于 14-9-20 上午5:17, Joe MacDonald 写道:
[Re: [meta-selinux] refpolicy update in master-next] On 14.09.18 (Thu 15:06)
Mark Hatle wrote:
On 9/18/14, 2:57 PM, Joe MacDonald wrote:
Hey all,
As we'd all discussed at different times in the past, we're well behind
the curve on a refpolicy update for
于 14-7-15 下午5:52, Chong Lu 写道:
Remove PR, since oe-core has a new version.
Signed-off-by: Chong Lu chong...@windriver.com
---
recipes-devtools/rpm/rpm_5.4.14.bbappend |2 --
1 file changed, 2 deletions(-)
diff --git a/recipes-devtools/rpm/rpm_5.4.14.bbappend
于 14-7-23 下午2:56, jackie.hu...@windriver.com 写道:
From: Shan Hai shan@windriver.com
seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions,
and executes programs in a way that changes the relationship between the
setuid system call and the getresuid saved set-user-ID
于 14-7-24 下午8:20, Zhenhua Luo 写道:
* CONFIG_SECURITY=y
* CONFIG_SECURITYFS=y
Signed-off-by: Zhenhua Luo zhenhua@freescale.com
---
recipes-kernel/linux/linux-yocto/selinux.cfg | 2 ++
1 file changed, 2 insertions(+)
diff --git a/recipes-kernel/linux/linux-yocto/selinux.cfg
于 14-7-1 上午6:35, Armin Kuster 写道:
There are two versions of gnupg so limit the wildcard to the 2.x series
Signed-off-by: Armin Kuster akus...@mvista.com
---
recipes-support/gnupg/{gnupg_2.0.22.bbappend = gnupg_2.%.bbappend} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename
于 14-5-12 下午3:31, wenzong@windriver.com 写道:
From: Wenzong Fan wenzong@windriver.com
devpts use file_use_trans to allocate security contexts. As there are no
range_trans rules for initrc_t mounting devpts, the security level of
mountpoint will be derived from the initrc process, to be
于 14-4-4 上午3:20, Joe MacDonald 写道:
Hey Wenzong,
I merged two of these four.
[[yocto] [meta-selinux][PATCH 0/4] add targeted/minimum policy and some
updates] On 14.03.24 (Mon 21:07) wenzong@windriver.com wrote:
From: Wenzong Fan wenzong@windriver.com
Changes:
* backport tmpfs_t
于 14-3-25 上午9:07, wenzong@windriver.com 写道:
From: Wenzong Fan wenzong@windriver.com
Changes:
* backport tmpfs_t patch from upstream;
* add rules for /var/log symlink on poky;
* add targeted policy type
* add minimum targeted policy
The following changes since commit
于 14-2-20 下午8:59, rongqing...@windriver.com 写道:
From: Roy Li rongqing...@windriver.com
Signed-off-by: Roy Li rongqing...@windriver.com
---
.../audit/fix-auditd.conf-file-s-permission.patch | 41
recipes-security/audit/audit_2.3.2.bb |4 +-
2 files
于 14-2-13 下午4:13, Rongqing Li 写道:
On 02/11/2014 01:31 PM, rongqing...@windriver.com wrote:
From: Roy Li rongqing...@windriver.com
Signed-off-by: Roy Li rongqing...@windriver.com
---
...y-policy-ftp-make-proftpd-be-able-to-work.patch | 85
于 14-2-10 下午3:58, rongqing...@windriver.com 写道:
From: Roy Li rongqing...@windriver.com
Signed-off-by: Roy Li rongqing...@windriver.com
---
.../portmap-allow-portmap-to-create-socket.patch | 28
.../refpolicy/refpolicy_2.20130424.inc |1 +
2 files
于 14-2-13 下午4:09, wenzong@windriver.com 写道:
From: Wenzong Fan wenzong@windriver.com
Signed-off-by: Wenzong Fan wenzong@windriver.com
---
.../poky-fc-fix-real-path_su.patch | 25
.../refpolicy/refpolicy_2.20130424.inc |1
于 14-2-13 上午8:18, Joe MacDonald 写道:
[Re: [yocto] [meta-selinux][PATCH 0/4] Begin mingrating bbappends to use
wildcards in place of version numbers.] On 14.02.12 (Wed 09:57) Randy MacLeod
wrote:
On 14-02-11 09:54 PM, Philip Tricca wrote:
On 02/11/2014 08:15 PM, Joe MacDonald wrote:
[Re:
于 14-1-28 下午3:54, wenzong@windriver.com 写道:
From: Wenzong Fan wenzong@windriver.com
When ping is installed with capabilities instead of being marked setuid,
then the ping_t domain needs to be allowed to getcap/setcap.
