Toggle navigation
EN
EN
DE
ES
FR
IT
UK
Help
Log In
Help
Log In
EN
EN
DE
ES
FR
IT
UK
Home
Messages
Hashtags
Subgroups
×
×
×
Close
Likes
Yocto
Messages
×
Close
Search
Single
Toggle Dropdown
Messages
Topics
Expanded
previous page
#52534
next page
[meta-selinux][PATCH 0/7] selinux: upgrade refpolicy
Yi Zhao
#52534
Upgrade refpolicy from 20200229+git to 20210203+git
Yi Zhao (7):
selinux-python: depend on libselinux
parted: remove bbappend
audit: move audisp-* to audispd-plugins package
audit: upgrade 3.0 -> 3.0.1
packagegroup-core-selinux: add auditd
initscripts: restore security contexts after running
populate-volatile.sh
refpolicy: upgrade 20200229+git -> 20210203+git
.../initscripts/initscripts-1.0_selinux.inc | 2 +-
recipes-extended/parted/parted_%.bbappend | 1 -
...arm_table.h-update-arm-syscall-table.patch | 49 -----
.../audit/{audit_3.0.bb => audit_3.0.1.bb} | 17 +-
.../packagegroup-core-selinux.bb | 1 +
.../refpolicy/refpolicy-minimum_git.bb | 1 +
.../refpolicy/refpolicy-targeted_git.bb | 2 -
...tile-alias-common-var-volatile-paths.patch | 6 +-
...inimum-make-sysadmin-module-optional.patch | 10 +-
...ed-make-unconfined_u-the-default-sel.patch | 20 +-
...box-set-aliases-for-bin-sbin-and-usr.patch | 6 +-
...efpolicy-minimum-enable-nscd_use_shm.patch | 35 ++++
...y-policy-to-common-yocto-hostname-al.patch | 2 +-
...sr-bin-bash-context-to-bin-bash.bash.patch | 4 +-
...abel-resolv.conf-in-var-run-properly.patch | 6 +-
...-apply-login-context-to-login.shadow.patch | 2 +-
.../0007-fc-bind-fix-real-path-for-bind.patch | 4 +-
...-fc-hwclock-add-hwclock-alternatives.patch | 2 +-
...g-apply-policy-to-dmesg-alternatives.patch | 2 +-
...ssh-apply-policy-to-ssh-alternatives.patch | 2 +-
...work-apply-policy-to-ip-alternatives.patch | 6 +-
...v-apply-policy-to-udevadm-in-libexec.patch | 6 +-
...ply-rpm_exec-policy-to-cpio-binaries.patch | 4 +-
...c-su-apply-policy-to-su-alternatives.patch | 2 +-
...fc-fstools-fix-real-path-for-fstools.patch | 2 +-
...fix-update-alternatives-for-sysvinit.patch | 6 +-
...l-apply-policy-to-brctl-alternatives.patch | 2 +-
...apply-policy-to-nologin-alternatives.patch | 6 +-
...apply-policy-to-sulogin-alternatives.patch | 2 +-
...tp-apply-policy-to-ntpd-alternatives.patch | 2 +-
...pply-policy-to-kerberos-alternatives.patch | 2 +-
...ap-apply-policy-to-ldap-alternatives.patch | 2 +-
...ply-policy-to-postgresql-alternative.patch | 2 +-
...-apply-policy-to-screen-alternatives.patch | 6 +-
...ply-policy-to-usermanage-alternative.patch | 2 +-
...etty-add-file-context-to-start_getty.patch | 2 +-
...file-context-to-etc-network-if-files.patch | 6 +-
...k-apply-policy-to-vlock-alternatives.patch | 2 +-
...ron-apply-policy-to-etc-init.d-crond.patch | 2 +-
...rk-update-file-context-for-ifconfig.patch} | 6 +-
...s_dist-set-aliase-for-root-director.patch} | 6 +-
...stem-logging-add-rules-for-the-syml.patch} | 43 +---
...ystem-logging-add-domain-rules-for-t.patch | 37 ----
...stem-logging-add-rules-for-syslogd-.patch} | 6 +-
...ernel-files-add-rules-for-the-symlin.patch | 24 +--
...ernel-terminal-add-rules-for-bsdpty_.patch | 124 ------------
...ystem-logging-fix-auditd-startup-fai.patch | 64 ++++++
...ernel-terminal-don-t-audit-tty_devic.patch | 4 +-
...ystem-modutils-allow-mod_t-to-access.patch | 67 +++++++
