subject:"\[yocto\] \[meta\-selinux\]\[PATCH 04\/21\] libsemanage\: uprev to 2.7 \(20170804\)"

Re: [yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)

2017-09-18 Thread Mark Hatle

On 9/18/17 2:48 AM, wenzong fan wrote:
> 
> 
> On 09/14/2017 09:33 PM, Mark Hatle wrote:
>> On 9/14/17 5:31 AM, wenzong fan wrote:
>>>
>>>
>>> On 09/14/2017 08:07 AM, Mark Hatle wrote:
 On 9/12/17 9:19 PM, Mark Hatle wrote:
> On 9/12/17 9:06 PM, wenzong fan wrote:
>> On 09/12/2017 06:59 PM, Chanho Park wrote:
>>> Hi,
>>>
>>> I can't apply this patch on top of the master branch. Which revision did
>>> you make the patches?
>>
>> Oops, that's my fault. I did a "sed -i -e 's/Subject: [/Subject:
>> [meta-selinux][/g' 00*" to add prefix for mail subjects, that also
>> changed the removed patch files in libsemanage.
>>
>> I'll send v2.
>>
>> Thanks
>> Wenzong
>
> I don't see the original set of patches in my archives.  When you rebase, 
> please
> rebase on top of mgh/master-next.

 My mailer finally loaded the original set.  I saw the same problems, but 
 was
 able to get them merged.

 I have updated 'mgh/master-next'.  Please verify the contents include all 
 of
 your changes.
>>>
>>> All my changes are there now.
>>>

 I tried to build a system and boot it, but it didn't work.  I'm guessing I
 forgot something simple, but I can't make master-next into master without
 knowing I can boot..  Any clue would be useful.  Thanks!


 My configuration is:

 bblayers.conf:

 oe-core (master) & meta-selinux (mgh/master-next)


 local.conf:

 IMAGE_FEATURES_append = " debug-tweaks ssh-server-openssh"

 DISTRO_FEATURES_append = " opengl x11 wayland acl xattr pam selinux"

 PREFERRED_PROVIDER_virtual/refpolicy = "refpolicy-mls"
 PREFERRED_VERSION_refpolicy-mls = "2.20170204"
>>>
>>> Above configs are OK, you can simply use:
>>>
>>> DISTRO = "poky-selinux"
>>> PREFERRED_VERSION_refpolicy-mls ?= "2.20170204"
>>
>> The DISTRO settings in meta-selinux are being removed (they are no longer in 
>> the
>> master-next branch).  Instead the user will be required to set the
>> DISTRO_FEATURE 'selinux' to enable the components.  (It is expected they will
>> also enable acl/xattr and pam.)
>>


 I ran QEMU using:


 runqemu qemux86 core-image-selinux ext4 nographic


>>>
>>> Please run QEMU with:
>>>
>>> $ runqemu qemux86 core-image-selinux ext4 nographic
>>> bootparams="selinux=1 enforcing=0"
>>
>>
>>

 Trying to login I get:

 qemux86 login: root
 [   23.960609] kauditd_printk_skb: 13 callbacks suppressed
 Cannot execute /bin/sh: Permission denied
 [   23.973922] audit: type=1400 audit(1505347190.805:29): avc:  denied  {
 execute } for  pid=671 comm="login" name="bash.bash" dev="vda" ino=8163
 scontext=system_u:system_r:local_login_t:s0-s15:c0.c1023
 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0
 [   23.975463] audit: type=1400 audit(1505347190.813:30): avc:  denied  {
 execute } for  pid=671 comm="login" name="bash.bash" dev="vda" ino=8163
 scontext=system_u:system_r:local_login_t:s0-s15:c0.c1023
 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0


>>>
>>> This should be blocked by refpolicy-mls, please boot with "selinux=1
>>> enforcing=0" to verify if SELinux tools work. For example:
>>
>> I would like to update the README file for the layer on how the user can
>> actually make a bootable system.  If this involves adding a user, that is 
>> fine.
>> But at present there is no way to login w/o turning off enforcing.  That 
>> seems
>> to defeat the purpose of enabling selinux in a design.
> 
> This is really an issue, I'll fix it.

The root login issue was fixed in a commit.  The above was due to 'bash.bash'
not having appropriate context specified in the refpolicies.

I also added to the README file.  If you have any additional suggestions or
changes, please let me know.

