libsemanage no longer has the !BR2_arc dependency, so we can drop it
as well from policycoreutils. In practice, we still can't select
policycoreutils on ARC due to BR2_PACKAGE_AUDIT_ARCH_SUPPORTS.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Now that libsemanage is available on non-glibc configurations, we can
also allow the selection of policycoreutils for such configurations.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
DESTDIR was needed before upstream commit
6b901a4fb80cc61c46f75144b5bb366b8da38e82 ("policycoreutils: build:
follow standard semantics for DESTDIR and PREFIX"), but now the proper
semantic is used for DESTDIR and PREFIX.
However, in addition to the PREFIX that is already passed, we also
need to pass ETCDIR and SBINDIR, which are not defined in terms of
PREFIX.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The ARCH variable is no longer referenced by the policycoreutils build
system since upstream commit 4cc808671a18b5405be5707eefedd78b9c693268
("Move policycoreutils/mcstrans to mcstrans.")
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
There is no reason for host-policycoreutils to depend on host-setools,
it builds/works fine without it.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Since SELinux 2.7, the python tools that used to be in policycoreutils
have been moved into a separate package, called "python" in upstream
SELinux, and "selinux-python" in Buildroot. Therefore, we can drop the
host-python(3) dependency from host-policycoreutils.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Since SELinux 2.7, restorecond has been moved to a separate package
from policycoreutils. Due to this, host-dbus-glib is no longer needed
to build host-policycoreutils.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Globally change Adam Duskett's email address to aduskett@gmail.com.
Note that one or two of the patches may have been applied upstream with
the old email address, but in that case those patches will anyway be
removed when bumping.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Update first and second patch
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Policycoreutils was broken up into several packages, as such several
changes needed to happen for this patch to work:
- Remove patches 3, 4, and 5 as they no longer apply.
- Refresh patches 1 and 2 to work with version 2.7
- Remove semodule_${deps,expand,link,package} and sestatus from the makedirs
in the mk file.
- Remove restorecond from the make and config file. (Seperate package)
- Remove Audit2allow from the make and config file. (In a different package)
- Remove the package sepolgen
- Add the package selinux-python
- Add the package restorecond
- Add the package semodule-utils
- Add the relevant Config.in.legacy options into the menu.
Because these are utilities that work on top of python, the older versions of
these utilites still work, and as such this should be a single patch.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
policycoreutils has a pretty peculiar interpretation of DESTDIR and
PREFIX. PREFIX is not consistently used: some installation paths and
include paths are forced to $(DESTDIR)/usr/... . In other cases,
PREFIX is indeed used. PREFIX defaults to $(DESTDIR)/usr
Try to be a little bit more correct by passing both DESTDIR and PREFIX,
both set to $(HOST_DIR). This is not a complete fix: some things are
still installed in $(HOST_DIR)/usr - but nothing we care about (just
manpages, systemd services, ...). More importantly, however, it still
looks for e.g. D-Bus in $(DESTDIR)/usr/include/dbus-1.0.
Still, it's better than nothing.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since things are no longer installed in $(HOST_DIR)/usr, the callers
should also not refer to it.
This is a mechanical change with
git grep -l '$(HOST_DIR)/usr/bin' | xargs sed -i 's%$(HOST_DIR)/usr/bin%$(HOST_DIR)/bin%g'
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This python utility scans the logs for messages logged when the system
denied permission for operations, and generates a snippet of policy
rules which, if loaded into policy, might have allowed those operations
to succeed. However, this utility only generates Type Enforcement (TE)
allow rules.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Thomas: adjust Config.in to propagate the dependencies of sepolgen,
checkpolicy and python3.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We want to use SPDX identifier for license strings as much as possible.
SPDX short identifier for GPLv2/GPLv2+ is GPL-2.0/GPL-2.0+.
This change is done by using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv2\>/GPL-2.0/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Updated to match Config.in select of libglib2
package as dependency if restorecon is enabled.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This package contains the core policy utilities that are required
for basic operation of an SELinux system.
Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Niranjan Reddy <niranjan.reddy@rockwellcollins.com>
Tested-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com>
Signed-off-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com>
[Thomas:
- Move the Config.in comment at the top of the Config.in file rather
than between the main option and its sub-options, as this breaks
menuconfig indentation.
- Fix the propagation of the libsemanage dependencies. libsemanage
depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS and
BR2_TOOLCHAIN_USES_GLIBC which were not accounted for. Since it
depends on BR2_TOOLCHAIN_USES_GLIBC, then all the gettext related
handling becomes useless and has been removed.
- Rename the prompt of the restorecond sub-option to just
"restorecond".
- Use TARGET_CONFIGURE_OPTS and HOST_CONFIGURE_OPTS instead of
passing LDFLAGS, CC, etc. manually.
- Use make "foreach" function for loops instead of shell "for" loops.
- Rework the explanation of why we're passing DESTDIR at build time.
- Minor formatting tweaks here and there.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
