From patchwork Wed Dec 8 07:33:43 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi Zhao X-Patchwork-Id: 24 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56876C4332F for ; Wed, 8 Dec 2021 07:34:05 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.web12.9156.1638948844365375474 for ; Tue, 07 Dec 2021 23:34:04 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=pps06212021 header.b=CZ3Z+QQ1; spf=pass (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=7976a6fcf6=yi.zhao@windriver.com) Received: from pps.filterd (m0250812.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 1B87Tj9e030204; Wed, 8 Dec 2021 07:34:01 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=from : to : subject : date : message-id : content-transfer-encoding : content-type : mime-version; s=PPS06212021; bh=phaZ3E5yps467noU9NJy0VHrbPW9RtQL+53fHsa51jM=; b=CZ3Z+QQ1JfSEQg7c9mi7FdTfS3UdTld3pBrQEukapsknUsb2KZn/KdGErbM9bq+IN9qn ksRVEGl+RdBrfxt25/po66JrqgKbbLyJ0Y7xo/5AmOIkwIycAGQLHOsrMzJJdCyyVR57 dUW8dNY/urdKXWi+KsBCpKpx/xoMoG5sWiWVCh4/yUGomwDXW1vA/zEoPZLOh+pzq5we v5a8nmP1nXQn1XAH0li8cn1+f/tMSJ9w255JS68Ew7Wzno/8yXDXSGvfXs9wKRimqxLa ZsLvJOUZR+uea74FcXyU4NG9TfW2Uj3ABr3BbbCTX4KXm0w3uy9tIzebYWUnmncQW/RZ Dg== Received: from nam10-bn7-obe.outbound.protection.outlook.com (mail-bn7nam10lp2107.outbound.protection.outlook.com [104.47.70.107]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 3ctba60hnr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Dec 2021 07:34:01 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M44WY7uINlPv5dDvBr04LSYFchfwlgixbe+KRkWnfxdj/LIm8SQQ5K2LIkGCB1O1mqyRv6Y8sK8HwRjAYQvxXzPg7AzT80Npy934NDCALyn6Q/H0Ot9caDgb4/VgCC8mWGzn0txD8zaJlYJkeZOc0798aExGmFpDYaYJLcbXEYpGlVvUvNzcSzW3QRx0gQbJ9p48+cUMueQNmz6YziYpOfuBraZP1KEocQh6SRvVUlEx6nCqmdMNWPIeCgiPATskX9O9lE3qvO8r8Is77qrimh7O9B572nnNS+wvt1fsKIP0nF7n5jLCjM4z5OtNEi/hoTeomaZE+GjCZ6UyGMaiZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=phaZ3E5yps467noU9NJy0VHrbPW9RtQL+53fHsa51jM=; b=e6QsocQb844AScoipXmJD5Tdhnam+L88QBDaCrvwT6CUHhWOJieGCElXIKf1ebg2JRV28q9x8uxaFIjQWlPOf/MvASgPMuJ/UB52MYolvjRl5YLoEkKZXLw4cf0ka3zBJQO/lqklzjI2QWlosNWvKcsSgaFvDaRHPaU0Cd1wlV7Yx16RC3XVZSR0CN+Lnyb08SHBgABF9SqUKbYxW4IxQkqWUeVVgH0MNkZTd6P+DON5OZIpbF60RrF5RgfzswzIoglXcC4j1XvpmrWn4NHgqWq38TuDBwuB8CTva1pt7dQjvXSNBkQr12FV48BOOVAOrh8LrP0bn/M2boNETHkr1A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from CO1PR11MB4867.namprd11.prod.outlook.com (2603:10b6:303:9a::13) by MWHPR11MB1535.namprd11.prod.outlook.com (2603:10b6:301:d::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.21; Wed, 8 Dec 2021 07:33:58 +0000 Received: from CO1PR11MB4867.namprd11.prod.outlook.com ([fe80::8962:26c6:20fe:eaa4]) by CO1PR11MB4867.namprd11.prod.outlook.com ([fe80::8962:26c6:20fe:eaa4%6]) with mapi id 15.20.4755.022; Wed, 8 Dec 2021 07:33:58 +0000 From: Yi Zhao To: yocto@lists.yoctoproject.org, joe_macdonald@mentor.com, joe@deserted.net Subject: [meta-selinux][PATCH 1/3] selinux-python: add RDEPENDES on audit-python Date: Wed, 8 Dec 2021 15:33:43 +0800 Message-Id: <20211208073345.38198-1-yi.zhao@windriver.com> X-Mailer: git-send-email 2.25.1 X-ClientProxiedBy: HK2PR04CA0086.apcprd04.prod.outlook.com (2603:1096:202:15::30) To CO1PR11MB4867.namprd11.prod.outlook.com (2603:10b6:303:9a::13) MIME-Version: 1.0 Received: from pek-yzhao1-d1.wrs.com (60.247.85.82) by HK2PR04CA0086.apcprd04.prod.outlook.com (2603:1096:202:15::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.17 via Frontend Transport; Wed, 8 Dec 2021 07:33:57 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 65dc0c07-d4d1-4c8e-b50e-08d9ba1d18e5 X-MS-TrafficTypeDiagnostic: MWHPR11MB1535:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:404; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: O3UAgpa00JvfDNFImXwJAwxBz91Zxje4iOyrQehhXYhkSePFrcppZ9bFd2h169GYajHu6qNPIrTUjVTpzb6osYqCHgun6tjMnOYFCeT6SqZOV8mp8IS4wie6D8IIJ2oJFkt5t0oe0kCV7HSb0OKLHIvKAM5NYAGUfAm2W6meavgTbzIjYrQeyx/f+w7qVhW01/gIlcXSR5/3FS43EcXpSg5vJy0G6bHDy7+7k3O6qgVmvkpQ6isKYsqYbBKjVt3iFbP2FWsbfDNb0soFp4BMOLtXLrEp/llrqG8kLkbQihYob6wHifMV4vAipsRVdh5jmrpjtyZ6463pyvVYvphXrAUbaDITXSm/OzswfBOBKArpMPWDQQWBLLMbig22Cq1eTHrSPpMcj9NwNTu0KJyD/hbNNAGHetwwy4L/e+oCfoZwGK/P58eQqIYp9aMzvRqra03HNhpBNddqpgi/E+c8S3YhBLTDVllILHMdEKiupLFGo90YG74setruk2r7HvtVjysyJtuyglMNE0zqCvCA72cVp+7IC2xs0sj+4fk0yEjY6174xIUcbs9HXBvy4TYHRn6W8ffb96LUl69hWaIMw78+n/XcaokJRlAvoAfIKAZE+8QGdw9BkR8rIdk0gAeZgpiAPjs5Gx1TAtL2aJxFlDljPkU9iBN9sGDN71dEMJadzPe0K5S77VSc26bFZVbeeVA4oT087f/5kqUZgwM/8g== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO1PR11MB4867.