--Mark

> Thanks
> Wenzong
> 
>>
>> So any help you can give me for the documentation would be appreciated.
>>
>>> $ sestatus
>>
>> root@qemux86:~# sestatus
>> SELinux status: enabled
>> SELinuxfs mount:/sys/fs/selinux
>> SELinux root directory: /etc/selinux
>> Loaded policy name: mls
>> Current mode:   permissive
>> Mode from config file:  enforcing
>> Policy MLS status:  enabled
>> Policy deny_unknown status: allowed
>> Memory protection checking: requested (insecure)
>> Max kernel policy version:  30
>>
>>> OR:
>>> $ semanage login -l
>>
>> root@qemux86:~# semanage login -l
>>
>> Login Name   SELinux User MLS/MCS RangeService
>>
>> __default__  user_u   s0-s0*
>> root root s0-s15:c0.c1023  *
>>
>> (I followed the information below and enabled the python components.)
>>
>>> Actually this doesn't work since runtime dependencies, I commented off
>>> this

Re: [yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)

2017-09-18 Thread wenzong fan




On 09/14/2017 09:33 PM, Mark Hatle wrote:

On 9/14/17 5:31 AM, wenzong fan wrote:



On 09/14/2017 08:07 AM, Mark Hatle wrote:

On 9/12/17 9:19 PM, Mark Hatle wrote:

On 9/12/17 9:06 PM, wenzong fan wrote:

On 09/12/2017 06:59 PM, Chanho Park wrote:

Hi,

I can't apply this patch on top of the master branch. Which revision did
you make the patches?


Oops, that's my fault. I did a "sed -i -e 's/Subject: [/Subject:
[meta-selinux][/g' 00*" to add prefix for mail subjects, that also
changed the removed patch files in libsemanage.

I'll send v2.

Thanks
Wenzong


I don't see the original set of patches in my archives.  When you rebase, please
rebase on top of mgh/master-next.


My mailer finally loaded the original set.  I saw the same problems, but was
able to get them merged.

I have updated 'mgh/master-next'.  Please verify the contents include all of
your changes.


All my changes are there now.



I tried to build a system and boot it, but it didn't work.  I'm guessing I
forgot something simple, but I can't make master-next into master without
knowing I can boot..  Any clue would be useful.  Thanks!


My configuration is:

bblayers.conf:

oe-core (master) & meta-selinux (mgh/master-next)


local.conf:

IMAGE_FEATURES_append = " debug-tweaks ssh-server-openssh"

DISTRO_FEATURES_append = " opengl x11 wayland acl xattr pam selinux"

PREFERRED_PROVIDER_virtual/refpolicy = "refpolicy-mls"
PREFERRED_VERSION_refpolicy-mls = "2.20170204"


Above configs are OK, you can simply use:

DISTRO = "poky-selinux"
PREFERRED_VERSION_refpolicy-mls ?= "2.20170204"


The DISTRO settings in meta-selinux are being removed (they are no longer in the
master-next branch).  Instead the user will be required to set the
DISTRO_FEATURE 'selinux' to enable the components.  (It is expected they will
also enable acl/xattr and pam.)




I ran QEMU using:


runqemu qemux86 core-image-selinux ext4 nographic




Please run QEMU with:

$ runqemu qemux86 core-image-selinux ext4 nographic
bootparams="selinux=1 enforcing=0"






Trying to login I get:

qemux86 login: root
[   23.960609] kauditd_printk_skb: 13 callbacks suppressed
Cannot execute /bin/sh: Permission denied
[   23.973922] audit: type=1400 audit(1505347190.805:29): avc:  denied  {
execute } for  pid=671 comm="login" name="bash.bash" dev="vda" ino=8163
scontext=system_u:system_r:local_login_t:s0-s15:c0.c1023
tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0
[   23.975463] audit: type=1400 audit(1505347190.813:30): avc:  denied  {
execute } for  pid=671 comm="login" name="bash.bash" dev="vda" ino=8163
scontext=system_u:system_r:local_login_t:s0-s15:c0.c1023
tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0




This should be blocked by refpolicy-mls, please boot with "selinux=1
enforcing=0" to verify if SELinux tools work. For example:


I would like to update the README file for the layer on how the user can
actually make a bootable system.  If this involves adding a user, that is fine.
But at present there is no way to login w/o turning off enforcing.  That seems
to defeat the purpose of enabling selinux in a design.


This is really an issue, I'll fix it.

Thanks
Wenzong



So any help you can give me for the documentation would be appreciated.


$ sestatus


root@qemux86:~# sestatus
SELinux status: enabled
SELinuxfs mount:/sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: mls
Current mode:   permissive
Mode from config file:  enforcing
Policy MLS status:  enabled
Policy deny_unknown status: allowed
Memory protection checking: requested (insecure)
Max kernel policy version:  30


OR:
$ semanage login -l


root@qemux86:~# semanage login -l

Login Name   SELinux User MLS/MCS RangeService

__default__  user_u   s0-s0*
root root s0-s15:c0.c1023  *

(I followed the information below and enabled the python components.)


