udevadm-in-libexec.patch |  28 +++
 ...pm-apply-rpm_exec-policy-to-cpio-binaries.patch |  29 +++
 ...15-fc-su-apply-policy-to-su-alternatives.patch} |  20 +-
 ...0016-fc-fstools-fix-real-path-for-fstools.patch |  76 ++++++
 ...e-logging-Add-the-syslogd_t-to-trusted-o.patch} |  18 +-
 ...le-logging-add-rules-for-the-symlink-of-v.patch | 100 ++++++++
 ...le-logging-add-rules-for-syslogd-symlink-.patch |  33 +++
 ...e-logging-add-domain-rules-for-the-subdi.patch} |  18 +-
 ...e-files-add-rules-for-the-symlink-of-tmp.patch} |  71 ++----
 ...e-terminals-add-rules-for-bsdpty_device_.patch} |  60 ++---
 ...e-terminals-don-t-audit-tty_device_t-in-.patch} |  18 +-
 ...ule-rpc-allow-nfsd-to-exec-shell-commands.patch |  29 +++
 ...e-rpc-fix-policy-for-nfsserver-to-mount-.patch} |  96 ++++----
 ...odule-sysfs-fix-for-new-SELINUXMNT-in-sys.patch | 126 ++++++++++
 ...y-module-rpc-allow-sysadm-to-run-rpcinfo.patch} |  24 +-
 ...e-userdomain-fix-selinux-utils-to-manage.patch} |  28 +--
 ...le-selinuxutil-fix-setfiles-statvfs-to-ge.patch |  33 +++
 ...le-admin-fix-dmesg-to-use-dev-kmsg-as-def.patch |  25 ++
 ...e-ftp-add-ftpd_t-to-mls_file_write_all_l.patch} |  26 ++-
 ...e-init-update-for-systemd-related-allow-.patch} |  23 +-
 ...cy-minimum-make-sysadmin-module-optional.patch} |  53 ++---
 ...e-apache-add-rules-for-the-symlink-of-va.patch} |  24 +-
 .../refpolicy/refpolicy-git/poky-fc-clock.patch    |  19 --
 .../refpolicy/refpolicy-git/poky-fc-dmesg.patch    |  15 --
 .../poky-fc-fix-real-path_shadow.patch             |  50 ----
 .../refpolicy-git/poky-fc-ftpwho-dir.patch         |  27 ---
 .../refpolicy/refpolicy-git/poky-fc-mta.patch      |  27 ---
 .../refpolicy/refpolicy-git/poky-fc-nscd.patch     |  25 --
 .../refpolicy/refpolicy-git/poky-fc-rpm.patch      |  23 --
 .../refpolicy/refpolicy-git/poky-fc-screen.patch   |  23 --
 .../refpolicy-git/poky-fc-subs_dist.patch          |  32 ---
 .../refpolicy/refpolicy-git/poky-fc-udevd.patch    |  27 ---
 .../poky-fc-update-alternatives_bash.patch         |  12 -
 .../poky-fc-update-alternatives_hostname.patch     |  19 --
 ...ky-policy-add-rules-for-syslogd_t-symlink.patch |  29 ---
 ...rules-for-var-log-symlink-audisp_remote_t.patch |  29 ---
 ...poky-policy-add-rules-for-var-log-symlink.patch |  88 -------
 ...-policy-allow-nfsd-to-exec-shell-commands.patch |  81 -------
 ...-policy-allow-setfiles_t-to-read-symlinks.patch |  30 ---
 .../poky-policy-fix-dmesg-to-use-dev-kmsg.patch    |  22 --
 .../poky-policy-fix-new-SELINUXMNT-in-sys.patch    | 253 --------------------
 ...olicy-fix-setfiles-statvfs-get-file-count.patch |  31 ---
 ...s_2.20170204.bb => refpolicy-mcs_2.20190201.bb} |   0
 ...inimum-systemd-mount-enable-requiried-ref.patch |  47 ----
 ...20170204.bb => refpolicy-minimum_2.20190201.bb} |  39 ++--
 .../refpolicy/refpolicy-minimum_git.bb             |  22 +-
 ...s_2.20170204.bb => refpolicy-mls_2.20190201.bb} |   0
 ...0170204.bb => refpolicy-standard_2.20190201.bb} |   0
 ...efpolicy-remove-duplicate-type_transition.patch |  46 ----
 ...move-duplicate-type_transition_2.20170204.patch |  46 ----
 .../refpolicy-unconfined_u-default-user.patch      | 222 ------------------
 ...licy-unconfined_u-default-user_2.20170204.patch | 222 ------------------
 .../refpolicy/refpolicy-targeted_2.20170204.bb     |  29 ---
 .../refpolicy/refpolicy-targeted_2.20190201.bb     |  35 +++
 .../refpolicy/refpolicy-targeted_git.bb            |  22 +-
 .../refpolicy/refpolicy_2.20170204.inc             |  58 -----
 .../refpolicy/refpolicy_2.20190201.inc             |   7 +
 recipes-security/refpolicy/refpolicy_common.inc    |  48 +++-