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(38100700002)(38350700002)(8936002)(83380400001)(508600001)(6486002)(316002)(26005)(956004)(186003)(6512007)(5660300002)(1076003)(66946007)(2616005)(6506007)(36756003)(8676002)(6666004)(86362001)(44832011)(52116002)(2906002)(66476007)(66556008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 8lLlzSmJ/pXNBy8xxjnjHMtTVizS9RN9Li3E80txuJNBQDO1DmgE1+HkG4x4Uf92KWJ7fLOhMWxd9kUnOK3fkFKZTESJBPHbKXXzdjX6+hy+2DVDVZ6qQ/JIjTysfmm1cvUORTb4U0EYdLUpwevAERJsNn/lM+ff2fU6ZdOEFKPxJ44OsaPIvmyoztvBzduQPUZNwygt4gT4OT/wqs/nYUTqau8Py1ij1kokw9+Lyc2K9heWAdCdb+F4WhzqVrJLW/yi5X24eoInkrrcGUzow634dN8qITc71SlFcD23vpibmiVBUXvZyNAQ43wMfS43W7kclMn+UWTN33ohH7IpNUkbaSCv9Raawjkf2rvy5lyvmNyvJ+maezrnmG5+CNFE12muoyS86BVhmTMTAVp26dZkGMcDtK3D5xnaxTxsS4/9j/Y7l2ukKIFYJn3wqGFEM3WeVj0Wuof2KzTcxcruzIgBsOMNskJ0/oro4e+4fdL8AVrPHy7qr8mqu4wGS/FASfiSezk0jjxaWOHD+U3LU3nz7PPj/OAuszwws1cbGc5BbrfveumJ+Z3kjWEmCWZrBm6Cicd9z5PdZBjIZqSzf+uCYHrkuXmfOO3vv2HkEUvjWwpaiscPEy2ZdyWB8ug7wwRCNyUdJqcG8MF0cWV12PHL43oHrSX859BGlvJYwc5jx+SriZ4TnqLTXhgdpJEVjktBdxqlu1bpgj7tjTv3bO7rZAMYIiPb844FOl/6e8wJ1beG+NX9CxjwKdAcjAril4KpjFXs+SlxgJrW2BSjpSw4OBur4Eef2R/7Uw8hBiSIKLqjVbEXeCUOQR+eWxjycwGnfCbXvgm3WMS9suhGKMNvtRw2wP4x05cV5qLOxRYWNgraR1nVHX0OD4Exgam1xnyDPxoMpRmukaMX7nn58x8/yn/0Bpr2zYL8Lt1kHDndyler9vqurnNi34Gfr8iBQF7E4NHMC7VlDofZH33pXGRo/GGoO8hjFRYs1uvFfHWDZJ2y/5BaMqGhCSXAbptzZQ6931aL8ajOXFztbvbj2GSfvos3atH7eHYLXUbOXKYOUKfmxi5N7qXmMAeuobH35hgyeTZiax9vjrbgJeDJk+Rewblp6vcvv7vYBHYFPcULQ5s5MtLjSvZ0a7MBCAsGs9fFvjEgDLfu94F2Mm0GN1/y39DybBnDD61TTqG47L6Y1HaOgUkeMV//j7zDaUGiqt+KoJJYUHbATjk/dHrSzmmTkIQ5KbxIOmCfjzRgVbSaf/Q+n/qDbgWPRi2KOXrIASTAfAW6Ev2X4qOwSavIvIf46qlZAQ1kbcOHPus/JilSZMUKWc3TQPX3/Kpod8UiFIMMbSkyWGnzIuLbSMmwwCfxXpf+NG4foo3UoaqZ31f3QAwhc6TgV2yovVXG/cixSvWc3nQqVuo/dJjhB5KkaeIxUfGNEIy0U9wpReew/ABNSbOrXcSszgg8BFw2Di3dKlvCB71S2FD/Z7zpPZjnu3H+bPtg2n/MNGT49kOVm7YY5I009Z3Vfjb1IOOzavIADPxKLe+Nz36BpjgBapCghhPgcblD7XzpOQJkvIZPCBmHQrpEeSVTwUPqu6NfPLBjwzKt1EBJPkZ1z3pYg4OPojSE1/fJqIQbha+t4Rtuips= X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: 65dc0c07-d4d1-4c8e-b50e-08d9ba1d18e5 X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4867.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2021 07:33:58.5544 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: YgQj1tM1dsHSkjoznf5SdwUjPumO3uNoWBZa71+Fc+tXmKehpksi0cV073R2STuhycaIDS5LyAopVc4rclQOcw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1535 X-Proofpoint-GUID: F9kglKKs1B1bPkZWKrE9srGbNgyT19nM X-Proofpoint-ORIG-GUID: F9kglKKs1B1bPkZWKrE9srGbNgyT19nM X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2021-12-08_02,2021-12-06_02,2021-12-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 phishscore=0 clxscore=1011 suspectscore=0 mlxlogscore=999 adultscore=0 lowpriorityscore=0 impostorscore=0 spamscore=0 mlxscore=0 bulkscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2112080050 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 08 Dec 2021 07:34:05 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto/message/55510 Add RDEPENDS on audit-python for selinux-python-semanage. Fixes: $ semanage fcontext -a -t user_home_t "/web(/.*)?" Traceback (most recent call last): File "/usr/sbin/semanage", line 975, in do_parser() File "/usr/sbin/semanage", line 947, in do_parser args.func(args) File "/usr/sbin/semanage", line 329, in handleFcontext OBJECT.add(args.file_spec, args.type, args.ftype, args.range, args.seuser) File "/usr/lib/python3.9/site-packages/seobject.py", line 2485, in add self.__add(target, type, ftype, serange, seuser) File "/usr/lib/python3.9/site-packages/seobject.py", line 2481, in __add self.mylog.log_change("resrc=fcontext op=add %s ftype=%s tcontext=%s:%s:%s:%s" % (audit.audit_encode_nv_string("tglob", target, 0), ftype_to_audit[ftype],) NameError: name 'audit' is not defined Signed-off-by: Yi Zhao --- recipes-security/selinux/selinux-python_3.2.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/recipes-security/selinux/selinux-python_3.2.bb b/recipes-security/selinux/selinux-python_3.2.bb index a954676..d130900 100644 --- a/recipes-security/selinux/selinux-python_3.2.bb +++ b/recipes-security/selinux/selinux-python_3.2.bb @@ -50,6 +50,7 @@ RDEPENDS:${BPN}-semanage += "\ python3-xml \ python3-misc \ libselinux-python \ + audit-python \ ${BPN} \ " RDEPENDS:${BPN}-sepolicy += "\ From patchwork Wed Dec 8 07:33:44 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi Zhao X-Patchwork-Id: 25 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 55C5EC433FE for ; Wed, 8 Dec 2021 07:34:05 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.web11.9185.1638948844704609217 for ; Tue, 07 Dec 2021 23:34:04 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=pps06212021 header.b=M+FFUUmL; spf=pass (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=7976a6fcf6=yi.zhao@windriver.com) Received: from pps.filterd (m0250809.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 1B87TdAa009076; Tue, 7 Dec 2021 23:34:03 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=from : to : subject : date : message-id : in-reply-to : references : content-transfer-encoding : content-type : mime-version; s=PPS06212021; bh=gAkM4mPGwqryZigwzLHSF/kBBCKla/vqC0RgLzvluFQ=; b=M+FFUUmL+FuSe0tkq96nx2SLzGu8DIxIUCnZP9OrzXbwE5KPW+kVXaCUbYtcAV0bTmDa CM8Ihj9+QwxJeg+qGNwtSLnv7xadO0FGR2H/oqZVEaHtdmsGek0srYH6Qs93Hv2u6Zcq ItLuJTScacv7wudh2eIV/+SsLONUCOpdKmY3yBvLV6eoPQz7wUWh6ciYEZjPnt8zF6BL V6N5Alqne9JzhWkWyMEB8HrXMooB4S+q7vC9svQE/fEbX7tmnq3cPFsqwyg7hIxfWhse aqZl3mYi7XQqY4L6pRR5xzZUGDypOgOUdsPhv5Mq6cfj98Vzijb6BzqmXtl/kWKfPmvW JQ== Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2105.outbound.protection.outlook.com [104.47.58.105]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 3ctfxvr9us-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 07 Dec 2021 23:34:03 