Actually this doesn't work since runtime dependencies, I commented off
this from setools_4.1.1.bb:

# TODO: depends on meta-python, disable the RDEPENDS for now:
# RDEPENDS_${PN} += "python-networkx python-enum34 python-decorator
python-setuptools"

For community， we need to discuss if we can get meta-selinux depend on
meta-python by default? Or just get users to do that?


Yes, we can add a requirement for meta-python.  I just need to clearly document
in the commit message why it is there.

I will work to update the mgh/master-next with the meta-python items and some of
the information above...

--Mark


Thanks
Wenzong




--Mark








--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)

2017-09-14 Thread Mark Hatle

On 9/14/17 5:31 AM, wenzong fan wrote:
> 
> 
> On 09/14/2017 08:07 AM, Mark Hatle wrote:
>> On 9/12/17 9:19 PM, Mark Hatle wrote:
>>> On 9/12/17 9:06 PM, wenzong fan wrote:
 On 09/12/2017 06:59 PM, Chanho Park wrote:
> Hi,
>
> I can't apply this patch on top of the master branch. Which revision did
> you make the patches?

 Oops, that's my fault. I did a "sed -i -e 's/Subject: [/Subject:
 [meta-selinux][/g' 00*" to add prefix for mail subjects, that also
 changed the removed patch files in libsemanage.

 I'll send v2.

 Thanks
 Wenzong
>>>
>>> I don't see the original set of patches in my archives.  When you rebase, 
>>> please
>>> rebase on top of mgh/master-next.
>>
>> My mailer finally loaded the original set.  I saw the same problems, but was
>> able to get them merged.
>>
>> I have updated 'mgh/master-next'.  Please verify the contents include all of
>> your changes.
> 
> All my changes are there now.
> 
>>
>> I tried to build a system and boot it, but it didn't work.  I'm guessing I
>> forgot something simple, but I can't make master-next into master without
>> knowing I can boot..  Any clue would be useful.  Thanks!
>>
>>
>> My configuration is:
>>
>> bblayers.conf:
>>
>> oe-core (master) & meta-selinux (mgh/master-next)
>>
>>
>> local.conf:
>>
>> IMAGE_FEATURES_append = " debug-tweaks ssh-server-openssh"
>>
>> DISTRO_FEATURES_append = " opengl x11 wayland acl xattr pam selinux"
>>
>> PREFERRED_PROVIDER_virtual/refpolicy = "refpolicy-mls"
>> PREFERRED_VERSION_refpolicy-mls = "2.20170204"
> 
> Above configs are OK, you can simply use:
> 
> DISTRO = "poky-selinux"
> PREFERRED_VERSION_refpolicy-mls ?= "2.20170204"

The DISTRO settings in meta-selinux are being removed (they are no longer in the
master-next branch).  Instead the user will be required to set the
DISTRO_FEATURE 'selinux' to enable the components.  (It is expected they will
also enable acl/xattr and pam.)

>>
>>
>> I ran QEMU using:
>>
>>
>> runqemu qemux86 core-image-selinux ext4 nographic
>>
>>
> 
> Please run QEMU with:
> 
> $ runqemu qemux86 core-image-selinux ext4 nographic 
> bootparams="selinux=1 enforcing=0"



>>
>> Trying to login I get:
>>
>> qemux86 login: root
>> [   23.960609] kauditd_printk_skb: 13 callbacks suppressed
>> Cannot execute /bin/sh: Permission denied
>> [   23.973922] audit: type=1400 audit(1505347190.805:29): avc:  denied  {
>> execute } for  pid=671 comm="login" name="bash.bash" dev="vda" ino=8163
>> scontext=system_u:system_r:local_login_t:s0-s15:c0.c1023
>> tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0
>> [   23.975463] audit: type=1400 audit(1505347190.813:30): avc:  denied  {
>> execute } for  pid=671 comm="login" name="bash.bash" dev="vda" ino=8163
>> scontext=system_u:system_r:local_login_t:s0-s15:c0.c1023
>> tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0
>>
>>
> 
> This should be blocked by refpolicy-mls, please boot with "selinux=1 
> enforcing=0" to verify if SELinux tools work. For example:

I would like to update the README file for the layer on how the user can
actually make a bootable system.  If this involves adding a user, that is fine.
But at present there is no way to login w/o turning off enforcing.  That seems
to defeat the purpose of enabling selinux in a design.

So any help you can give me for the documentation would be appreciated.