 recipes-security/refpolicy/refpolicy_git.inc       |  55 +----
 156 files changed, 3145 insertions(+), 3748 deletions(-)
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-clock.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-corecommands.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-dmesg.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-fix-real-path_login.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-fix-real-path_shadow.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-fstools.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-ftpwho-dir.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-iptables.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-mta.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-netutils.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-nscd.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-rpm.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-screen.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-su.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-subs_dist.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-sysnetwork.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-udevd.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_bash.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_hostname.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_sysklogd.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_sysvinit.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-policy-add-rules-for-syslogd_t-symlink.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-policy-add-rules-for-var-log-symlink-apache.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-policy-add-rules-for-var-log-symlink-audisp_remote_t.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-policy-add-rules-for-var-log-symlink.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-policy-allow-nfsd-to-exec-shell-commands.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-policy-allow-setfiles_t-to-read-symlinks.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-policy-fix-dmesg-to-use-dev-kmsg.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-policy-fix-new-SELINUXMNT-in-sys.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-2.20170204/poky-policy-fix-setfiles-statvfs-get-file-count.patch
 create mode 100644 
recipes-security/refpolicy/refpolicy-2.20190201/0001-fc-subs-volatile-alias-common-var-volatile-paths.patch
 rename 
recipes-security/refpolicy/{refpolicy-git/poky-fc-update-alternatives_sysvinit.patch
 => refpolicy-2.20190201/0001-fix-update-alternatives-for-sysvinit.patch} (51%)
 rename 
recipes-security/refpolicy/{refpolicy-minimum/0002-refpolicy-minimum-audit-logging-getty-audit-related-.patch
 => 
refpolicy-2.20190201/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch}
 (85%)
 create mode 100644 
recipes-security/refpolicy/refpolicy-2.20190201/0002-fc-subs-busybox-set-aliases-for-bin-sbin-and-usr.patch
 rename 
recipes-security/refpolicy/{refpolicy-minimum/0004-refpolicy-minimum-locallogin-add-allow-rules-for-typ.patch
 => 
refpolicy-2.20190201/0002-refpolicy-minimum-locallogin-add-allow-rules-for-typ.patch}
 (87%)
 rename 
recipes-security/refpolicy/{refpolicy-git/poky-fc-update-alternatives_sysklogd.patch
 => 
refpolicy-2.20190201/0003-fc-sysklogd-apply-policy-to-sysklogd-symlink.patch} 
(52%)
 rename 
recipes-security/refpolicy/{refpolicy-minimum/0001-refpolicy-minimum-systemd-unconfined-lib-add-systemd.patch
 => 
refpolicy-2.20190201/0003-refpolicy-minimum-systemd-unconfined-lib-add-systemd.patch}
 (79%)
 create mode 100644 
recipes-security/refpolicy/refpolicy-2.20190201/0004-fc-hostname-apply-policy-to-common-yocto-hostname-al.patch