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=V+JO+349lDV6Vh8FHinmTSp34FefrOAA2fW7I8W1V1O7XfwzsXcEfljhm3yqz+3Tp47HZQxnAATqMqdfDhk0xwjQtN+n0ZEF32P4sLVQMWla+2eGnHALQClSxy2HLRdW6yvK4UXKNwzkjSpBVdXL/UHOrYI3ogZ5jSGNcfTyRgOb36WpISIDL/qETt/jmdIuFpa+24UexGYpm94JHEzt+XJTWWx5nWTBQl3aOP45uSCTi74QEaTZh4Q/uf1mjwEeCpINLRBrKHfBgsnkLdmZa2b3QX6ykRWssppz+DgbAIEJLtarepzeVnodLu5qbJt7NZ1VRx8XCWwzc+JH2tw/YQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gAkM4mPGwqryZigwzLHSF/kBBCKla/vqC0RgLzvluFQ=; b=mKrNK3WEc6CGWSeOQNVmhCeOG7PwQalbH4oQSPv0CtyOrc+lC5dXgLUd1Pu6z4uWofEKx648raHbIokypbG8f2hxhf+hssJK22HcYfhEya6dUoAm49V0D+h/MF7tRYL7F0Z6RmpjOL+NwwMJtxlSvhvg3Zh5BPDtDeoDc+ljtmWUN+li2RXDuX7gThtIBCf/NooTRB25+x5DKDjx3f/V+U9BJDZPQI6kKAQx9tIUYdXJ7iAAI5UcI8wBMrdxzW3ZDc0AR4yOhyGcpgwmgjQYjbn4wlcpANdO7d49rR7Y/u+GAEjgCmsk980fvLHHN1i+XWhYk9XxK9S7nMU1Hf7qxQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from CO1PR11MB4867.namprd11.prod.outlook.com (2603:10b6:303:9a::13) by MWHPR11MB1262.namprd11.prod.outlook.com (2603:10b6:300:29::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.11; Wed, 8 Dec 2021 07:34:00 +0000 Received: from CO1PR11MB4867.namprd11.prod.outlook.com ([fe80::8962:26c6:20fe:eaa4]) by CO1PR11MB4867.namprd11.prod.outlook.com ([fe80::8962:26c6:20fe:eaa4%6]) with mapi id 15.20.4755.022; Wed, 8 Dec 2021 07:34:00 +0000 From: Yi Zhao To: yocto@lists.yoctoproject.org, joe_macdonald@mentor.com, joe@deserted.net Subject: [meta-selinux][PATCH 2/3] selinux: move selinux scripts to selinux-scripts Date: Wed, 8 Dec 2021 15:33:44 +0800 Message-Id: <20211208073345.38198-2-yi.zhao@windriver.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211208073345.38198-1-yi.zhao@windriver.com> References: <20211208073345.38198-1-yi.zhao@windriver.com> X-ClientProxiedBy: HK2PR04CA0086.apcprd04.prod.outlook.com (2603:1096:202:15::30) To CO1PR11MB4867.namprd11.prod.outlook.com (2603:10b6:303:9a::13) MIME-Version: 1.0 Received: from pek-yzhao1-d1.wrs.com (60.247.85.82) by HK2PR04CA0086.apcprd04.prod.outlook.com (2603:1096:202:15::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.17 via Frontend Transport; Wed, 8 Dec 2021 07:33:58 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 610bad16-e86f-4efc-0a58-08d9ba1d19be X-MS-TrafficTypeDiagnostic: MWHPR11MB1262:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4714; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: P+f1pT3Is4sbSQ+5jIpmhBcWxXQ1M1ItXP5Xp3LoulvvlRSINVWmeJZ48fy/I9MTanMIgLbzujnwexTQqlnHx1dB/c/6OJRxNfSzUN2r5XfR7iTnsLEl51t/2cATfME8Jn+PluGIQ73Pm0RJIq+cSFCNaRaPCAEai8KthdxUDAED3EArzu1xV9ryMmgA4d3E/AHyjscmzK2tnaz92O/oGAmMqyUruMHUBtVec9TWDemMnE7xvK8EqKvuYys9Zbh0RwDKsk24r+eSccNzhg5h80AJeaHoc4hhmpspC2sYNuIujmGhG0LmJGaz5mB8KtbjqOQnWIu+ai8/lPBLAqp9Z1msCwgitunHLcTGvfiib0QQmEOmNC0GaPi14BMuKE8WNx1vxcxdXePrLG0OoOtokFz6pu5Kf+nOu8m53uXGHClpQD499hJpad6onMwWwBiRFnBrK2pUV5V5DDpYIICTm2880yr61ft43NuOYsDnsh6oJFCRSBun98lRzMphff7ogneqGjC+4MljFLPK/OxmwXUDArPnFbbnBHrCXrExevoVDuqMg3wZSntiyBlho4KnrE/QC9ZFtqjjt2FOProjvdL+O/48B4C/9QCYmCR6fasF5eYJG1rzwJmFGlV6wgI8IDd7JbbIyKyNhtd5l886A1Got87doovCC/OoFoZJD0FCdjl/MZpOxIhofwKr6b7vCjaSN368I6sejhh9JhZ4363uKiIyIQ9NhChsuQYykJs= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO1PR11MB4867.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(44832011)(36756003)(38100700002)(38350700002)(6486002)(86362001)(5660300002)(186003)(66476007)(8676002)(66556008)(6666004)(6506007)(316002)(66946007)(508600001)(8936002)(6512007)(2906002)(1076003)(26005)(52116002)(2616005)(956004)(83380400001)(72063004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: dbZQXrHPkizyfj+yhCtAvVVLby4/WCtLmdR8Vs9zSb6PiAMd2sw/lxCvR9BPKERTz3lYF+0I1SNYWNbe/b+FVsyyaQ7fJ8q+u2ActWEgIhIA6xmmlObXOFYIuAhUI4Wo6mJubB52CCtrVCyd4uMAlYNp4dVHKjRKT7CYPmcLPgh2SBvyBjQubpwKTMoylFuBFV42vDv+KMAdhBSbPEfzUv7eBcBgWATBsZ0NiPA5gCGKn1zDyx9lzFdhNqqbgcaT8OqSTe9oU7lbQrBEAtW2lpYvyZ1m1qi/Tga4hztLUnv7oTUJ34wZAXkcwchx97viQewJfbfaKyf7TDFmExzql3J4csFYZLAqXpbWPtVRZjh/cG03GUZBwbRfWbb1uNJQ/O4E/oA/XETscF8gbuLfvxwwmQ6BtpLL3acdSsh4lC1eyyZY1hhA2TLZSAChRZ8UD4dMzAqcGazBWvtk7W0S34GTYvVljQc+UdGZ7PB9uhLSYgRkIeF8iepROHn/qXXn8m/YhQenmZVhgDbN7BAZcTy5r+Pc868wr678wfH3nkdf7oJXhD+BQocvOE20+bd7FKXPssLYbuJEmHaJqWvlWCQb33kP4r2fYjihD1Uv+gfllBTPdkb0sXzHBpJoYbsNSeWOmmleLwX+smjmPL9MGn0V3+ig2jpXQim7z6RaUBwehqruks3Rm85WFVMAGd8vuyyCjZyBYIt+tCYrh5bQ75bNerjCYan0AzT0XgGDQkr9ISgL3+92yu2zu985b+9T3L0XE5smR+/pgKIiUw+vlBY6oxCTT9PgjiZUandleWbGlElB4y0Zg43xA0WEKvQ9yeGU+G2DrIfpyajZiFWEwpTO2WkbYDuLpUAxejg7o6cM/ipmmxQiigFoCBbYTtwFVpalIduFFrcT1EMg/zXhe3G0DycjCAMtKqZj1Y9PloXD5E78P4kxA8ukZIwNLY92vLrUbX2lyCnhedrddDo3vRWGr/6cIxCSPZl0TmD2f8oAPt6gj8gimc52v9BY7a0soWnf/5LXhZod+0UfUKOCfIUBY/ZBv/gwNF8a6QNgpycEu1JXTt0JmvQGB4fFjGdNiOHnhABdfbsg6iN5YJo4EEw46DTVboJvceu3DmGPdFs7uCZi36h+X5M2q0Wrz19zvuoG0sSZ/Njykij1755B97XS/enDod1954ljDsI2VMGe1+qKkUWt0mojBuS6kxMvnEB+Wg73xX9J2D0p3q9JMDz/Zalklj4/97ruXquqE9K43J0VETcG8fHF6BDs9b7xtDv4L6x3QQVFZRlAi7m7K1PHgMf5CLyTx64bE8kKR7FfRur+BjHcnpgrYllPrM3YTZQ4H8L6GFnDPzaozHGdMrF343aranoKQibPBWcYuozYRFK+Fc/FJj6uG7595hzrezpKUhyZMxRVFVeMavikx7oDCAX3Pi6SiKIyECip9I0aGO3dRUgmzsm4ic46KVaqxO8oQCTGPxqviMHZWv1U9fXBV1lmcC75ioXVA1v/r1kBgUonKXyY1krWfn/4Ef3apwOa6RVUKIB+TiTJSFImnwmxph5xCtdOZYVwJuFWBi/rylxpCuf23dPfsiOJU0e/9Ktrx01w3l48XLjBcQMf2OEXhjMNsgL7KQ2jYagecsg= X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: 610bad16-e86f-4efc-0a58-08d9ba1d19be X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4867.