subject:"Bug#767760\: busybox\: Please build selinux support"

Bug#767760: busybox: Please build selinux support

2019-05-18 Thread Laurent Bigonville

Package: busybox
Followup-For: Bug #767760

Hi,

Please find attached here a new patch for this bug.

It's not enabling SELinux support in the udeb and it's not adding new
applets.

Kind regards,

Laurent Bigonville

-- System Information:
Debian Release: 10.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_BE:fr (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages busybox depends on:
ii  libc6  2.28-10

busybox recommends no packages.

busybox suggests no packages.

-- no debconf information
diff -Nru busybox-1.30.1/debian/config/os/hurd 
busybox-1.30.1/debian/config/os/hurd
--- busybox-1.30.1/debian/config/os/hurd2019-03-02 08:57:49.0 
+0100
+++ busybox-1.30.1/debian/config/os/hurd2019-05-06 16:49:16.0 
+0200
@@ -7,3 +7,4 @@
 CONFIG_TASKSET=n
 # hurd does not have a working equivalent of /proc/self/exe
 CONFIG_BUSYBOX_EXEC_PATH="/bin/busybox"
+CONFIG_SELINUX=n
diff -Nru busybox-1.30.1/debian/config/os/kfreebsd 
busybox-1.30.1/debian/config/os/kfreebsd
--- busybox-1.30.1/debian/config/os/kfreebsd2019-03-02 08:57:49.0 
+0100
+++ busybox-1.30.1/debian/config/os/kfreebsd2019-05-06 16:49:16.0 
+0200
@@ -3,3 +3,4 @@
 CONFIG_SWAPONOFF=y
 CONFIG_TASKSET=n
 CONFIG_FEATURE_MOUNT_NFS=n
+CONFIG_SELINUX=n
diff -Nru busybox-1.30.1/debian/config/pkg/deb 
busybox-1.30.1/debian/config/pkg/deb
--- busybox-1.30.1/debian/config/pkg/deb2019-04-01 07:17:50.0 
+0200
+++ busybox-1.30.1/debian/config/pkg/deb2019-05-06 16:49:16.0 
+0200
@@ -31,7 +31,7 @@
 CONFIG_FEATURE_SUID_CONFIG_QUIET=y
 # CONFIG_FEATURE_PREFER_APPLETS is not set
 CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe"
-# CONFIG_SELINUX is not set
+CONFIG_SELINUX=y
 # CONFIG_FEATURE_CLEAN_UP is not set
 CONFIG_FEATURE_SYSLOG=y
 CONFIG_PLATFORM_LINUX=y
@@ -1070,6 +1070,10 @@
 CONFIG_SVC=y
 CONFIG_SVOK=y
 # CONFIG_SVLOGD is not set
+
+#
+# SELinux Utilities
+#
 # CONFIG_CHCON is not set
 # CONFIG_GETENFORCE is not set
 # CONFIG_GETSEBOOL is not set
diff -Nru busybox-1.30.1/debian/config/pkg/static 
busybox-1.30.1/debian/config/pkg/static
--- busybox-1.30.1/debian/config/pkg/static 2019-04-01 07:17:50.0 
+0200
+++ busybox-1.30.1/debian/config/pkg/static 2019-05-06 16:49:16.0 
+0200
@@ -31,7 +31,7 @@
 CONFIG_FEATURE_SUID_CONFIG_QUIET=y
 CONFIG_FEATURE_PREFER_APPLETS=y
 CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe"
-# CONFIG_SELINUX is not set
+CONFIG_SELINUX=y
 # CONFIG_FEATURE_CLEAN_UP is not set
 CONFIG_FEATURE_SYSLOG=y
 CONFIG_PLATFORM_LINUX=y
@@ -1070,6 +1070,10 @@
 CONFIG_SVC=y
 CONFIG_SVOK=y
 # CONFIG_SVLOGD is not set
+
+#
+# SELinux Utilities
+#
 # CONFIG_CHCON is not set
 # CONFIG_GETENFORCE is not set
 # CONFIG_GETSEBOOL is not set
diff -Nru busybox-1.30.1/debian/control busybox-1.30.1/debian/control
--- busybox-1.30.1/debian/control   2019-03-30 15:00:23.0 +0100
+++ busybox-1.30.1/debian/control   2019-05-06 16:49:16.0 +0200
@@ -5,7 +5,7 @@
 Uploaders:
  Chris Boot ,
  Christoph Biedl ,
-Build-Depends: debhelper (>= 11~), zip
+Build-Depends: debhelper (>= 11~), zip, libselinux1-dev [linux-any], 
pkg-config [linux-any]
 Standards-Version: 4.1.5
 Vcs-Git: https://salsa.debian.org/installer-team/busybox.git
 Vcs-Browser: https://salsa.debian.org/installer-team/busybox