 rename 
recipes-security/refpolicy/{refpolicy-minimum/0003-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
 => 
refpolicy-2.20190201/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch}
 (76%)
 create mode 100644 
recipes-security/refpolicy/refpolicy-2.20190201/0005-fc-bash-apply-usr-bin-bash-context-to-bin-bash.bash.patch
 rename recipes-security/refpolicy/{refpolicy-minimum => 
refpolicy-2.20190201}/0005-refpolicy-minimum-init-fix-reboot-with-systemd-as-in.patch
 (83%)
 rename 
recipes-security/refpolicy/{refpolicy-git/poky-fc-fix-real-path_resolv.conf.patch
 => 
refpolicy-2.20190201/0006-fc-resolv.conf-label-resolv.conf-in-var-run-properly.patch}
 (54%)
 create mode 100644 
recipes-security/refpolicy/refpolicy-2.20190201/0006-refpolicy-minimum-systemd-mount-enable-required-refp.patch
 rename 
recipes-security/refpolicy/{refpolicy-git/poky-fc-fix-real-path_login.patch => 
refpolicy-2.20190201/0007-fc-login-apply-login-context-to-login.shadow.patch} 
(52%)
 rename recipes-security/refpolicy/{refpolicy-minimum => 
refpolicy-2.20190201}/0007-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch
 (82%)
 rename recipes-security/refpolicy/{refpolicy-2.20170204/poky-fc-fix-bind.patch 
=> refpolicy-2.20190201/0008-fc-bind-fix-real-path-for-bind.patch} (62%)
 rename recipes-security/refpolicy/{refpolicy-minimum => 
refpolicy-2.20190201}/0008-refpolicy-minimum-systemd-fix-for-systemd-tmp-files-.patch
 (80%)
 create mode 100644 
recipes-security/refpolicy/refpolicy-2.20190201/0009-fc-hwclock-add-hwclock-alternatives.patch
 rename recipes-security/refpolicy/{refpolicy-minimum => 
refpolicy-2.20190201}/0009-refpolicy-minimum-systemd-fix-for-syslog.patch (90%)
 create mode 100644 
recipes-security/refpolicy/refpolicy-2.20190201/0010-fc-dmesg-apply-policy-to-dmesg-alternatives.patch
 rename recipes-security/refpolicy/{refpolicy-git/poky-fc-ssh.patch => 
refpolicy-2.20190201/0011-fc-ssh-apply-policy-to-ssh-alternatives.patch} (55%)
 rename recipes-security/refpolicy/{refpolicy-git/poky-fc-sysnetwork.patch => 
refpolicy-2.20190201/0012-fc-sysnetwork-apply-policy-to-ip-alternatives.patch} 
(54%)
 create mode 100644 
recipes-security/refpolicy/refpolicy-2.20190201/0013-fc-udev-apply-policy-to-udevadm-in-libexec.patch
 create mode 100644 
recipes-security/refpolicy/refpolicy-2.20190201/0014-fc-rpm-apply-rpm_exec-policy-to-cpio-binaries.patch
 rename 
recipes-security/refpolicy/{refpolicy-git/poky-fc-fix-real-path_su.patch => 
refpolicy-2.20190201/0015-fc-su-apply-policy-to-su-alternatives.patch} (52%)
 rename recipes-security/refpolicy/{refpolicy-git/poky-fc-fstools.patch => 
refpolicy-2.20190201/0016-fc-fstools-fix-real-path-for-fstools.patch} (66%)
 rename 
recipes-security/refpolicy/{refpolicy-2.20170204/poky-policy-add-syslogd_t-to-trusted-object.patch
 => 
refpolicy-2.20190201/0017-policy-module-logging-Add-the-syslogd_t-to-trusted-o.patch}
 (69%)
 create mode 100644 
recipes-security/refpolicy/refpolicy-2.20190201/0018-policy-module-logging-add-rules-for-the-symlink-of-v.patch
 create mode 100644 
recipes-security/refpolicy/refpolicy-2.20190201/0019-policy-module-logging-add-rules-for-syslogd-symlink-.patch
 rename 
recipes-security/refpolicy/{refpolicy-2.20170204/poky-policy-add-rules-for-var-cache-symlink.patch
 => 
refpolicy-2.20190201/0020-policy-module-logging-add-domain-rules-for-the-subdi.patch}
 (69%)
 rename 
recipes-security/refpolicy/{refpolicy-git/poky-policy-add-rules-for-tmp-symlink.patch
 => 
refpolicy-2.20190201/0021-policy-module-files-add-rules-for-the-symlink-of-tmp.patch}
 (54%)
 rename 