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2021 07:34:00.1006 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: orn44pXp8sCgMObr4oRK2Dd0I0418zjuphc9E1jMh2bIKqAi7CSR7oePu1h7g2YSl32/sYHBdM4TvcC85qvHcA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1262 X-Proofpoint-ORIG-GUID: jDfk5cw3cfwgpFdhUMELsGXOr-ZHFHs9 X-Proofpoint-GUID: jDfk5cw3cfwgpFdhUMELsGXOr-ZHFHs9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2021-12-08_02,2021-12-06_02,2021-12-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 malwarescore=0 impostorscore=0 mlxlogscore=905 adultscore=0 priorityscore=1501 suspectscore=0 clxscore=1015 bulkscore=0 spamscore=0 phishscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2112080050 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 08 Dec 2021 07:34:05 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto/message/55511 There are too many recipes in recipes-security/selinux. Keep the selinux userspace recipes and move selinux scripts to selinux-scripts directory to make the directory hierarchy clearer. Signed-off-by: Yi Zhao --- .../selinux-autorelabel/selinux-autorelabel.service | 0 .../selinux-autorelabel/selinux-autorelabel.sh | 0 .../{selinux => selinux-scripts}/selinux-autorelabel_0.1.bb | 0 .../selinux-init/selinux-init.service | 0 .../{selinux => selinux-scripts}/selinux-init/selinux-init.sh | 0 .../selinux-init/selinux-init.sh.sysvinit | 0 recipes-security/{selinux => selinux-scripts}/selinux-init_0.1.bb | 0 recipes-security/{selinux => selinux-scripts}/selinux-initsh.inc | 0 .../selinux-labeldev/selinux-labeldev.service | 0 .../selinux-labeldev/selinux-labeldev.sh | 0 .../{selinux => selinux-scripts}/selinux-labeldev_0.1.bb | 0 11 files changed, 0 insertions(+), 0 deletions(-) rename recipes-security/{selinux => selinux-scripts}/selinux-autorelabel/selinux-autorelabel.service (100%) rename recipes-security/{selinux => selinux-scripts}/selinux-autorelabel/selinux-autorelabel.sh (100%) rename recipes-security/{selinux => selinux-scripts}/selinux-autorelabel_0.1.bb (100%) rename recipes-security/{selinux => selinux-scripts}/selinux-init/selinux-init.service (100%) rename recipes-security/{selinux => selinux-scripts}/selinux-init/selinux-init.sh (100%) rename recipes-security/{selinux => selinux-scripts}/selinux-init/selinux-init.sh.sysvinit (100%) rename recipes-security/{selinux => selinux-scripts}/selinux-init_0.1.bb (100%) rename recipes-security/{selinux => selinux-scripts}/selinux-initsh.inc (100%) rename recipes-security/{selinux => selinux-scripts}/selinux-labeldev/selinux-labeldev.service (100%) rename recipes-security/{selinux => selinux-scripts}/selinux-labeldev/selinux-labeldev.sh (100%) rename recipes-security/{selinux => selinux-scripts}/selinux-labeldev_0.1.bb (100%) diff --git a/recipes-security/selinux/selinux-autorelabel/selinux-autorelabel.service b/recipes-security/selinux-scripts/selinux-autorelabel/selinux-autorelabel.service similarity index 100% rename from recipes-security/selinux/selinux-autorelabel/selinux-autorelabel.service rename to recipes-security/selinux-scripts/selinux-autorelabel/selinux-autorelabel.service diff --git a/recipes-security/selinux/selinux-autorelabel/selinux-autorelabel.sh b/recipes-security/selinux-scripts/selinux-autorelabel/selinux-autorelabel.sh similarity index 100% rename from recipes-security/selinux/selinux-autorelabel/selinux-autorelabel.sh rename to recipes-security/selinux-scripts/selinux-autorelabel/selinux-autorelabel.sh diff --git a/recipes-security/selinux/selinux-autorelabel_0.1.bb b/recipes-security/selinux-scripts/selinux-autorelabel_0.1.bb similarity index 100% rename from recipes-security/selinux/selinux-autorelabel_0.1.bb rename to recipes-security/selinux-scripts/selinux-autorelabel_0.1.bb diff --git a/recipes-security/selinux/selinux-init/selinux-init.service b/recipes-security/selinux-scripts/selinux-init/selinux-init.service similarity index 100% rename from recipes-security/selinux/selinux-init/selinux-init.service rename to recipes-security/selinux-scripts/selinux-init/selinux-init.service diff --git a/recipes-security/selinux/selinux-init/selinux-init.sh b/recipes-security/selinux-scripts/selinux-init/selinux-init.sh similarity index 100% rename from recipes-security/selinux/selinux-init/selinux-init.sh rename to recipes-security/selinux-scripts/selinux-init/selinux-init.sh diff --git a/recipes-security/selinux/selinux-init/selinux-init.sh.sysvinit b/recipes-security/selinux-scripts/selinux-init/selinux-init.sh.sysvinit similarity index 100% rename from recipes-security/selinux/selinux-init/selinux-init.sh.sysvinit rename to recipes-security/selinux-scripts/selinux-init/selinux-init.sh.sysvinit diff --git a/recipes-security/selinux/selinux-init_0.1.bb b/recipes-security/selinux-scripts/selinux-init_0.1.bb similarity index 100% rename from recipes-security/selinux/selinux-init_0.1.bb rename to recipes-security/selinux-scripts/selinux-init_0.1.bb diff --git a/recipes-security/selinux/selinux-initsh.inc b/recipes-security/selinux-scripts/selinux-initsh.inc similarity index 100% rename from recipes-security/selinux/selinux-initsh.inc rename to recipes-security/selinux-scripts/selinux-initsh.inc diff --git a/recipes-security/selinux/selinux-labeldev/selinux-labeldev.service b/recipes-security/selinux-scripts/selinux-labeldev/selinux-labeldev.service similarity index 