...rvices-avahi-allow-avahi_t-to-watch.patch} | 8 +-
...ystem-getty-allow-getty_t-watch-gett.patch | 42 ----
...ervices-bluetooth-allow-bluetooth_t-.patch | 65 ------
...ystem-getty-allow-getty_t-to-search-.patch | 32 +++
...ervices-bluetooth-fix-bluetoothd-sta.patch | 88 ++++++++
...les-sysadm-allow-sysadm-to-run-rpci.patch} | 6 +-
...rvices-rpc-add-capability-dac_read_.patch} | 6 +-
...rvices-rpcbind-allow-rpcbind_t-to-c.patch} | 24 ++-
...rvices-rngd-fix-security-context-fo.patch} | 29 +--
...ystem-authlogin-allow-chkpwd_t-to-ma.patch | 34 ----
...ervices-ssh-allow-ssh_keygen_t-to-re.patch | 34 ++++
...ystem-udev-allow-udevadm_t-to-search.patch | 34 ----
...rvices-ssh-make-respective-init-scr.patch} | 4 +-
...dev-do-not-audit-udevadm_t-to-read-w.patch | 37 ----
...rnel-terminal-allow-loging-to-reset.patch} | 4 +-
...ervices-rdisc-allow-rdisc_t-to-searc.patch | 34 ----
...ystem-logging-fix-auditd-startup-fai.patch | 52 -----
...stem-selinuxutil-allow-semanage_t-t.patch} | 6 +-
...stem-systemd-enable-support-for-sys.patch} | 10 +-
...ystem-systemd-fix-systemd-resolved-s.patch | 69 +++++++
...ystem-init-add-capability2-bpf-and-p.patch | 37 ++++
...ystem-sysnetwork-allow-ifconfig_t-to.patch | 35 ----
...ystem-systemd-allow-systemd_logind_t.patch | 37 ++++
...ervices-ntp-allow-ntpd_t-to-watch-sy.patch | 55 -----
...ystem-logging-set-label-devlog_t-to-.patch | 86 ++++++++
...-system-systemd-support-systemd-user.patch | 189 ++++++++++++++++++
...ystem-logging-fix-systemd-journald-s.patch | 74 -------
...ystem-systemd-allow-systemd-generato.patch | 69 +++++++
...ystem-systemd-allow-systemd_backligh.patch | 35 ++++
...ystem-logging-fix-systemd-journald-s.patch | 47 +++++
...ystem-systemd-add-capability-mknod-f.patch | 35 ----
...ervices-cron-allow-crond_t-to-search.patch | 34 ++++
...ystem-systemd-systemd-gpt-auto-gener.patch | 35 ----
...ervices-crontab-allow-sysadm_r-to-ru.patch | 46 +++++
...ystem-sysnetwork-support-priviledge-.patch | 120 +++++++++++
...ervices-acpi-allow-acpid-to-watch-th.patch | 35 ++++
...stem-setrans-allow-setrans-to-acces.patch} | 19 +-
...ystem-modutils-allow-kmod_t-to-write.patch | 35 ++++
...les-sysadm-allow-sysadm_t-to-watch-.patch} | 17 +-
...ystem-selinux-allow-setfiles_t-to-re.patch | 44 ++++
...stem-mount-make-mount_t-domain-MLS-.patch} | 6 +-
...les-sysadm-MLS-sysadm-rw-to-clearan.patch} | 4 +-
...rvices-rpc-make-nfsd_t-domain-MLS-t.patch} | 31 +--
...min-dmesg-make-dmesg_t-MLS-trusted-.patch} | 4 +-
...rnel-kernel-make-kernel_t-MLS-trust.patch} | 4 +-
...stem-init-make-init_t-MLS-trusted-f.patch} | 6 +-
...stem-systemd-make-systemd-tmpfiles_.patch} | 6 +-
...stem-logging-add-the-syslogd_t-to-t.patch} | 8 +-
...stem-init-make-init_t-MLS-trusted-f.patch} | 6 +-
...stem-init-all-init_t-to-read-any-le.patch} | 6 +-
...ystem-systemd-systemd-networkd-make-.patch | 36 ----
...stem-logging-allow-auditd_t-to-writ.patch} | 6 +-
...ystem-systemd-systemd-resolved-make-.patch | 40 ----
...rnel-kernel-make-kernel_t-MLS-trust.patch} | 4 +-
...ystem-systemd-make-systemd-modules_t.patch | 36 ----
...stem-systemd-make-systemd-logind-do.patch} | 6 +-
...ystem-systemd-systemd-gpt-auto-gener.patch | 70 -------
...stem-systemd-systemd-user-sessions-.patch} | 6 +-
...ystem-systemd-systemd-make-systemd_-.patch | 162 +++++++++++++++