> $ sestatus

root@qemux86:~# sestatus
SELinux status: enabled
SELinuxfs mount:/sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: mls
Current mode:   permissive
Mode from config file:  enforcing
Policy MLS status:  enabled
Policy deny_unknown status: allowed
Memory protection checking: requested (insecure)
Max kernel policy version:  30

> OR:
> $ semanage login -l

root@qemux86:~# semanage login -l

Login Name   SELinux User MLS/MCS RangeService

__default__  user_u   s0-s0*
root root s0-s15:c0.c1023  *

(I followed the information below and enabled the python components.)

> Actually this doesn't work since runtime dependencies, I commented off 
> this from setools_4.1.1.bb:
> 
> # TODO: depends on meta-python, disable the RDEPENDS for now:
> # RDEPENDS_${PN} += "python-networkx python-enum34 python-decorator 
> python-setuptools"
> 
> For community， we need to discuss if we can get meta-selinux depend on 
> meta-python by default? Or just get users to do that?

Yes, we can add a requirement for meta-python.  I just need to clearly document
in the commit message why it is there.

I will work to update the mgh/master-next with the meta-python items and some of
the information above...

--Mark

> Thanks
> Wenzong
> 
>>
>>> --Mark
>>>
>>
>>

-- 
___
yocto mailing list
yocto@yoctoproject.org

Re: [yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)

2017-09-14 Thread wenzong fan




On 09/14/2017 08:07 AM, Mark Hatle wrote:

On 9/12/17 9:19 PM, Mark Hatle wrote:

On 9/12/17 9:06 PM, wenzong fan wrote:

On 09/12/2017 06:59 PM, Chanho Park wrote:

Hi,

I can't apply this patch on top of the master branch. Which revision did
you make the patches?


Oops, that's my fault. I did a "sed -i -e 's/Subject: [/Subject:
[meta-selinux][/g' 00*" to add prefix for mail subjects, that also
changed the removed patch files in libsemanage.

I'll send v2.

Thanks
Wenzong


I don't see the original set of patches in my archives.  When you rebase, please
rebase on top of mgh/master-next.


My mailer finally loaded the original set.  I saw the same problems, but was
able to get them merged.

I have updated 'mgh/master-next'.  Please verify the contents include all of
your changes.


All my changes are there now.



I tried to build a system and boot it, but it didn't work.  I'm guessing I
forgot something simple, but I can't make master-next into master without
knowing I can boot..  Any clue would be useful.  Thanks!


My configuration is:

bblayers.conf:

oe-core (master) & meta-selinux (mgh/master-next)


local.conf:

IMAGE_FEATURES_append = " debug-tweaks ssh-server-openssh"

DISTRO_FEATURES_append = " opengl x11 wayland acl xattr pam selinux"

PREFERRED_PROVIDER_virtual/refpolicy = "refpolicy-mls"
PREFERRED_VERSION_refpolicy-mls = "2.20170204"


Above configs are OK, you can simply use:

DISTRO = "poky-selinux"
PREFERRED_VERSION_refpolicy-mls ?= "2.20170204"




I ran QEMU using:


runqemu qemux86 core-image-selinux ext4 nographic




Please run QEMU with:

$ runqemu qemux86 core-image-selinux ext4 nographic 
bootparams="selinux=1 enforcing=0"




Trying to login I get:

qemux86 login: root
[   23.960609] kauditd_printk_skb: 13 callbacks suppressed
Cannot execute /bin/sh: Permission denied
[   23.973922] audit: type=1400 audit(1505347190.805:29): avc:  denied  {
execute } for  pid=671 comm="login" name="bash.bash" dev="vda" ino=8163
scontext=system_u:system_r:local_login_t:s0-s15:c0.c1023
tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0
[   23.975463] audit: type=1400 audit(1505347190.813:30): avc:  denied  {
execute } for  pid=671 comm="login" name="bash.bash" dev="vda" ino=8163
scontext=system_u:system_r:local_login_t:s0-s15:c0.c1023
tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0




This should be blocked by refpolicy-mls, please boot with "selinux=1 
enforcing=0" to verify if SELinux tools work. For example:


$ sestatus

OR:
$ semanage login -l
Actually this doesn't work since runtime dependencies, I commented off 
this from setools_4.1.1.bb:


# TODO: depends on meta-python, disable the RDEPENDS for now:
# RDEPENDS_${PN} += "python-networkx python-enum34 python-decorator 
python-setuptools"


For community， we need to discuss if we can get meta-selinux depend on 
meta-python by default? Or just get users to do that?