100% rename from recipes-security/selinux/selinux-labeldev/selinux-labeldev.service rename to recipes-security/selinux-scripts/selinux-labeldev/selinux-labeldev.service diff --git a/recipes-security/selinux/selinux-labeldev/selinux-labeldev.sh b/recipes-security/selinux-scripts/selinux-labeldev/selinux-labeldev.sh similarity index 100% rename from recipes-security/selinux/selinux-labeldev/selinux-labeldev.sh rename to recipes-security/selinux-scripts/selinux-labeldev/selinux-labeldev.sh diff --git a/recipes-security/selinux/selinux-labeldev_0.1.bb b/recipes-security/selinux-scripts/selinux-labeldev_0.1.bb similarity index 100% rename from recipes-security/selinux/selinux-labeldev_0.1.bb rename to recipes-security/selinux-scripts/selinux-labeldev_0.1.bb From patchwork Wed Dec 8 07:33:45 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi Zhao X-Patchwork-Id: 26 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2ACB5C433F5 for ; Wed, 8 Dec 2021 07:34:06 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.web12.9157.1638948845391134820 for ; Tue, 07 Dec 2021 23:34:05 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=pps06212021 header.b=d08iU0sr; spf=pass (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=7976a6fcf6=yi.zhao@windriver.com) Received: from pps.filterd (m0250809.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 1B87TdAb009076; Tue, 7 Dec 2021 23:34:04 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=from : to : subject : date : message-id : in-reply-to : references : content-transfer-encoding : content-type : mime-version; s=PPS06212021; bh=EhCC1F7zsFPIomM0Uqs1YTIc83urbPMEmWLg6B7ZeSw=; b=d08iU0sruAWM6BufneGsstoit4jVDXZO3FTZSrpqKHQUEp/0T6UpMpxgHrd7PMAiLyvM gtoE2BXdAP1S+anFWbT9uHeUtNS2e5aXRCpxb3z5GPbSzaOaJfo/XisZBH92J4TuXFza PDPpBPVKaXaGCBlrgJBTcjRJPYDlWESLjIMidQPXzUi5+vZDHhppdT5r+7+5puGJsLlE GMYlFbjGXDtfdy2JMCFY49qXVcj6fYCm/TzkXCaN939XvLbT7XksKZ4CIvgK9tTloNH6 DH1q0g9l+isyJZdDm1kEY6Z0slcgNcAFOV1H2aF9fu+W+i3Zm6nF/6/2/tVVSxwpfsx8 /A== Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2105.outbound.protection.outlook.com [104.47.58.105]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 3ctfxvr9us-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 07 Dec 2021 23:34:03 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BT88sYoGJN3MGYEynDgVFozodNFaBO7APPuClBwqX1jV9zrKwTa5GXMlbdk5GaWtTWHNRrEvXEx1UkDkfo2Mv7x3U6Xeg/I4VuDtzhjHquLFUdOWfORt0/alnK+2UPzxZxvCQlKBxD6BX5g5gKt0WXnF8RxkiI1f9B2XFg6ATwXIVH6bqgJhkDncyoPkvDoaklDI5hYDH1o1xIZFbjExZBV//Pz+viGNHthNAjBAljlsnqJAFmDwEzTwOyk7jgQBNmDjJELXrV8fDsXoWtYj5//LpbZC66VpuApum+NnBMmvbKEy999pSF2EA6FQo4tPopIyuqcMpK9bI7hasWwnXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EhCC1F7zsFPIomM0Uqs1YTIc83urbPMEmWLg6B7ZeSw=; b=IvYe25T18xzxF6yZF37mBodrSu3QirKhA47y5Y03BpIpWAnG1wGE/9wocvfpg7aAn5h9lJhJfgJ6UOPAQFKq+sdOHxxyZ6H4SA4fpIEt3JwmOTSSI42eOHlX0nGx+wGF97pDWvIPWL0IZ8wzPJiA81bLVf2FL6h8+YIGLulsWygqbcT4f9ExuAEMvGrWjxg1MpvWJRqvrU70sqwU005mT6hT+5C9rag9rADJ1rXULzXofyi3WV6vSB14z6gu3jxhQbLjJWjx6w3bWjEGBO6J/xhiVHGPM8FwjZhfz4vSmmjS4yHFujDS+WB0tyCtEgz+ny0/zmgvpf8uJuYoifVbzA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from CO1PR11MB4867.namprd11.prod.outlook.com (2603:10b6:303:9a::13) by MWHPR11MB1262.namprd11.prod.outlook.com (2603:10b6:300:29::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.11; Wed, 8 Dec 2021 07:34:01 +0000 Received: from CO1PR11MB4867.namprd11.prod.outlook.com ([fe80::8962:26c6:20fe:eaa4]) by CO1PR11MB4867.namprd11.prod.outlook.com ([fe80::8962:26c6:20fe:eaa4%6]) with mapi id 15.20.4755.022; Wed, 8 Dec 2021 07:34:01 +0000 From: Yi Zhao To: yocto@lists.yoctoproject.org, joe_macdonald@mentor.com, joe@deserted.net Subject: [meta-selinux][PATCH 3/3] selinux: upgrade 3.2 -> 3.3 Date: Wed, 8 Dec 2021 15:33:45 +0800 Message-Id: <20211208073345.38198-3-yi.zhao@windriver.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211208073345.38198-1-yi.zhao@windriver.com> References: <20211208073345.38198-1-yi.zhao@windriver.com> X-ClientProxiedBy: HK2PR04CA0086.apcprd04.prod.outlook.com (2603:1096:202:15::30) To CO1PR11MB4867.namprd11.prod.outlook.com (2603:10b6:303:9a::13) MIME-Version: 1.0 Received: from pek-yzhao1-d1.wrs.com (60.247.85.82) by HK2PR04CA0086.apcprd04.prod.outlook.com (2603:1096:202:15::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.17 via Frontend Transport; Wed, 8 Dec 2021 07:34:00 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ad657b75-b2a6-4a90-6ce9-08d9ba1d1a9e X-MS-TrafficTypeDiagnostic: MWHPR11MB1262:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: IPibMWMoM/2SQBL7/xt6Wrrc9qqe8q6iTALwiD05kebQHgC1mfouvNv+Iyi4Rom3OXY+Nw+Z8XTRueaxZNG3ya5mTG+6dmY9fQqZZnfagauBvv5vzJTN/Nsrr7YurFv0yoyU6t9kT+oERCmyxrzLDfDZnJ3AxDZwCgmG2S552cjgpSsgXhPnQLXQMRhib8EcNqdwmILILUnco1/oFxR6BoS8LURs5nZwKECdfY2oBH0Po2osCmxSb9SxdFihMgtqLrQM7wc5usPzW8zME7cQmCiTBC5S9vRMfyrFAbmvAYJnJawUqPCCSm8v8UmUaY/SijPWun/x8yOTrkRX4KsSiykg+Jap9CBByTzMGPldysmRLl34CkX6BFCDIlpn7gWTzHSGezRdRfiGC9pu44yUJiZfKPFnwdf017e4bLEoxLzv1ptvdCll62168BjX/V94tupqgv6KgJWK1wAv2FGQ7nyvGk4J7ccPGR3sb0IxxAbYeKud4YvtwiHEPE99kcgwSF0Q+hcoZ93Fv/ua8yZCV69ofOC4i/1+DI2DEp4dwkNtZ/4o9ol3PBzn8WFPD6yrtYQ43eBT47V/pPWH5S3Ai0lYlKIwkKSXXDHPOz5p/g5gL2+LRzfeKoU9k40L5TFtl6po6wTM4fA9ijV3ZLucGlehbYxhYIKcUXaxWrh3WJ/GKbr1H7bcHyNfV9d673w8fGk/BYIrxsOS+QPcnNV3tn++1+879iQcBo8ZMXWlDD+FdoPoTW6Jr/JNmqnyWg5iKrHei1Blsdws9MZJcnsWg59Zaqjbj6ivNioMx49atFiRp8Pw+Z4kIOL3LWdt/KSYh0fL++k1AoG3jj1A6GXn5g== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO1PR11MB4867.