Bug#767760: busybox: Please build selinux support

2015-08-13 Thread Laurent Bigonville

Package: busybox
Followup-For: Bug #767760

Hi,

Please find here a patch to add SELinux support.

The patch is not disabling SELinux on !linux architectures, that should
be fixed before being pushed, but I'm not too sure how to do that with
the build system here.

Cheers,

Laurent Bigonville

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.1.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages busybox depends on:
ii  libc62.19-19
ii  libselinux1  2.3-2+b1
ii  libsepol12.4-1

busybox recommends no packages.

busybox suggests no packages.

-- no debconf information
diff -Nru busybox-1.22.0/debian/config/pkg/deb busybox-1.22.0/debian/config/pkg/deb
--- busybox-1.22.0/debian/config/pkg/deb	2014-03-01 11:41:03.0 +0100
+++ busybox-1.22.0/debian/config/pkg/deb	2015-08-06 01:46:50.0 +0200
@@ -46,7 +46,7 @@
 CONFIG_FEATURE_SUID=y
 CONFIG_FEATURE_SUID_CONFIG=y
 CONFIG_FEATURE_SUID_CONFIG_QUIET=y
-# CONFIG_SELINUX is not set
+CONFIG_SELINUX=y
 CONFIG_FEATURE_PREFER_APPLETS=y
 CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe"
 CONFIG_FEATURE_SYSLOG=y
@@ -168,7 +168,7 @@
 CONFIG_FEATURE_TAR_TO_COMMAND=y
 CONFIG_FEATURE_TAR_UNAME_GNAME=y
 CONFIG_FEATURE_TAR_NOPRESERVE_TIME=y
-# CONFIG_FEATURE_TAR_SELINUX is not set
+CONFIG_FEATURE_TAR_SELINUX=y
 CONFIG_UNZIP=y
 
 #
@@ -951,21 +951,25 @@
 # CONFIG_ENVUIDGID is not set
 # CONFIG_ENVDIR is not set
 # CONFIG_SOFTLIMIT is not set
-# CONFIG_CHCON is not set
-# CONFIG_FEATURE_CHCON_LONG_OPTIONS is not set
-# CONFIG_GETENFORCE is not set
-# CONFIG_GETSEBOOL is not set
-# CONFIG_LOAD_POLICY is not set
-# CONFIG_MATCHPATHCON is not set
-# CONFIG_RESTORECON is not set
-# CONFIG_RUNCON is not set
-# CONFIG_FEATURE_RUNCON_LONG_OPTIONS is not set
-# CONFIG_SELINUXENABLED is not set
-# CONFIG_SETENFORCE is not set
-# CONFIG_SETFILES is not set
-# CONFIG_FEATURE_SETFILES_CHECK_OPTION is not set
-# CONFIG_SETSEBOOL is not set
-# CONFIG_SESTATUS is not set
+
+#
+# SELinux Utilities
+#
+CONFIG_CHCON=y
+CONFIG_FEATURE_CHCON_LONG_OPTIONS=y
+CONFIG_GETENFORCE=y
+CONFIG_GETSEBOOL=y
+CONFIG_LOAD_POLICY=y
+CONFIG_MATCHPATHCON=y
+CONFIG_RESTORECON=y
+CONFIG_RUNCON=y
+CONFIG_FEATURE_RUNCON_LONG_OPTIONS=y
+CONFIG_SELINUXENABLED=y
+CONFIG_SETENFORCE=y
+CONFIG_SETFILES=y
+CONFIG_FEATURE_SETFILES_CHECK_OPTION=y
+CONFIG_SETSEBOOL=y
+CONFIG_SESTATUS=y
 
