Re: [yocto] [PATCH][meta-selinux] policycoreutils: enable mcstransd
Ping ... On 01/26/2015 03:38 PM, rongqing...@windriver.com wrote: From: Roy Li rongqing...@windriver.com mcstransd is a daemon to translate SELinux MCS/MLS sensitivity labels, policycoreutils includes mcstransd whose version is newer than that from http://mcstrans.sourcearchive.com/ Signed-off-by: Roy Li rongqing...@windriver.com --- recipes-security/selinux/policycoreutils.inc | 82 -- .../0001-mcstrans-fix-the-init-script.patch| 27 +++ .../selinux/policycoreutils/enable-mcstrans.patch | 17 + recipes-security/selinux/policycoreutils_2.3.bb| 2 + recipes-security/selinux/policycoreutils_git.bb| 2 + 5 files changed, 126 insertions(+), 4 deletions(-) create mode 100644 recipes-security/selinux/policycoreutils/0001-mcstrans-fix-the-init-script.patch create mode 100644 recipes-security/selinux/policycoreutils/enable-mcstrans.patch diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc index 44a5861..fa0b601 100644 --- a/recipes-security/selinux/policycoreutils.inc +++ b/recipes-security/selinux/policycoreutils.inc @@ -13,11 +13,14 @@ PAM_SRC_URI = file://pam.d/newrole \ file://pam.d/run_init \ -DEPENDS += libsepol libselinux libsemanage +DEPENDS += libsepol libselinux libsemanage libcap EXTRA_DEPENDS = libcap-ng libcgroup setools DEPENDS += ${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']} -inherit selinux +inherit selinux systemd pythonnative update-rc.d + +PROVIDES += mcstrans + DEPENDS += ${@target_selinux(d, 'libpam audit')} RDEPENDS_${BPN}-audit2allow = \ @@ -113,7 +116,6 @@ RDEPENDS_${BPN} += setools setools-libs ${BPN}-python WARN_QA := ${@oe_filter_out('unsafe-references-in-scripts', '${WARN_QA}', d)} ERROR_QA := ${@oe_filter_out('unsafe-references-in-scripts', '${ERROR_QA}', d)} -inherit pythonnative PACKAGES =+ \ ${PN}-audit2allow \ @@ -137,8 +139,31 @@ PACKAGES =+ \ ${PN}-sestatus \ ${PN}-setfiles \ ${PN}-setsebool \ + mcstrans \ + mcstrans-doc \ system-config-selinux \ +PKGV_mcstrans = 0.3.2 +PKGV_mcstrans-doc = 0.3.2 +SUMMARY_mcstrans = Daemon to translate SELinux MCS/MLS sensitivity labels +DESCRIPTION_mcstrans = \ +Security-enhanced Linux is a feature of the Linux kernel and a number \ +of utilities with enhanced security functionality designed to add \ +mandatory access controls to Linux. The Security-enhanced Linux \ +kernel contains new architectural components originally developed to \ +improve the security of the Flask operating system. These \ +architectural components provide general support for the enforcement \ +of many kinds of mandatory access control policies, including those \ +based on the concepts of Type EnforcementĀ®, Role-based Access \ +Control, and Multi-level Security. \ + \ +mcstrans provides an translation daemon to translate SELinux categories \ +from internal representations to user defined representation. \ + +SUMMARY_mcstrans-doc = ${SUMMARY_mcstrans} man pages and examples +DESCRIPTION_mcstrans-doc = ${DESCRIPTION_mcstrans} \ +This package contains man pages and examples. \ + FILES_${PN}-audit2allow = \ ${bindir}/audit2allow \ ${bindir}/audit2why \ @@ -208,6 +233,23 @@ FILES_${PN}-setsebool += \ ${sbindir}/setsebool \ ${datadir}/bash-completion/completions/setsebool \ +FILES_mcstrans = \ + ${base_sbindir}/mcstransd \ + ${sbindir}/untranscon \ + ${sbindir}/transcon \ + ${sysconfdir}/init.d/mcstrans \ + ${systemd_unitdir}/system/mcstrans.service \ + ${sysconfdir}/default/volatiles/volatiles.80_mcstrans \ + ${sysconfdir}/tmpfiles.d/setrans.conf \ + + +FILES_mcstrans-doc = \ +/usr/share/man/man8/mcstransd.8 \ +/usr/share/man/man8/mcs.8 \ +/usr/share/man/man8/setrans.conf.8 \ +${datadir}/mcstrans \ + + FILES_system-config-selinux = \ ${bindir}/sepolgen \ ${datadir}/system-config-selinux/* \ @@ -248,7 +290,24 @@ do_compile_prepend() { do_install_prepend() { export PYTHON=python - export SEMODULE_PATH=${sbindir} + export SEMODULE_PATH=${sbindir} SYSTEMDDIR=${D}/${systemd_unitdir} +} + +do_install_append_class-target() { + install -m 755 mcstrans/utils/untranscon ${D}${sbindir}/ + install -m 755 mcstrans/utils/transcon ${D}${sbindir}/ + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d + echo d ${localstatedir}/run/setrans - - - - \ +${D}${sysconfdir}/tmpfiles.d/setrans.conf + else + install -d ${D}${sysconfdir}/default/volatiles + echo d root root 0755 /var/run/setrans none \ +