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(44832011)(36756003)(38100700002)(38350700002)(84970400001)(6486002)(86362001)(5660300002)(186003)(66476007)(8676002)(66556008)(6666004)(6506007)(316002)(66946007)(508600001)(8936002)(30864003)(966005)(6512007)(2906002)(1076003)(26005)(52116002)(2616005)(956004)(83380400001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: iaWZVFbf7mnlV9wqm4cgxARuXanlV7gRip0WkSUmxVDOQmP4WSZ7gWs3jdXDAx+JdhP3L5BkGR//tsainvx248v1nWvKiIPota6kDdKL/wMgcBibyTKbsYNnEDChDYd7nzIKuF98+hFg+6U6I2DdRBEw0hApikLJNPU2ewQi+alT99akI8ruGK9ywaLX564AhrO61JdGlWH/JWgXH4aPZctq+KWTBR0KrDE/QiRI36EqDbiF+OLjU6rSsyzhEFcgdBuqTwp1CY5sC287VpY6Nq85xVLQM7lKfxiufXz6VirppRdwEGBkivD3l8IRRTfRTG6OrkA/3p8iU7LZGIzxnxIJjeIyKGLFpZPLyuHsje66DJiidphvRqMfP0x37iC3aQEZtsq4tScZ4iESbogVBqfAvTCljLYwX2Z6LFHpeuFvyNKPlnv2uFZZ0V2RKi1tQlsLU5ASx5uW+TC+rjwTzJCxSfN0YjHxb1GJXyh+ZRNZjqSHfgo5v3j+HIESk23ga5v4CI91T9Mr/n6DzeYuPwwvriRdLpi2kJEi36C6jn3EGs5aMyHgqTeh//POf9Cr0J2219fU9oYv8T5MmjozHW81JtNaRHzAZld7ssXW6LniVbZeJj6c7n0W8+khBh0BTN6r256dbq4PRXzUPXac1k3Bo5YmfMq2cGOwTOJJ7H39AOTSsupOG7v8DDZbITGGeXQQiPrhk3eEMc7pYUBtokfC4h6YJzYcRvP+XzUMKqYylOj3tY+kvswlEMJWKOL896RbBstRD3BMHjZf7V8NeXUV/Jvb0Oq45wZOhwY9hxB2ImmfpXnHpyxzLxoBlTjs3/xi4jDzOdec04Zp5kqmuzDyTeAqS7UhdPuWe8DOgmQhOdlk7YuwX3azmIoHfe19aiuAj3PgoDlAGzqK7rV841J7syFgpV6l23jKP5UXfUjrCEV1YUWpZR06kV8p+VMRRyLJGK6AUPEkPCDgEgf0JCiIA+O10uf+ainPAYD2s2eyahxQfuchDx7LnoscZqb7XwziTYp860imHvyNTUsQad0lSkBm30vIvQVyustyPAP/veeEn7ceZ0lPGznMZFgHVZkSaIXq6zYnxQHkSCH6ntgFgJaGwq8h26Md5Xnh499XgH/VTmLRovuTbecvoJZIHLztPae/we8t3Ggo+fzlQpAoSOEJuDpxuTWyEQK7PguMv/CS7vwRl6cl1jCO71UsYgKfDvGfrkR4geEoEqWlRnxgQKTBSJz92dFfTSuNZVUoNTmx/wP1d/iSOAJFfME+xwNAHy96bWhPWfBCuxeyhkG9CKwN6nxhdVPjHtIYaq8ShThsJUCqCwiiQXPHmydIg4ildE4QOlQpvD6OpgYzPhJoN/5wgUesFFiy3Jv8L0hPlMhDF+2pJzbuZmHj8jU3aIsaAg0WMzqY/gsa50ad9NOOcAKKiwcbxlaxzuq5APd8cw0H1HHgzyn3QNdRSarWwDl053RfBrkmX53Zo9Ny4ti9sm6tsszx7E/6WYDS5bluaMixAlmp6CdduLDbarQMIRF/8XaSdvB8WP/IYdLzlfs4QRfavx5Mxx2CoLZoYO5jyPXVxhyToY4KUK+ZUz0z8abHdBs7kpCgFveApxRFe/rsbsFUh/W1rvDH0DHL2Gs= X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: ad657b75-b2a6-4a90-6ce9-08d9ba1d1a9e X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4867.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2021 07:34:01.5682 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: pjFuTRKwnZh5PFD1zL8OO7+avnfDSklK59Zx1vtZutxGcCvLB7VOmherrmq93MKG9Wg3LclAuxe5emy0eU3tsg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1262 X-Proofpoint-ORIG-GUID: G9F6oRahHotV44uLgz4hFb0hiILvuOrQ X-Proofpoint-GUID: G9F6oRahHotV44uLgz4hFb0hiILvuOrQ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2021-12-08_02,2021-12-06_02,2021-12-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 malwarescore=0 impostorscore=0 mlxlogscore=999 adultscore=0 priorityscore=1501 suspectscore=0 clxscore=1015 bulkscore=0 spamscore=0 phishscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2112080050 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 08 Dec 2021 07:34:06 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto/message/55512 Drop backport CVE patches. Signed-off-by: Yi Zhao --- ...{checkpolicy_3.2.bb => checkpolicy_3.3.bb} | 0 ...python_3.2.bb => libselinux-python_3.3.bb} | 0 .../{libselinux_3.2.bb => libselinux_3.3.bb} | 0 ...{libsemanage_3.2.bb => libsemanage_3.3.bb} | 0 .../selinux/libsepol/CVE-2021-36084.patch | 99 ------------- .../selinux/libsepol/CVE-2021-36085.patch | 38 ----- .../selinux/libsepol/CVE-2021-36086.patch | 46 ------ .../{libsepol_3.2.bb => libsepol_3.3.bb} | 4 - .../{mcstrans_3.2.bb => mcstrans_3.3.bb} | 0 ...oreutils_3.2.bb => policycoreutils_3.3.bb} | 0 ...{restorecond_3.2.bb => restorecond_3.3.bb} | 0 .../selinux/secilc/CVE-2021-36087.patch | 134 ------------------ .../selinux/{secilc_3.2.bb => secilc_3.3.bb} | 2 - ...elinux-dbus_3.2.bb => selinux-dbus_3.3.bb} | 0 ...{selinux-gui_3.2.bb => selinux-gui_3.3.bb} | 0 ...ux-python_3.2.bb => selinux-python_3.3.bb} | 0 ...-sandbox_3.2.bb => selinux-sandbox_3.3.bb} | 0 recipes-security/selinux/selinux_common.inc | 2 +- ...ule-utils_3.2.bb => semodule-utils_3.3.bb} | 0 19 files changed, 1 insertion(+), 324 deletions(-) rename recipes-security/selinux/{checkpolicy_3.2.bb => checkpolicy_3.3.bb} (100%) rename recipes-security/selinux/{libselinux-python_3.2.bb => libselinux-python_3.3.bb} (100%) rename recipes-security/selinux/{libselinux_3.2.bb => libselinux_3.3.bb} (100%) rename recipes-security/selinux/{libsemanage_3.2.bb => libsemanage_3.3.bb} (100%) delete mode 100644 recipes-security/selinux/libsepol/CVE-2021-36084.patch delete mode 100644 recipes-security/selinux/libsepol/CVE-2021-36085.patch delete mode 100644 recipes-security/selinux/libsepol/CVE-2021-36086.patch rename recipes-security/selinux/{libsepol_3.2.bb => libsepol_3.3.bb} (85%) rename recipes-security/selinux/{mcstrans_3.2.bb => mcstrans_3.3.bb} (100%) rename recipes-security/selinux/{policycoreutils_3.2.bb => policycoreutils_3.3.bb} (100%) rename recipes-security/selinux/{restorecond_3.2.bb => restorecond_3.3.bb} (100%) delete mode 100644 recipes-security/selinux/secilc/CVE-2021-36087.patch