...rvices-ntp-make-nptd_t-MLS-trusted-.patch} | 6 +-
...ystem-setrans-allow-setrans_t-use-fd.patch | 30 +++
...ervices-acpi-make-acpid_t-domain-MLS.patch | 35 ++++
...rvices-avahi-make-avahi_t-MLS-trust.patch} | 4 +-
...ervices-bluetooth-make-bluetooth_t-d.patch | 36 ++++
...ystem-sysnetwork-make-dhcpc_t-domain.patch | 38 ++++
...ervices-inetd-make-inetd_t-domain-ML.patch | 36 ++++
...ervices-bind-make-named_t-domain-MLS.patch | 38 ++++
...rvices-rpc-make-rpcd_t-MLS-trusted-.patch} | 6 +-
...ystem-systemd-make-_systemd_t-MLS-tr.patch | 42 ++++
.../refpolicy/refpolicy_common.inc | 113 ++++++-----
recipes-security/refpolicy/refpolicy_git.inc | 4 +-
recipes-security/selinux/selinux-python.inc | 2 +-
121 files changed, 1918 insertions(+), 1240 deletions(-)
delete mode 100644 recipes-extended/parted/parted_%.bbappend
delete mode 100644 recipes-security/audit/audit/0001-lib-arm_table.h-update-arm-syscall-table.patch
rename recipes-security/audit/{audit_3.0.bb => audit_3.0.1.bb} (87%)
create mode 100644 recipes-security/refpolicy/refpolicy/0002-refpolicy-minimum-enable-nscd_use_shm.patch
rename recipes-security/refpolicy/refpolicy/{0081-fc-sysnetwork-update-file-context-for-ifconfig.patch => 0030-fc-sysnetwork-update-file-context-for-ifconfig.patch} (89%)
rename recipes-security/refpolicy/refpolicy/{0030-file_contexts.subs_dist-set-aliase-for-root-director.patch => 0031-file_contexts.subs_dist-set-aliase-for-root-director.patch} (87%)
rename recipes-security/refpolicy/refpolicy/{0031-policy-modules-system-logging-add-rules-for-the-syml.patch => 0032-policy-modules-system-logging-add-rules-for-the-syml.patch} (60%)
delete mode 100644 recipes-security/refpolicy/refpolicy/0033-policy-modules-system-logging-add-domain-rules-for-t.patch
rename recipes-security/refpolicy/refpolicy/{0032-policy-modules-system-logging-add-rules-for-syslogd-.patch => 0033-policy-modules-system-logging-add-rules-for-syslogd-.patch} (87%)
delete mode 100644 recipes-security/refpolicy/refpolicy/0035-policy-modules-kernel-terminal-add-rules-for-bsdpty_.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0035-policy-modules-system-logging-fix-auditd-startup-fai.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0037-policy-modules-system-modutils-allow-mod_t-to-access.patch
rename recipes-security/refpolicy/refpolicy/{0037-policy-modules-services-avahi-allow-avahi_t-to-watch.patch => 0038-policy-modules-services-avahi-allow-avahi_t-to-watch.patch} (87%)
delete mode 100644 recipes-security/refpolicy/refpolicy/0038-policy-modules-system-getty-allow-getty_t-watch-gett.patch
delete mode 100644 recipes-security/refpolicy/refpolicy/0039-policy-modules-services-bluetooth-allow-bluetooth_t-.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0039-policy-modules-system-getty-allow-getty_t-to-search-.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0040-policy-modules-services-bluetooth-fix-bluetoothd-sta.patch
rename recipes-security/refpolicy/refpolicy/{0040-policy-modules-roles-sysadm-allow-sysadm-to-run-rpci.patch => 0041-policy-modules-roles-sysadm-allow-sysadm-to-run-rpci.patch} (87%)
rename recipes-security/refpolicy/refpolicy/{0041-policy-modules-services-rpc-add-capability-dac_read_.patch => 0042-policy-modules-services-rpc-add-capability-dac_read_.patch} (88%)