recipes-security/refpolicy/{refpolicy-2.20170204/poky-policy-add-rules-for-bsdpty_device_t.patch
 => 
refpolicy-2.20190201/0022-policy-module-terminals-add-rules-for-bsdpty_device_.patch}
 (67%)
 rename 
recipes-security/refpolicy/{refpolicy-2.20170204/poky-policy-don-t-audit-tty_device_t.patch
 => 
refpolicy-2.20190201/0023-policy-module-terminals-don-t-audit-tty_device_t-in-.patch}
 (66%)
 create mode 100644 
recipes-security/refpolicy/refpolicy-2.20190201/0024-policy-module-rpc-allow-nfsd-to-exec-shell-commands.patch
 rename 
recipes-security/refpolicy/{refpolicy-2.20170204/poky-policy-fix-nfsd_t-to-mount_nfsd_fs_t.patch
 => 
refpolicy-2.20190201/0025-policy-module-rpc-fix-policy-for-nfsserver-to-mount-.patch}
 (54%)
 create mode 100644 
recipes-security/refpolicy/refpolicy-2.20190201/0026-policy-module-sysfs-fix-for-new-SELINUXMNT-in-sys.patch
 rename 
recipes-security/refpolicy/{refpolicy-2.20170204/poky-policy-allow-sysadm-to-run-rpcinfo.patch
 => 
refpolicy-2.20190201/0027-policy-module-rpc-allow-sysadm-to-run-rpcinfo.patch} 
(70%)
 rename 
recipes-security/refpolicy/{refpolicy-2.20170204/poky-policy-fix-seutils-manage-config-files.patch
 => 
refpolicy-2.20190201/0028-policy-module-userdomain-fix-selinux-utils-to-manage.patch}
 (60%)
 create mode 100644 
recipes-security/refpolicy/refpolicy-2.20190201/0029-policy-module-selinuxutil-fix-setfiles-statvfs-to-ge.patch
 create mode 100644 
recipes-security/refpolicy/refpolicy-2.20190201/0030-policy-module-admin-fix-dmesg-to-use-dev-kmsg-as-def.patch
 rename 
recipes-security/refpolicy/{refpolicy-2.20170204/ftp-add-ftpd_t-to-mlsfilewrite.patch
 => 
refpolicy-2.20190201/0031-policy-module-ftp-add-ftpd_t-to-mls_file_write_all_l.patch}
 (74%)
 rename 
recipes-security/refpolicy/{refpolicy-git/refpolicy-update-for_systemd.patch => 
refpolicy-2.20190201/0032-policy-module-init-update-for-systemd-related-allow-.patch}
 (66%)
 rename 
recipes-security/refpolicy/{refpolicy-targeted/refpolicy-fix-optional-issue-on-sysadm-module.patch
 => 
refpolicy-2.20190201/0033-refpolicy-minimum-make-sysadmin-module-optional.patch}
 (69%)
 create mode 100644 
recipes-security/refpolicy/refpolicy-2.20190201/0034-policy-module-apache-add-rules-for-the-symlink-of-va.patch
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0001-fc-subs-volatile-alias-common-var-volatile-paths.patch
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0001-fix-update-alternatives-for-sysvinit.patch
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0002-fc-subs-busybox-set-aliases-for-bin-sbin-and-usr.patch
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0002-refpolicy-minimum-locallogin-add-allow-rules-for-typ.patch
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0003-fc-sysklogd-apply-policy-to-sysklogd-symlink.patch
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0003-refpolicy-minimum-systemd-unconfined-lib-add-systemd.patch
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0004-fc-hostname-apply-policy-to-common-yocto-hostname-al.patch
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0005-fc-bash-apply-usr-bin-bash-context-to-bin-bash.bash.patch
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0005-refpolicy-minimum-init-fix-reboot-with-systemd-as-in.patch
 rename 
recipes-security/refpolicy/{refpolicy-2.20170204/poky-fc-fix-real-path_resolv.conf.patch
 => 
refpolicy-git/0006-fc-resolv.conf-label-resolv.conf-in-var-run-properly.patch} 
(52%)
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0006-refpolicy-minimum-systemd-mount-enable-required-refp.patch
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0007-fc-login-apply-login-context-to-login.shadow.patch