Thanks
Wenzong




--Mark





--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)

2017-09-13 Thread Mark Hatle

On 9/12/17 9:19 PM, Mark Hatle wrote:
> On 9/12/17 9:06 PM, wenzong fan wrote:
>> On 09/12/2017 06:59 PM, Chanho Park wrote:
>>> Hi,
>>>
>>> I can't apply this patch on top of the master branch. Which revision did 
>>> you make the patches?
>>
>> Oops, that's my fault. I did a "sed -i -e 's/Subject: [/Subject: 
>> [meta-selinux][/g' 00*" to add prefix for mail subjects, that also 
>> changed the removed patch files in libsemanage.
>>
>> I'll send v2.
>>
>> Thanks
>> Wenzong
> 
> I don't see the original set of patches in my archives.  When you rebase, 
> please
> rebase on top of mgh/master-next.

My mailer finally loaded the original set.  I saw the same problems, but was
able to get them merged.

I have updated 'mgh/master-next'.  Please verify the contents include all of
your changes.

I tried to build a system and boot it, but it didn't work.  I'm guessing I
forgot something simple, but I can't make master-next into master without
knowing I can boot..  Any clue would be useful.  Thanks!


My configuration is:

bblayers.conf:

oe-core (master) & meta-selinux (mgh/master-next)


local.conf:

IMAGE_FEATURES_append = " debug-tweaks ssh-server-openssh"

DISTRO_FEATURES_append = " opengl x11 wayland acl xattr pam selinux"

PREFERRED_PROVIDER_virtual/refpolicy = "refpolicy-mls"
PREFERRED_VERSION_refpolicy-mls = "2.20170204"


I ran QEMU using:


runqemu qemux86 core-image-selinux ext4 nographic



Trying to login I get:

qemux86 login: root
[   23.960609] kauditd_printk_skb: 13 callbacks suppressed
Cannot execute /bin/sh: Permission denied
[   23.973922] audit: type=1400 audit(1505347190.805:29): avc:  denied  {
execute } for  pid=671 comm="login" name="bash.bash" dev="vda" ino=8163
scontext=system_u:system_r:local_login_t:s0-s15:c0.c1023
tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0
[   23.975463] audit: type=1400 audit(1505347190.813:30): avc:  denied  {
execute } for  pid=671 comm="login" name="bash.bash" dev="vda" ino=8163
scontext=system_u:system_r:local_login_t:s0-s15:c0.c1023
tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0



> --Mark
> 

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)

2017-09-12 Thread Mark Hatle

On 9/12/17 9:06 PM, wenzong fan wrote:
> On 09/12/2017 06:59 PM, Chanho Park wrote:
>> Hi,
>>
>> I can't apply this patch on top of the master branch. Which revision did 
>> you make the patches?
> 
> Oops, that's my fault. I did a "sed -i -e 's/Subject: [/Subject: 
> [meta-selinux][/g' 00*" to add prefix for mail subjects, that also 
> changed the removed patch files in libsemanage.
> 
> I'll send v2.
> 
> Thanks
> Wenzong

I don't see the original set of patches in my archives.  When you rebase, please
rebase on top of mgh/master-next.

--Mark
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)

2017-09-12 Thread wenzong fan


On 09/12/2017 06:59 PM, Chanho Park wrote:

Hi,

I can't apply this patch on top of the master branch. Which revision did 
you make the patches?


Oops, that's my fault. I did a "sed -i -e 's/Subject: [/Subject: 
[meta-selinux][/g' 00*" to add prefix for mail subjects, that also 
changed the removed patch files in libsemanage.


I'll send v2.

Thanks
Wenzong



Best Regards,
Chanho Park

On Tue, 5 Sep 2017 at 3:05 PM > wrote:


From: Wenzong Fan >

Remove patches that included by new version:
   - 0001-libsemanage-simplify-string-utilities-functions.patch
   - 0002-libsemanage-add-semanage_str_replace-utility-functio.patch
   - 0003-libsemanage-genhomedircon-drop-ustr-dependency.patch
   - 0004-libsemanage-remove-ustr-library-from-Makefiles-READM.patch
   - libsemanage-fix-path-len-limit.patch

Rebase patch:
   - libsemanage-allow-to-disable-audit-support.patch

Set PYCEXT and PYSITEDIR to generate the _semanage.so and install it
to ${libdir}/python${PYTHON_BASEVERSION}/site-packages.