rename recipes-security/refpolicy/refpolicy/{0042-policy-modules-services-rpcbind-allow-rpcbind_t-to-c.patch => 0043-policy-modules-services-rpcbind-allow-rpcbind_t-to-c.patch} (61%)
rename recipes-security/refpolicy/refpolicy/{0043-policy-modules-services-rngd-fix-security-context-fo.patch => 0044-policy-modules-services-rngd-fix-security-context-fo.patch} (66%)
delete mode 100644 recipes-security/refpolicy/refpolicy/0044-policy-modules-system-authlogin-allow-chkpwd_t-to-ma.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0045-policy-modules-services-ssh-allow-ssh_keygen_t-to-re.patch
delete mode 100644 recipes-security/refpolicy/refpolicy/0045-policy-modules-system-udev-allow-udevadm_t-to-search.patch
rename recipes-security/refpolicy/refpolicy/{0049-policy-modules-services-ssh-make-respective-init-scr.patch => 0046-policy-modules-services-ssh-make-respective-init-scr.patch} (89%)
delete mode 100644 recipes-security/refpolicy/refpolicy/0046-policy-modules-udev-do-not-audit-udevadm_t-to-read-w.patch
rename recipes-security/refpolicy/refpolicy/{0050-policy-modules-kernel-terminal-allow-loging-to-reset.patch => 0047-policy-modules-kernel-terminal-allow-loging-to-reset.patch} (90%)
delete mode 100644 recipes-security/refpolicy/refpolicy/0047-policy-modules-services-rdisc-allow-rdisc_t-to-searc.patch
delete mode 100644 recipes-security/refpolicy/refpolicy/0048-policy-modules-system-logging-fix-auditd-startup-fai.patch
rename recipes-security/refpolicy/refpolicy/{0051-policy-modules-system-selinuxutil-allow-semanage_t-t.patch => 0048-policy-modules-system-selinuxutil-allow-semanage_t-t.patch} (84%)
rename recipes-security/refpolicy/refpolicy/{0054-policy-modules-system-systemd-enable-support-for-sys.patch => 0049-policy-modules-system-systemd-enable-support-for-sys.patch} (89%)
create mode 100644 recipes-security/refpolicy/refpolicy/0050-policy-modules-system-systemd-fix-systemd-resolved-s.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0051-policy-modules-system-init-add-capability2-bpf-and-p.patch
delete mode 100644 recipes-security/refpolicy/refpolicy/0052-policy-modules-system-sysnetwork-allow-ifconfig_t-to.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0052-policy-modules-system-systemd-allow-systemd_logind_t.patch
delete mode 100644 recipes-security/refpolicy/refpolicy/0053-policy-modules-services-ntp-allow-ntpd_t-to-watch-sy.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0053-policy-modules-system-logging-set-label-devlog_t-to-.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0054-policy-modules-system-systemd-support-systemd-user.patch
delete mode 100644 recipes-security/refpolicy/refpolicy/0055-policy-modules-system-logging-fix-systemd-journald-s.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0055-policy-modules-system-systemd-allow-systemd-generato.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0056-policy-modules-system-systemd-allow-systemd_backligh.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0057-policy-modules-system-logging-fix-systemd-journald-s.patch
delete mode 100644 recipes-security/refpolicy/refpolicy/0057-policy-modules-system-systemd-add-capability-mknod-f.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0058-policy-modules-services-cron-allow-crond_t-to-search.patch