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0007-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch
 rename recipes-security/refpolicy/refpolicy-git/{poky-fc-fix-bind.patch => 
0008-fc-bind-fix-real-path-for-bind.patch} (62%)
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0008-refpolicy-minimum-systemd-fix-for-systemd-tmp-files-.patch
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0009-fc-hwclock-add-hwclock-alternatives.patch
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0009-refpolicy-minimum-systemd-fix-for-syslog.patch
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0010-fc-dmesg-apply-policy-to-dmesg-alternatives.patch
 rename recipes-security/refpolicy/{refpolicy-2.20170204/poky-fc-ssh.patch => 
refpolicy-git/0011-fc-ssh-apply-policy-to-ssh-alternatives.patch} (52%)
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0012-fc-sysnetwork-apply-policy-to-ip-alternatives.patch
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0013-fc-udev-apply-policy-to-udevadm-in-libexec.patch
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0014-fc-rpm-apply-rpm_exec-policy-to-cpio-binaries.patch
 rename 
recipes-security/refpolicy/{refpolicy-2.20170204/poky-fc-fix-real-path_su.patch 
=> refpolicy-git/0015-fc-su-apply-policy-to-su-alternatives.patch} (52%)
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0016-fc-fstools-fix-real-path-for-fstools.patch
 rename 
recipes-security/refpolicy/refpolicy-git/{poky-policy-add-syslogd_t-to-trusted-object.patch
 => 0017-policy-module-logging-Add-the-syslogd_t-to-trusted-o.patch} (69%)
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0018-policy-module-logging-add-rules-for-the-symlink-of-v.patch
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0019-policy-module-logging-add-rules-for-syslogd-symlink-.patch
 rename 
recipes-security/refpolicy/refpolicy-git/{poky-policy-add-rules-for-var-cache-symlink.patch
 => 0020-policy-module-logging-add-domain-rules-for-the-subdi.patch} (69%)
 rename 
recipes-security/refpolicy/{refpolicy-2.20170204/poky-policy-add-rules-for-tmp-symlink.patch
 => 
refpolicy-git/0021-policy-module-files-add-rules-for-the-symlink-of-tmp.patch} 
(53%)
 rename 
recipes-security/refpolicy/refpolicy-git/{poky-policy-add-rules-for-bsdpty_device_t.patch
 => 0022-policy-module-terminals-add-rules-for-bsdpty_device_.patch} (67%)
 rename 
recipes-security/refpolicy/refpolicy-git/{poky-policy-don-t-audit-tty_device_t.patch
 => 0023-policy-module-terminals-don-t-audit-tty_device_t-in-.patch} (66%)
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0024-policy-module-rpc-allow-nfsd-to-exec-shell-commands.patch
 rename 
recipes-security/refpolicy/refpolicy-git/{poky-policy-fix-nfsd_t-to-mount_nfsd_fs_t.patch
 => 0025-policy-module-rpc-fix-policy-for-nfsserver-to-mount-.patch} (54%)
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0026-policy-module-sysfs-fix-for-new-SELINUXMNT-in-sys.patch
 rename 
recipes-security/refpolicy/refpolicy-git/{poky-policy-allow-sysadm-to-run-rpcinfo.patch
 => 0027-policy-module-rpc-allow-sysadm-to-run-rpcinfo.patch} (70%)
 rename 
recipes-security/refpolicy/refpolicy-git/{poky-policy-fix-seutils-manage-config-files.patch
 => 0028-policy-module-userdomain-fix-selinux-utils-to-manage.patch} (60%)
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0029-policy-module-selinuxutil-fix-setfiles-statvfs-to-ge.patch
 create mode 100644 
recipes-security/refpolicy/refpolicy-git/0030-policy-module-admin-fix-dmesg-to-use-dev-kmsg-as-def.patch
 rename 
recipes-security/refpolicy/refpolicy-git/{ftp-add-ftpd_t-to-mlsfilewrite.patch 
=> 0031-policy-module-ftp-add-ftpd_t-to-mls_file_write_all_l.patch} (74%)
