From: Ming Liu <liu.ming50@...> /etc/ima-policy > /etc/ima/ima-policy. Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Armin Kuster <akuster808@...> --- .../recipes-core/initrdscripts/initramf

From: Ming Liu <liu.ming50@...> Create a recipe to package IMA/EMV public keys. Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Armin Kuster <akuster808@...> --- .../ima-evm-keys/ima-evm-keys_

From: Ming Liu <liu.ming50@...> Or else wic will fail without "--no-fstab-update" option. Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Armin Kuster <akuster808@...> --- meta-integrity/class

From: Ming Liu <liu.ming50@...> 'ima' does not have to be in native DISTRO_FEATURES, unset it to avoid sanity check for ima-evm-utils-native. Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Ar

From: Ming Liu <liu.ming50@...> The current logic in ima-evm-rootfs.bbclass does not guarantee ima_evm_sign_rootfs is the last function in IMAGE_PREPROCESS_COMMAND by appending to it, for instance, if

Current Dev Position: YP 3.3 Feature Freeze Next Deadline: 1st March 2021 YP 3.3 M3 build Next Team Meetings: Bug Triage meeting Thursday Mar. 4th at 7:30am PDT (https://zoom.us/j/454367603?pwd=ZGxoa2

From: Ming Liu <liu.ming50@...> Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Armin Kuster <akuster808@...> --- meta-integrity/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(

From: Ming Liu <liu.ming50@...> Otherwise, ima script would not run as intended. Signed-off-by: Ming Liu <liu.ming50@...> Signed-off-by: Armin Kuster <akuster808@...> --- .../recipes-core/initrdscript

From: Ming Liu <liu.ming50@...> This fixes following systemd boot issues: [ 7.455580] systemd[1]: Failed to create /init.scope control group: Pe= rmission denied [ 7.457677] systemd[1]: Failed to allo

* Update to latest git rev. * Drop obsolete and unused patches. * Rebase patches. * Add patches to make systemd --user work. Signed-off-by: Yi Zhao <yi.zhao@...> --- .../refpolicy/refpolicy-minimum_gi

Some directories are created by populate-volatile.sh. We need to restore their security contexts. Before the patch: $ ls -dZ /tmp /var/tmp /var/lock /var/run system_u:object_r:root_t /tmp system_u:obj

Install auditd which will help the users debug and eliminate the audit logs on screen. Signed-off-by: Yi Zhao <yi.zhao@...> --- recipes-security/packagegroups/packagegroup-core-selinux.bb | 1 + 1 file

Drop backported patch: 0001-lib-arm_table.h-update-arm-syscall-table.patch Signed-off-by: Yi Zhao <yi.zhao@...> --- ...arm_table.h-update-arm-syscall-table.patch | 49 ------------------- .../audit/{au

The audisp-* files should be in audispd-plugins package rather than auditd package. Signed-off-by: Yi Zhao <yi.zhao@...> --- recipes-security/audit/audit_3.0.bb | 14 ++++++++++---- 1 file changed, 10

Remove bbappend since parted 3.4 has removed the enable_selinux configure option[1]. Fixes: QA Issue: parted: configure was passed unrecognised options: --enable-selinux [unknown-configure-option] [1]

Fix build error when selinux feature is not enabled: sepolgen-ifgen-attr-helper.c:29:10: fatal error: selinux/selinux.h: No such file or directory 29 | #include <selinux/selinux.h> | ^~~~~~~~~~~~~~~~~

Upgrade refpolicy from 20200229+git to 20210203+git Yi Zhao (7): selinux-python: depend on libselinux parted: remove bbappend audit: move audisp-* to audispd-plugins package audit: upgrade 3.0 -> 3.0.

Hello, I was wondering if the meta-raspberrypi layer has official support for the cm4 module? I see a commit adding the .dtb files for the cm4 and 400 in the master branch. http://git.yoctoproject.org

Hi I am new to yoctoproject and have a system with intel architecture and embedded OS based on windows 8.1 installed. But now I want to make a dual boot system with yocto. I have around 100 GB free sp

All, Just a reminder we will hold the monthly Yocto Project Technical Meeting at 8am PST tomorrow. (3/2) Yocto Project Technical Team Meeting: We encourage people attending the meeting to logon and an