Signed-off-by: Wenzong Fan >
---
  recipes-security/selinux/libsemanage.inc   |   2 +
  ...anage-simplify-string-utilities-functions.patch | 115 
  ...-add-semanage_str_replace-utility-functio.patch | 164 ---
  ...manage-genhomedircon-drop-ustr-dependency.patch | 323
-
  ...-remove-ustr-library-from-Makefiles-READM.patch |  61 
  ...ibsemanage-allow-to-disable-audit-support.patch |  68 +++--
  .../libsemanage-fix-path-len-limit.patch   |  28 --
  .../{libsemanage_2.6.bb  =>
libsemanage_2.7.bb } |  11 +-
  8 files changed, 42 insertions(+), 730 deletions(-)
  delete mode 100644

recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch
  delete mode 100644

recipes-security/selinux/libsemanage/0002-libsemanage-add-semanage_str_replace-utility-functio.patch
  delete mode 100644

recipes-security/selinux/libsemanage/0003-libsemanage-genhomedircon-drop-ustr-dependency.patch
  delete mode 100644

recipes-security/selinux/libsemanage/0004-libsemanage-remove-ustr-library-from-Makefiles-READM.patch
  delete mode 100644
recipes-security/selinux/libsemanage/libsemanage-fix-path-len-limit.patch
  rename recipes-security/selinux/{libsemanage_2.6.bb
 => libsemanage_2.7.bb
} (50%)

diff --git a/recipes-security/selinux/libsemanage.inc
b/recipes-security/selinux/libsemanage.inc
index 504101d..9b238c8 100644
--- a/recipes-security/selinux/libsemanage.inc
+++ b/recipes-security/selinux/libsemanage.inc
@@ -40,6 +40,8 @@ do_install() {

  oe_runmake install-pywrap swigify \
  DESTDIR=${D} \
+PYCEXT='.so' \
+   
PYSITEDIR='${D}${libdir}/python${PYTHON_BASEVERSION}/site-packages' \

  PYLIBVER='python${PYTHON_BASEVERSION}' \
  PYLIBDIR='${D}/${libdir}/$(PYLIBVER)'

diff --git

a/recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch

b/recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch
deleted file mode 100644
index fd478d0..000
---

a/recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-From 514a5df959ea0e13db4e87f73c2ac5edcceebd52 Mon Sep 17 00:00:00 2001
-From: Nicolas Iooss >
-Date: Wed, 21 Dec 2016 19:21:01 +0100
-Subject: [meta-selinux][PATCH 1/4] libsemanage: simplify string
utilities functions
-
-Use string functions from C standard library instead of ustr. This
makes
-the code simpler and make utilities.c no longer depend on ustr library.
-
-This changes how semanage_split() behaves when delim is not empty (NULL
-or "") and the input string contains several successive delimiters:
-semanage_split("foobar", ":") returned "bar" and now returns
":bar".
-This would not have any impact in the current code as semanage_split()
-is only called with delim="=" (through semanage_findval(), in
-libsemanage/src/genhomedircon.c), in order to split a "key=value"
-statement.
-
-Signed-off-by: Nicolas Iooss >
-(cherry picked from commit a228bb3736c5957d41ad9e01eb1283fc6883a6e5)

- libsemanage/src/utilities.c | 59
++---
- 1 file changed, 13

Re: [yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)

2017-09-12 Thread Chanho Park

Hi,

I can't apply this patch on top of the master branch. Which revision did
you make the patches?

Best Regards,
Chanho Park

On Tue, 5 Sep 2017 at 3:05 PM  wrote:

> From: Wenzong Fan 
>
> Remove patches that included by new version:
>   - 0001-libsemanage-simplify-string-utilities-functions.patch
>   - 0002-libsemanage-add-semanage_str_replace-utility-functio.patch
>   - 0003-libsemanage-genhomedircon-drop-ustr-dependency.patch
>   - 0004-libsemanage-remove-ustr-library-from-Makefiles-READM.patch
>   - libsemanage-fix-path-len-limit.patch
>
> Rebase patch:
>   - libsemanage-allow-to-disable-audit-support.patch
>
> Set PYCEXT and PYSITEDIR to generate the _semanage.so and install it
> to ${libdir}/python${PYTHON_BASEVERSION}/site-packages.
>
> Signed-off-by: Wenzong Fan 
> ---
>  recipes-security/selinux/libsemanage.inc   |   2 +
>  ...anage-simplify-string-utilities-functions.patch | 115 
>  ...-add-semanage_str_replace-utility-functio.patch | 164 ---
>  ...manage-genhomedircon-drop-ustr-dependency.patch | 323
> -
>  ...-remove-ustr-library-from-Makefiles-READM.patch |  61 
>  ...ibsemanage-allow-to-disable-audit-support.patch |  68 +++--
>  .../libsemanage-fix-path-len-limit.patch   |  28 --
>  .../{libsemanage_2.6.bb => libsemanage_2.7.bb} |  11 +-
>  8 files changed, 42 insertions(+), 730 deletions(-)
>  delete mode 100644
> recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch
>  delete mode 100644
> recipes-security/selinux/libsemanage/0002-libsemanage-add-semanage_str_replace-utility-functio.patch
>  delete mode 100644
> recipes-security/selinux/libsemanage/0003-libsemanage-genhomedircon-drop-ustr-dependency.patch
>  delete mode 100644
> recipes-security/selinux/libsemanage/0004-libsemanage-remove-ustr-library-from-Makefiles-READM.patch
>  delete mode 100644
> recipes-security/selinux/libsemanage/libsemanage-fix-path-len-limit.patch
>  rename recipes-security/selinux/{libsemanage_2.6.bb => libsemanage_2.7.bb}
> (50%)
>
> diff --git a/recipes-security/selinux/libsemanage.inc
> b/recipes-security/selinux/libsemanage.inc
> index 504101d..9b238c8 100644
> --- a/recipes-security/selinux/libsemanage.inc
> +++ b/recipes-security/selinux/libsemanage.inc
> @@ -40,6 +40,8 @@ do_install() {
>
>  oe_runmake install-pywrap swigify \
>  DESTDIR=${D} \
> +PYCEXT='.so' \
> +
> PYSITEDIR='${D}${libdir}/python${PYTHON_BASEVERSION}/site-packages' \
>  PYLIBVER='python${PYTHON_BASEVERSION}' \
>  PYLIBDIR='${D}/${libdir}/$(PYLIBVER)'
>
> diff --git
> a/recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch
> b/recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch
> deleted file mode 100644
> index fd478d0..000
> ---
> a/recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch
> +++ /dev/null
> @@ -1,115 +0,0 @@
> -From 514a5df959ea0e13db4e87f73c2ac5edcceebd52 Mon Sep 17 00:00:00 2001
> -From: Nicolas Iooss 
> -Date: Wed, 21 Dec 2016 19:21:01 +0100
> -Subject: [meta-selinux][PATCH 1/4] libsemanage: simplify string utilities
> functions
> -
> -Use string functions from C standard library instead of ustr. This makes
> -the code simpler and make utilities.c no longer depend on ustr library.
> -
> -This changes how semanage_split() behaves when delim is not empty (NULL
> -or "") and the input string contains several successive delimiters:
> -semanage_split("foobar", ":") returned "bar" and now returns ":bar".
> -This would not have any impact in the current code as semanage_split()
> -is only called with delim="=" (through semanage_findval(), in
> -libsemanage/src/genhomedircon.c), in order to split a "key=value"
> -statement.
> -
> -Signed-off-by: Nicolas Iooss 
> -(cherry picked from commit a228bb3736c5957d41ad9e01eb1283fc6883a6e5)
> 
> - libsemanage/src/utilities.c | 59
> ++---
> - 1 file changed, 13 insertions(+), 46 deletions(-)
> -
> -diff --git a/libsemanage/src/utilities.c b/libsemanage/src/utilities.c
> -index f48ffa4..fa86cc7 100644
>  a/libsemanage/src/utilities.c
> -+++ b/libsemanage/src/utilities.c
> -@@ -26,7 +26,6 @@
> - #include 
> - #include 
> - #include 
> --#include 
> -
> - #define TRUE 1
> - #define FALSE 0
> -@@ -74,64 +73,32 @@ char *semanage_split_on_space(const char *str)
> - {
> -   /* as per the man page, these are the isspace() chars */
> -   const char *seps = "\f\n\r\t\v ";
> --  size_t slen = strlen(seps);
> --  size_t off = 0, rside_len = 0;
> --  char *retval = NULL;
> --  Ustr *ustr = USTR_NULL, *temp = USTR_NULL;
> -+  size_t off = 0;
> -
> -   if (!str)
> --  goto done;
> --  if (!(ustr

[yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)

2017-09-05 Thread wenzong.fan

From: Wenzong Fan 

Remove patches that included by new version:
  - 0001-libsemanage-simplify-string-utilities-functions.patch
  - 0002-libsemanage-add-semanage_str_replace-utility-functio.patch
  - 0003-libsemanage-genhomedircon-drop-ustr-dependency.patch
  - 0004-libsemanage-remove-ustr-library-from-Makefiles-READM.patch
  - libsemanage-fix-path-len-limit.patch

Rebase patch:
  - libsemanage-allow-to-disable-audit-support.patch

Set PYCEXT and PYSITEDIR to generate the _semanage.so and install it
to ${libdir}/python${PYTHON_BASEVERSION}/site-packages.