delete mode 100644 recipes-security/refpolicy/refpolicy/0058-policy-modules-system-systemd-systemd-gpt-auto-gener.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0059-policy-modules-services-crontab-allow-sysadm_r-to-ru.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0060-policy-modules-system-sysnetwork-support-priviledge-.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0061-policy-modules-services-acpi-allow-acpid-to-watch-th.patch
rename recipes-security/refpolicy/refpolicy/{0063-policy-modules-system-setrans-allow-setrans-to-acces.patch => 0062-policy-modules-system-setrans-allow-setrans-to-acces.patch} (71%)
create mode 100644 recipes-security/refpolicy/refpolicy/0063-policy-modules-system-modutils-allow-kmod_t-to-write.patch
rename recipes-security/refpolicy/refpolicy/{0056-policy-modules-roles-sysadm-allow-sysadm_t-to-watch-.patch => 0064-policy-modules-roles-sysadm-allow-sysadm_t-to-watch-.patch} (60%)
create mode 100644 recipes-security/refpolicy/refpolicy/0065-policy-modules-system-selinux-allow-setfiles_t-to-re.patch
rename recipes-security/refpolicy/refpolicy/{0062-policy-modules-system-mount-make-mount_t-domain-MLS-.patch => 0066-policy-modules-system-mount-make-mount_t-domain-MLS-.patch} (85%)
rename recipes-security/refpolicy/refpolicy/{0061-policy-modules-roles-sysadm-MLS-sysadm-rw-to-clearan.patch => 0067-policy-modules-roles-sysadm-MLS-sysadm-rw-to-clearan.patch} (92%)
rename recipes-security/refpolicy/refpolicy/{0059-policy-modules-services-rpc-fix-policy-for-nfsserver.patch => 0068-policy-modules-services-rpc-make-nfsd_t-domain-MLS-t.patch} (61%)
rename recipes-security/refpolicy/refpolicy/{0064-policy-modules-admin-dmesg-make-dmesg_t-MLS-trusted-.patch => 0069-policy-modules-admin-dmesg-make-dmesg_t-MLS-trusted-.patch} (91%)
rename recipes-security/refpolicy/refpolicy/{0065-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch => 0070-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch} (96%)
rename recipes-security/refpolicy/refpolicy/{0066-policy-modules-system-init-make-init_t-MLS-trusted-f.patch => 0071-policy-modules-system-init-make-init_t-MLS-trusted-f.patch} (90%)
rename recipes-security/refpolicy/refpolicy/{0067-policy-modules-system-systemd-make-systemd-tmpfiles_.patch => 0072-policy-modules-system-systemd-make-systemd-tmpfiles_.patch} (92%)
rename recipes-security/refpolicy/refpolicy/{0068-policy-modules-system-logging-add-the-syslogd_t-to-t.patch => 0073-policy-modules-system-logging-add-the-syslogd_t-to-t.patch} (86%)
rename recipes-security/refpolicy/refpolicy/{0069-policy-modules-system-init-make-init_t-MLS-trusted-f.patch => 0074-policy-modules-system-init-make-init_t-MLS-trusted-f.patch} (86%)
rename recipes-security/refpolicy/refpolicy/{0070-policy-modules-system-init-all-init_t-to-read-any-le.patch => 0075-policy-modules-system-init-all-init_t-to-read-any-le.patch} (88%)
delete mode 100644 recipes-security/refpolicy/refpolicy/0075-policy-modules-system-systemd-systemd-networkd-make-.patch
rename recipes-security/refpolicy/refpolicy/{0071-policy-modules-system-logging-allow-auditd_t-to-writ.patch => 0076-policy-modules-system-logging-allow-auditd_t-to-writ.patch} (88%)