[yocto] [PATCH][meta-selinux] policycoreutils: enable mcstransd
From: Roy Li rongqing...@windriver.com mcstransd is a daemon to translate SELinux MCS/MLS sensitivity labels, policycoreutils includes mcstransd whose version is newer than that from http://mcstrans.sourcearchive.com/ Signed-off-by: Roy Li rongqing...@windriver.com --- recipes-security/selinux/policycoreutils.inc | 82 -- .../0001-mcstrans-fix-the-init-script.patch| 27 +++ .../selinux/policycoreutils/enable-mcstrans.patch | 17 + recipes-security/selinux/policycoreutils_2.3.bb| 2 + recipes-security/selinux/policycoreutils_git.bb| 2 + 5 files changed, 126 insertions(+), 4 deletions(-) create mode 100644 recipes-security/selinux/policycoreutils/0001-mcstrans-fix-the-init-script.patch create mode 100644 recipes-security/selinux/policycoreutils/enable-mcstrans.patch diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc index 44a5861..fa0b601 100644 --- a/recipes-security/selinux/policycoreutils.inc +++ b/recipes-security/selinux/policycoreutils.inc @@ -13,11 +13,14 @@ PAM_SRC_URI = file://pam.d/newrole \ file://pam.d/run_init \ -DEPENDS += libsepol libselinux libsemanage +DEPENDS += libsepol libselinux libsemanage libcap EXTRA_DEPENDS = libcap-ng libcgroup setools DEPENDS += ${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']} -inherit selinux +inherit selinux systemd pythonnative update-rc.d + +PROVIDES += mcstrans + DEPENDS += ${@target_selinux(d, 'libpam audit')} RDEPENDS_${BPN}-audit2allow = \ @@ -113,7 +116,6 @@ RDEPENDS_${BPN} += setools setools-libs ${BPN}-python WARN_QA := ${@oe_filter_out('unsafe-references-in-scripts', '${WARN_QA}', d)} ERROR_QA := ${@oe_filter_out('unsafe-references-in-scripts', '${ERROR_QA}', d)} -inherit pythonnative PACKAGES =+ \ ${PN}-audit2allow \ @@ -137,8 +139,31 @@ PACKAGES =+ \ ${PN}-sestatus \ ${PN}-setfiles \ ${PN}-setsebool \ + mcstrans \ + mcstrans-doc \ system-config-selinux \ +PKGV_mcstrans = 0.3.2 +PKGV_mcstrans-doc = 0.3.2 +SUMMARY_mcstrans = Daemon to translate SELinux MCS/MLS sensitivity labels +DESCRIPTION_mcstrans = \ +Security-enhanced Linux is a feature of the Linux kernel and a number \ +of utilities with enhanced security functionality designed to add \ +mandatory access controls to Linux. The Security-enhanced Linux \ +kernel contains new architectural components originally developed to \ +improve the security of the Flask operating system. These \ +architectural components provide general support for the enforcement \ +of many kinds of mandatory access control policies, including those \ +based on the concepts of Type EnforcementĀ®, Role-based Access \ +Control, and Multi-level Security. \ + \ +mcstrans provides an translation daemon to translate SELinux categories \ +from internal representations to user defined representation. \ + +SUMMARY_mcstrans-doc = ${SUMMARY_mcstrans} man pages and examples +DESCRIPTION_mcstrans-doc = ${DESCRIPTION_mcstrans} \ +This package contains man pages and examples. \ + FILES_${PN}-audit2allow = \ ${bindir}/audit2allow \ ${bindir}/audit2why \ @@ -208,6 +233,23 @@ FILES_${PN}-setsebool += \ ${sbindir}/setsebool \ ${datadir}/bash-completion/completions/setsebool \ +FILES_mcstrans = \ + ${base_sbindir}/mcstransd \ + ${sbindir}/untranscon \ + ${sbindir}/transcon \ + ${sysconfdir}/init.d/mcstrans \ + ${systemd_unitdir}/system/mcstrans.service \ + ${sysconfdir}/default/volatiles/volatiles.80_mcstrans \ + ${sysconfdir}/tmpfiles.d/setrans.conf \ + + +FILES_mcstrans-doc = \ +/usr/share/man/man8/mcstransd.8 \ +/usr/share/man/man8/mcs.8 \ +/usr/share/man/man8/setrans.conf.8 \ +${datadir}/mcstrans \ + + FILES_system-config-selinux = \ ${bindir}/sepolgen \ ${datadir}/system-config-selinux/* \ @@ -248,7 +290,24 @@ do_compile_prepend() { do_install_prepend() { export PYTHON=python - export SEMODULE_PATH=${sbindir} + export SEMODULE_PATH=${sbindir} SYSTEMDDIR=${D}/${systemd_unitdir} +} + +do_install_append_class-target() { + install -m 755 mcstrans/utils/untranscon ${D}${sbindir}/ + install -m 755 mcstrans/utils/transcon ${D}${sbindir}/ + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d + echo d ${localstatedir}/run/setrans - - - - \ +${D}${sysconfdir}/tmpfiles.d/setrans.conf + else + install -d ${D}${sysconfdir}/default/volatiles + echo d root root 0755 /var/run/setrans none \ + ${D}${sysconfdir}/default/volatiles/volatiles.80_mcstrans + fi + install -d ${D}${datadir}/mcstrans +