rename recipes-security/selinux/{secilc_3.2.bb => secilc_3.3.bb} (90%) rename recipes-security/selinux/{selinux-dbus_3.2.bb => selinux-dbus_3.3.bb} (100%) rename recipes-security/selinux/{selinux-gui_3.2.bb => selinux-gui_3.3.bb} (100%) rename recipes-security/selinux/{selinux-python_3.2.bb => selinux-python_3.3.bb} (100%) rename recipes-security/selinux/{selinux-sandbox_3.2.bb => selinux-sandbox_3.3.bb} (100%) rename recipes-security/selinux/{semodule-utils_3.2.bb => semodule-utils_3.3.bb} (100%) diff --git a/recipes-security/selinux/checkpolicy_3.2.bb b/recipes-security/selinux/checkpolicy_3.3.bb similarity index 100% rename from recipes-security/selinux/checkpolicy_3.2.bb rename to recipes-security/selinux/checkpolicy_3.3.bb diff --git a/recipes-security/selinux/libselinux-python_3.2.bb b/recipes-security/selinux/libselinux-python_3.3.bb similarity index 100% rename from recipes-security/selinux/libselinux-python_3.2.bb rename to recipes-security/selinux/libselinux-python_3.3.bb diff --git a/recipes-security/selinux/libselinux_3.2.bb b/recipes-security/selinux/libselinux_3.3.bb similarity index 100% rename from recipes-security/selinux/libselinux_3.2.bb rename to recipes-security/selinux/libselinux_3.3.bb diff --git a/recipes-security/selinux/libsemanage_3.2.bb b/recipes-security/selinux/libsemanage_3.3.bb similarity index 100% rename from recipes-security/selinux/libsemanage_3.2.bb rename to recipes-security/selinux/libsemanage_3.3.bb diff --git a/recipes-security/selinux/libsepol/CVE-2021-36084.patch b/recipes-security/selinux/libsepol/CVE-2021-36084.patch deleted file mode 100644 index 1001563..0000000 --- a/recipes-security/selinux/libsepol/CVE-2021-36084.patch +++ /dev/null @@ -1,99 +0,0 @@ -From f34d3d30c8325e4847a6b696fe7a3936a8a361f3 Mon Sep 17 00:00:00 2001 -From: James Carter -Date: Thu, 8 Apr 2021 13:32:01 -0400 -Subject: [PATCH] libsepol/cil: Destroy classperms list when resetting - classpermission - -Nicolas Iooss reports: - A few months ago, OSS-Fuzz found a crash in the CIL compiler, which - got reported as - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28648 (the title - is misleading, or is caused by another issue that conflicts with the - one I report in this message). Here is a minimized CIL policy which - reproduces the issue: - - (class CLASS (PERM)) - (classorder (CLASS)) - (sid SID) - (sidorder (SID)) - (user USER) - (role ROLE) - (type TYPE) - (category CAT) - (categoryorder (CAT)) - (sensitivity SENS) - (sensitivityorder (SENS)) - (sensitivitycategory SENS (CAT)) - (allow TYPE self (CLASS (PERM))) - (roletype ROLE TYPE) - (userrole USER ROLE) - (userlevel USER (SENS)) - (userrange USER ((SENS)(SENS (CAT)))) - (sidcontext SID (USER ROLE TYPE ((SENS)(SENS)))) - - (classpermission CLAPERM) - - (optional OPT - (roletype nonexistingrole nonexistingtype) - (classpermissionset CLAPERM (CLASS (PERM))) - ) - - The CIL policy fuzzer (which mimics secilc built with clang Address - Sanitizer) reports: - - ==36541==ERROR: AddressSanitizer: heap-use-after-free on address - 0x603000004f98 at pc 0x56445134c842 bp 0x7ffe2a256590 sp - 0x7ffe2a256588 - READ of size 8 at 0x603000004f98 thread T0 - #0 0x56445134c841 in __cil_verify_classperms - /selinux/libsepol/src/../cil/src/cil_verify.c:1620:8 - #1 0x56445134a43e in __cil_verify_classpermission - /selinux/libsepol/src/../cil/src/cil_verify.c:1650:9 - #2 0x56445134a43e in __cil_pre_verify_helper - /selinux/libsepol/src/../cil/src/cil_verify.c:1715:8 - #3 0x5644513225ac in cil_tree_walk_core - /selinux/libsepol/src/../cil/src/cil_tree.c:272:9 - #4 0x564451322ab1 in cil_tree_walk - /selinux/libsepol/src/../cil/src/cil_tree.c:316:7 - #5 0x5644513226af in cil_tree_walk_core - /selinux/libsepol/src/../cil/src/cil_tree.c:284:9 - #6 0x564451322ab1 in cil_tree_walk - /selinux/libsepol/src/../cil/src/cil_tree.c:316:7 - #7 0x5644512b88fd in cil_pre_verify - /selinux/libsepol/src/../cil/src/cil_post.c:2510:7 - #8 0x5644512b88fd in cil_post_process - /selinux/libsepol/src/../cil/src/cil_post.c:2524:7 - #9 0x5644511856ff in cil_compile - /selinux/libsepol/src/../cil/src/cil.c:564:7 - -The classperms list of a classpermission rule is created and filled -in when classpermissionset rules are processed, so it doesn't own any -part of the list and shouldn't retain any of it when it is reset. - -Destroy the classperms list (without destroying the data in it) when -resetting a classpermission rule. - -Reported-by: Nicolas Iooss -Signed-off-by: James Carter - -Upstream-Status: Backport -CVE: CVE-2021-36084 -Signed-off-by: Armin Kuster - ---- - libsepol/cil/src/cil_reset_ast.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: libsepol-3.0/cil/src/cil_reset_ast.c -=================================================================== ---- libsepol-3.0.orig/cil/src/cil_reset_ast.c -+++ libsepol-3.0/cil/src/cil_reset_ast.c -@@ -52,7 +52,7 @@ static void cil_reset_classpermission(st - return; - } - -- cil_reset_classperms_list(cp->classperms); -+ cil_list_destroy(&cp->classperms, CIL_FALSE); - } - - static void cil_reset_classperms_set(struct cil_classperms_set *cp_set) diff --git a/recipes-security/selinux/libsepol/CVE-2021-36085.patch b/recipes-security/selinux/libsepol/CVE-2021-36085.patch deleted file mode 100644 index 4bd05eb..0000000 --- a/recipes-security/selinux/libsepol/CVE-2021-36085.