delete mode 100644 recipes-security/refpolicy/refpolicy/0076-policy-modules-system-systemd-systemd-resolved-make-.patch
rename recipes-security/refpolicy/refpolicy/{0072-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch => 0077-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch} (90%)
delete mode 100644 recipes-security/refpolicy/refpolicy/0077-policy-modules-system-systemd-make-systemd-modules_t.patch
rename recipes-security/refpolicy/refpolicy/{0073-policy-modules-system-systemd-make-systemd-logind-do.patch => 0078-policy-modules-system-systemd-make-systemd-logind-do.patch} (90%)
delete mode 100644 recipes-security/refpolicy/refpolicy/0078-policy-modules-system-systemd-systemd-gpt-auto-gener.patch
rename recipes-security/refpolicy/refpolicy/{0074-policy-modules-system-systemd-systemd-user-sessions-.patch => 0079-policy-modules-system-systemd-systemd-user-sessions-.patch} (88%)
create mode 100644 recipes-security/refpolicy/refpolicy/0080-policy-modules-system-systemd-systemd-make-systemd_-.patch
rename recipes-security/refpolicy/refpolicy/{0079-policy-modules-services-ntp-make-nptd_t-MLS-trusted-.patch => 0081-policy-modules-services-ntp-make-nptd_t-MLS-trusted-.patch} (89%)
create mode 100644 recipes-security/refpolicy/refpolicy/0082-policy-modules-system-setrans-allow-setrans_t-use-fd.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0083-policy-modules-services-acpi-make-acpid_t-domain-MLS.patch
rename recipes-security/refpolicy/refpolicy/{0080-policy-modules-services-avahi-make-avahi_t-MLS-trust.patch => 0084-policy-modules-services-avahi-make-avahi_t-MLS-trust.patch} (89%)
create mode 100644 recipes-security/refpolicy/refpolicy/0085-policy-modules-services-bluetooth-make-bluetooth_t-d.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0086-policy-modules-system-sysnetwork-make-dhcpc_t-domain.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0087-policy-modules-services-inetd-make-inetd_t-domain-ML.patch
create mode 100644 recipes-security/refpolicy/refpolicy/0088-policy-modules-services-bind-make-named_t-domain-MLS.patch
rename recipes-security/refpolicy/refpolicy/{0060-policy-modules-services-rpc-make-rpcd_t-MLS-trusted-.patch => 0089-policy-modules-services-rpc-make-rpcd_t-MLS-trusted-.patch} (85%)
create mode 100644 recipes-security/refpolicy/refpolicy/0090-policy-modules-system-systemd-make-_systemd_t-MLS-tr.patch
--
2.25.1
More
All Messages By This Member
×
previous page
#52534
next page
Join
yocto@lists.yoctoproject.org to automatically receive all group messages.
×
Close
Report Message
Reason
Report to Moderators
I think this message isn't appropriate for our group. The Group moderators are responsible for maintaining their community and can address these issues.
Report to Yocto Project Support
I think this violates the Terms of Service. This includes: harm to minors, violence or threats, harassment or privacy invasion, impersonation or misrepresentation, fraud or phishing.
Note:
Your email address is included with the abuse report.
×
Close
Verify Delete
Are you sure you wish to delete this message from the message archives of yocto@lists.yoctoproject.org?
This cannot be undone.
×
Close
Verify Repost
Are you sure you wish to repost this message?
More Options
More
Home
Hashtags
Subgroups
Terms
Toggle navigation
Terms
©
2023
Groups.io