Signed-off-by: Wenzong Fan 
---
 recipes-security/selinux/libsemanage.inc   |   2 +
 ...anage-simplify-string-utilities-functions.patch | 115 
 ...-add-semanage_str_replace-utility-functio.patch | 164 ---
 ...manage-genhomedircon-drop-ustr-dependency.patch | 323 -
 ...-remove-ustr-library-from-Makefiles-READM.patch |  61 
 ...ibsemanage-allow-to-disable-audit-support.patch |  68 +++--
 .../libsemanage-fix-path-len-limit.patch   |  28 --
 .../{libsemanage_2.6.bb => libsemanage_2.7.bb} |  11 +-
 8 files changed, 42 insertions(+), 730 deletions(-)
 delete mode 100644 
recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch
 delete mode 100644 
recipes-security/selinux/libsemanage/0002-libsemanage-add-semanage_str_replace-utility-functio.patch
 delete mode 100644 
recipes-security/selinux/libsemanage/0003-libsemanage-genhomedircon-drop-ustr-dependency.patch
 delete mode 100644 
recipes-security/selinux/libsemanage/0004-libsemanage-remove-ustr-library-from-Makefiles-READM.patch
 delete mode 100644 
recipes-security/selinux/libsemanage/libsemanage-fix-path-len-limit.patch
 rename recipes-security/selinux/{libsemanage_2.6.bb => libsemanage_2.7.bb} 
(50%)

diff --git a/recipes-security/selinux/libsemanage.inc 
b/recipes-security/selinux/libsemanage.inc
index 504101d..9b238c8 100644
--- a/recipes-security/selinux/libsemanage.inc
+++ b/recipes-security/selinux/libsemanage.inc
@@ -40,6 +40,8 @@ do_install() {
 
 oe_runmake install-pywrap swigify \
 DESTDIR=${D} \
+PYCEXT='.so' \
+
PYSITEDIR='${D}${libdir}/python${PYTHON_BASEVERSION}/site-packages' \
 PYLIBVER='python${PYTHON_BASEVERSION}' \
 PYLIBDIR='${D}/${libdir}/$(PYLIBVER)'
 
diff --git 
a/recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch
 
b/recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch
deleted file mode 100644
index fd478d0..000
--- 
a/recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-From 514a5df959ea0e13db4e87f73c2ac5edcceebd52 Mon Sep 17 00:00:00 2001
-From: Nicolas Iooss 
-Date: Wed, 21 Dec 2016 19:21:01 +0100
-Subject: [meta-selinux][PATCH 1/4] libsemanage: simplify string utilities 
functions
-
-Use string functions from C standard library instead of ustr. This makes
-the code simpler and make utilities.c no longer depend on ustr library.
-
-This changes how semanage_split() behaves when delim is not empty (NULL
-or "") and the input string contains several successive delimiters:
-semanage_split("foobar", ":") returned "bar" and now returns ":bar".
-This would not have any impact in the current code as semanage_split()
-is only called with delim="=" (through semanage_findval(), in
-libsemanage/src/genhomedircon.c), in order to split a "key=value"
-statement.
-
-Signed-off-by: Nicolas Iooss 
-(cherry picked from commit a228bb3736c5957d41ad9e01eb1283fc6883a6e5)

- libsemanage/src/utilities.c | 59 ++---
- 1 file changed, 13 insertions(+), 46 deletions(-)
-
-diff --git a/libsemanage/src/utilities.c b/libsemanage/src/utilities.c
-index f48ffa4..fa86cc7 100644
 a/libsemanage/src/utilities.c
-+++ b/libsemanage/src/utilities.c
-@@ -26,7 +26,6 @@
- #include 
- #include 
- #include 
--#include 
- 
- #define TRUE 1
- #define FALSE 0
-@@ -74,64 +73,32 @@ char *semanage_split_on_space(const char *str)
- {
-   /* as per the man page, these are the isspace() chars */
-   const char *seps = "\f\n\r\t\v ";
--  size_t slen = strlen(seps);
--  size_t off = 0, rside_len = 0;
--  char *retval = NULL;
--  Ustr *ustr = USTR_NULL, *temp = USTR_NULL;
-+  size_t off = 0;
- 
-   if (!str)
--  goto done;
--  if (!(ustr = ustr_dup_cstr(str)))
--  goto done;
--  temp =
--  ustr_split_spn_chrs(ustr, , seps, slen, USTR_NULL,
--  USTR_FLAG_SPLIT_DEF);
--  if (!temp)
--  goto done;
--  /* throw away the left hand side */
--  ustr_sc_free();
--
--  rside_len = ustr_len(ustr) - off;
--  temp = ustr_dup_subustr(ustr, off +

Re: [yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)

Re: [yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)

Re: [yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)

Re: [yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)

Re: [yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)

Re: [yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)

Re: [yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)

Re: [yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)

[yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)

9 matches

Site Navigation

Mail list logo

Footer information