 #
 # Shells
diff -Nru busybox-1.22.0/debian/config/pkg/static busybox-1.22.0/debian/config/pkg/static
--- busybox-1.22.0/debian/config/pkg/static	2014-03-01 11:41:03.0 +0100
+++ busybox-1.22.0/debian/config/pkg/static	2015-08-06 01:46:59.0 +0200
@@ -46,7 +46,7 @@
 CONFIG_FEATURE_SUID=y
 CONFIG_FEATURE_SUID_CONFIG=y
 CONFIG_FEATURE_SUID_CONFIG_QUIET=y
-# CONFIG_SELINUX is not set
+CONFIG_SELINUX=y
 CONFIG_FEATURE_PREFER_APPLETS=y
 CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe"
 CONFIG_FEATURE_SYSLOG=y
@@ -168,7 +168,7 @@
 CONFIG_FEATURE_TAR_TO_COMMAND=y
 CONFIG_FEATURE_TAR_UNAME_GNAME=y
 CONFIG_FEATURE_TAR_NOPRESERVE_TIME=y
-# CONFIG_FEATURE_TAR_SELINUX is not set
+CONFIG_FEATURE_TAR_SELINUX=y
 CONFIG_UNZIP=y
 
 #
@@ -951,21 +951,25 @@
 # CONFIG_ENVUIDGID is not set
 # CONFIG_ENVDIR is not set
 # CONFIG_SOFTLIMIT is not set
-# CONFIG_CHCON is not set
-# CONFIG_FEATURE_CHCON_LONG_OPTIONS is not set
-# CONFIG_GETENFORCE is not set
-# CONFIG_GETSEBOOL is not set
-# CONFIG_LOAD_POLICY is not set
-# CONFIG_MATCHPATHCON is not set
-# CONFIG_RESTORECON is not set
-# CONFIG_RUNCON is not set
-# CONFIG_FEATURE_RUNCON_LONG_OPTIONS is not set
-# CONFIG_SELINUXENABLED is not set
-# CONFIG_SETENFORCE is not set
-# CONFIG_SETFILES is not set
-# CONFIG_FEATURE_SETFILES_CHECK_OPTION is not set
-# CONFIG_SETSEBOOL is not set
-# CONFIG_SESTATUS is not set
+
+#
+# SELinux Utilities
+#
+CONFIG_CHCON=y
+CONFIG_FEATURE_CHCON_LONG_OPTIONS=y
+CONFIG_GETENFORCE=y
+CONFIG_GETSEBOOL=y
+CONFIG_LOAD_POLICY=y
+CONFIG_MATCHPATHCON=y
+CONFIG_RESTORECON=y
+CONFIG_RUNCON=y
+CONFIG_FEATURE_RUNCON_LONG_OPTIONS=y
+CONFIG_SELINUXENABLED=y
+CONFIG_SETENFORCE=y
+CONFIG_SETFILES=y
+CONFIG_FEATURE_SETFILES_CHECK_OPTION=y
+CONFIG_SETSEBOOL=y
+CONFIG_SESTATUS=y
 
 #
 # Shells
diff -Nru busybox-1.22.0/debian/control busybox-1.22.0/debian/control
--- busybox-1.22.0/debian/control	2015-03-04 16:12:02.0 +0100
+++ busybox-1.22.0/debian/control	2015-08-13 20:07:47.0 +0200
@@ -9,6 +9,7 @@
 # glibc static-nss #754813, 2.19..2.19-11, -12 is ok. Depend on libc-dev-bin
 # as it is the package which is named the same on all architectures
  libc-dev-bin (>> 2.19-12~) | libc-dev-bin (<< 2.19),
+ libselinux1-dev [linux-any]
 Standards-Version: 3.9.5
 Vcs-Git: git://anonscm.debian.org/d-i/busybox.git
 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=d-i/busybox.git
diff -Nru busybo

Bug#767760: busybox: Please build selinux support

2017-06-23 Thread Laurent Bigonville


Le 04/02/17 à 02:53, Cyril Brulebois a écrit :

Hi,

Laurent Bigonville  (2016-12-09):

On Thu, 13 Aug 2015 20:31:30 +0200 Laurent Bigonville 

Please find here a patch to add SELinux support.