This patch was backported from upstream.
The following
于 14-1-27 下午2:52, wenzong@windriver.com 写道:
From: Wenzong Fan wenzong@windriver.com
The default policy version of new selinux toolchains is 29, to
fit kernel 3.10.x, set it to 28.
---
recipes-security/refpolicy/refpolicy_common.inc |2 ++
于 14-1-27 下午4:44, wenzong fan 写道:
On 01/27/2014 04:12 PM, Pascal Ouyang wrote:
于 14-1-27 下午2:52, wenzong@windriver.com 写道:
From: Wenzong Fan wenzong@windriver.com
The default policy version of new selinux toolchains is 29, to
fit kernel 3.10.x, set it to 28.
---
recipes
于 14-1-28 上午9:52, wenzong@windriver.com 写道:
From: Wenzong Fan wenzong@windriver.com
The following changes since commit 8ce3b9d0d20c79e0d6bba325f6eedbd11febc101:
refpolicy: fix new symlink for policy.kern (2014-01-26 17:44:56 +0800)
are available in the git repository at:
于 14-1-26 下午4:54, wenzong@windriver.com 写道:
From: Wenzong Fan wenzong@windriver.com
It includes build host path, this does not work on target.
Signed-off-by: Wenzong Fan wenzong@windriver.com
---
recipes-security/refpolicy/refpolicy_common.inc |4
1 file changed,
于 14-1-26 下午4:54, wenzong@windriver.com 写道:
From: Wenzong Fan wenzong@windriver.com
* sync udev/init to latest poky version
* fix real path of udevadm
* fix symlink policy.kern
The following changes since commit 7c182186f54b88e5eb38ad7540e0498da476ab87:
libsemanage: fix
于 14-1-22 下午2:17, jackie.hu...@windriver.com 写道:
From: Jackie Huang jackie.hu...@windriver.com
The invalid binary path causes failure:
udevd[102]: starting version 182
/etc/rcS.d/S04udev: line 106: /usr/bin/udevadm: No such file or directory
use the command 'udevadm' directly in the init
于 14-1-20 下午5:27, wenzong@windriver.com 写道:
From: Wenzong Fan wenzong@windriver.com
* Remove PREFERRED_VERSION configs for selinux, they should be maintained
in distro config files.
* Update libselinux to latest version 2.2.2 which released on on 2013-12-30.
The following
于 14-1-20 下午6:15, wenzong@windriver.com 写道:
From: Wenzong Fan wenzong@windriver.com
* native tools don't need audit support;
* audit 2.3.2 or laters require kernel headers = 2.6.30, this causes
audit-native can't be built on some older distributions.
The following changes since
于 14-1-9 上午9:38, wenzong@windriver.com 写道:
From: Wenzong Fan wenzong@windriver.com
Changes:
1) Uprev selinux packages to release 20131030;
2) Fix build dependency to libsemanage;
3) Fix QA issues to policycoreutils;
4) Update LIC_FILES_CHKSUM for selinux packagegroups.
Some
于 14-1-9 上午10:54, wenzong@windriver.com 写道:
From: Wenzong Fan wenzong@windriver.com
In Yocto the real path for udevd is /lib/udev/udevd, this patch fixes
the init issues like:
udevd[87]: setfilecon /dev/vcsa2 failed: Operation not permitted
udevd[89]: setfilecon
24 matches
Mail list logo