 rename 
recipes-security/refpolicy/{refpolicy-2.20170204/refpolicy-update-for_systemd.patch
 => 
refpolicy-git/0032-policy-module-init-update-for-systemd-related-allow-.patch} 
(52%)
 rename 
recipes-security/refpolicy/{refpolicy-targeted/refpolicy-fix-optional-issue-on-sysadm-module_2.20170204.patch
 => refpolicy-git/0033-refpolicy-minimum-make-sysadmin-module-optional.patch} 
(56%)
 rename 
recipes-security/refpolicy/refpolicy-git/{poky-policy-add-rules-for-var-log-symlink-apache.patch
 => 0034-policy-module-apache-add-rules-for-the-symlink-of-va.patch} (54%)
 delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-fc-clock.patch
 delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-fc-dmesg.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-git/poky-fc-fix-real-path_shadow.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-git/poky-fc-ftpwho-dir.patch
 delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-fc-mta.patch
 delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-fc-nscd.patch
 delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-fc-rpm.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-git/poky-fc-screen.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-git/poky-fc-subs_dist.patch
 delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-fc-udevd.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-git/poky-fc-update-alternatives_bash.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-git/poky-fc-update-alternatives_hostname.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-syslogd_t-symlink.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-audisp_remote_t.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-git/poky-policy-allow-nfsd-to-exec-shell-commands.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-git/poky-policy-allow-setfiles_t-to-read-symlinks.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-git/poky-policy-fix-dmesg-to-use-dev-kmsg.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-git/poky-policy-fix-new-SELINUXMNT-in-sys.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-git/poky-policy-fix-setfiles-statvfs-get-file-count.patch
 rename recipes-security/refpolicy/{refpolicy-mcs_2.20170204.bb => 
refpolicy-mcs_2.20190201.bb} (100%)
 delete mode 100644 
recipes-security/refpolicy/refpolicy-minimum/0006-refpolicy-minimum-systemd-mount-enable-requiried-ref.patch
 rename recipes-security/refpolicy/{refpolicy-minimum_2.20170204.bb => 
refpolicy-minimum_2.20190201.bb} (66%)
 rename recipes-security/refpolicy/{refpolicy-mls_2.20170204.bb => 
refpolicy-mls_2.20190201.bb} (100%)
 rename recipes-security/refpolicy/{refpolicy-standard_2.20170204.bb => 
refpolicy-standard_2.20190201.bb} (100%)
 delete mode 100644 
recipes-security/refpolicy/refpolicy-targeted/refpolicy-remove-duplicate-type_transition.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-targeted/refpolicy-remove-duplicate-type_transition_2.20170204.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-targeted/refpolicy-unconfined_u-default-user.patch
 delete mode 100644 
recipes-security/refpolicy/refpolicy-targeted/refpolicy-unconfined_u-default-user_2.20170204.patch
 delete mode 100644 recipes-security/refpolicy/refpolicy-targeted_2.20170204.bb
 create mode 100644 recipes-security/refpolicy/refpolicy-targeted_2.20190201.bb
 delete mode 100644 recipes-security/refpolicy/refpolicy_2.20170204.inc
 create mode 100644 recipes-security/refpolicy/refpolicy_2.20190201.inc

-- 
-Joe MacDonald.
:wq

Attachment: signature.asc
Description: PGP signature

-- 
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Reply via email to