The patch is not disabling SELinux on !linux architectures, that
should be fixed before being pushed, but I'm not too sure how to do
that with the build system here.

Any feedback from my patch?

None besides “we need a busybox maintainer”, unfortunately.


:/




In the meantime, libselinux is now building a udeb, so I guess SELinux
support could also be enabled in the udeb build of busybox

I'm not sure I understand why we would need SELinux within d-i.


That would allow installing debian with selinux installed by default 
(well even if this is a long term goal and the current policy is 
probably not ready for this)

Bug#767760: busybox: Please build selinux support

2017-06-23 Thread Cyril Brulebois

Laurent Bigonville  (2017-06-23):
> Le 04/02/17 à 02:53, Cyril Brulebois a écrit :
> >None besides “we need a busybox maintainer”, unfortunately.
> 
> :/

(This is still true, btw.)

> >>In the meantime, libselinux is now building a udeb, so I guess
> >>SELinux support could also be enabled in the udeb build of busybox
> >I'm not sure I understand why we would need SELinux within d-i.
> 
> That would allow installing debian with selinux installed by default
> (well even if this is a long term goal and the current policy is
> probably not ready for this)

I don't think I've seen explanations as to why we would need support
within the installer. Isn't it sufficient to call the appropriate
commands within /target (i.e. in the being-installed system), as opposed
to running them from a d-i context (outside /target)?


KiBi.


signature.asc
Description: Digital signature

Bug#767760: busybox: Please build selinux support

2016-12-09 Thread Laurent Bigonville

On Thu, 13 Aug 2015 20:31:30 +0200 Laurent Bigonville  
wrote:

> Hi,
>
> Please find here a patch to add SELinux support.
>
> The patch is not disabling SELinux on !linux architectures, that should
> be fixed before being pushed, but I'm not too sure how to do that with
> the build system here.

Any feedback from my patch?

In the meantime, libselinux is now building a udeb, so I guess SELinux 
support could also be enabled in the udeb build of busybox

Bug#767760: busybox: Please build selinux support

2017-02-03 Thread Cyril Brulebois

Hi,

Laurent Bigonville  (2016-12-09):
> On Thu, 13 Aug 2015 20:31:30 +0200 Laurent Bigonville 
> > Please find here a patch to add SELinux support.
> >
> > The patch is not disabling SELinux on !linux architectures, that
> > should be fixed before being pushed, but I'm not too sure how to do
> > that with the build system here.
> 
> Any feedback from my patch?

None besides “we need a busybox maintainer”, unfortunately.

> In the meantime, libselinux is now building a udeb, so I guess SELinux
> support could also be enabled in the udeb build of busybox

I'm not sure I understand why we would need SELinux within d-i.


KiBi.


signature.asc
Description: Digital signature

Bug#767760: busybox: Please build selinux support

2014-11-02 Thread Laurent Bigonville

Package: busybox
Version: 1:1.22.0-9
Severity: wishlist
User: selinux-de...@lists.alioth.debian.org
Usertags: selinux selinux-aware

Hello,

Could you please start building selinux support in busybox.

It adds selinux support to existing "binaries" (like id,..) and create
new ones like restorecon or sestatus.

The support should only be enabled on linux architecture and on the
regular package (not the udeb as selinux is not providing a udeb ATM)

Cheers,

Laurent Bigonville

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#767760: busybox: Please build selinux support

Bug#767760: busybox: Please build selinux support

Bug#767760: busybox: Please build selinux support

Bug#767760: busybox: Please build selinux support

Bug#767760: busybox: Please build selinux support

Bug#767760: busybox: Please build selinux support

Bug#767760: busybox: Please build selinux support

7 matches

Site Navigation

Mail list logo

Footer information