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 2d35fcc7e9e976a2346b1de20e54f8663e8a6cba Mon Sep 17 00:00:00 2001 -From: James Carter -Date: Thu, 8 Apr 2021 13:32:04 -0400 -Subject: [PATCH] libsepol/cil: Destroy classperm list when resetting map perms - -Map perms share the same struct as regular perms, but only the -map perms use the classperms field. This field is a pointer to a -list of classperms that is created and added to when resolving -classmapping rules, so the map permission doesn't own any of the -data in the list and this list should be destroyed when the AST is -reset. - -When resetting a perm, destroy the classperms list without destroying -the data in the list. - -Signed-off-by: James Carter - -Upstream-Status: Backport -CVE: CVE-2021-36085 -Signed-off-by: Armin Kuster - ---- - libsepol/cil/src/cil_reset_ast.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: libsepol-3.0/cil/src/cil_reset_ast.c -=================================================================== ---- libsepol-3.0.orig/cil/src/cil_reset_ast.c -+++ libsepol-3.0/cil/src/cil_reset_ast.c -@@ -34,7 +34,7 @@ static void cil_reset_class(struct cil_c - - static void cil_reset_perm(struct cil_perm *perm) - { -- cil_reset_classperms_list(perm->classperms); -+ cil_list_destroy(&perm->classperms, CIL_FALSE); - } - - static inline void cil_reset_classperms(struct cil_classperms *cp) diff --git a/recipes-security/selinux/libsepol/CVE-2021-36086.patch b/recipes-security/selinux/libsepol/CVE-2021-36086.patch deleted file mode 100644 index 7a2d616..0000000 --- a/recipes-security/selinux/libsepol/CVE-2021-36086.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 49f9aa2a460fc95f04c99b44f4dd0d22e2f0e5ee Mon Sep 17 00:00:00 2001 -From: James Carter -Date: Thu, 8 Apr 2021 13:32:06 -0400 -Subject: [PATCH] libsepol/cil: cil_reset_classperms_set() should not reset - classpermission - -In struct cil_classperms_set, the set field is a pointer to a -struct cil_classpermission which is looked up in the symbol table. -Since the cil_classperms_set does not create the cil_classpermission, -it should not reset it. - -Set the set field to NULL instead of resetting the classpermission -that it points to. - -Signed-off-by: James Carter - -Upstream-Status: Backport -[https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8] - -CVE: CVE-2021-36086 - -Signed-off-by: Yi Zhao ---- - cil/src/cil_reset_ast.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/cil/src/cil_reset_ast.c b/cil/src/cil_reset_ast.c -index 89f91e5..1d9ca70 100644 ---- a/cil/src/cil_reset_ast.c -+++ b/cil/src/cil_reset_ast.c -@@ -59,7 +59,11 @@ static void cil_reset_classpermission(struct cil_classpermission *cp) - - static void cil_reset_classperms_set(struct cil_classperms_set *cp_set) - { -- cil_reset_classpermission(cp_set->set); -+ if (cp_set == NULL) { -+ return; -+ } -+ -+ cp_set->set = NULL; - } - - static inline void cil_reset_classperms_list(struct cil_list *cp_list) --- -2.17.1 - diff --git a/recipes-security/selinux/libsepol_3.2.bb b/recipes-security/selinux/libsepol_3.3.bb similarity index 85% rename from recipes-security/selinux/libsepol_3.2.bb rename to recipes-security/selinux/libsepol_3.3.bb index 192f1b3..48d5f49 100644 --- a/recipes-security/selinux/libsepol_3.2.bb +++ b/recipes-security/selinux/libsepol_3.3.bb @@ -9,10 +9,6 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343" require selinux_common.inc -SRC_URI += "file://CVE-2021-36084.patch \ - file://CVE-2021-36085.patch \ - file://CVE-2021-36086.patch " - inherit lib_package S = "${WORKDIR}/git/libsepol" diff --git a/recipes-security/selinux/mcstrans_3.2.bb b/recipes-security/selinux/mcstrans_3.3.bb similarity index 100% rename from recipes-security/selinux/mcstrans_3.2.bb rename to recipes-security/selinux/mcstrans_3.3.bb diff --git a/recipes-security/selinux/policycoreutils_3.2.bb b/recipes-security/selinux/policycoreutils_3.3.bb similarity index 100% rename from recipes-security/selinux/policycoreutils_3.2.bb rename to recipes-security/selinux/policycoreutils_3.3.bb diff --git a/recipes-security/selinux/restorecond_3.2.bb b/recipes-security/selinux/restorecond_3.3.bb similarity index 100% rename from recipes-security/selinux/restorecond_3.2.bb rename to recipes-security/selinux/restorecond_3.3.bb diff --git a/recipes-security/selinux/secilc/CVE-2021-36087.patch b/recipes-security/selinux/secilc/CVE-2021-36087.patch deleted file mode 100644 index 5410477..0000000 --- a/recipes-security/selinux/secilc/CVE-2021-36087.patch +++ /dev/null @@ -1,134 +0,0 @@ -From bad0a746e9f4cf260dedba5828d9645d50176aac Mon Sep 17 00:00:00 2001 -From: James Carter -Date: Mon, 19 Apr 2021 09:06:15 -0400 -Subject: [PATCH] secilc/docs: Update the CIL documentation for various blocks - -Update the documentation for macros, booleans, booleanifs, tunables, -tunableifs, blocks, blockabstracts, blockinherits, and optionals to -tell where these statements can be used and, for those that have -blocks, what statements are not allowed in them. - -Signed-off-by: James Carter - -Upstream-Status: Backport -CVE: CVE-2021-36087 -Signed-off-by: Armin Kuster - ---- - docs/cil_call_macro_statements.md | 2 ++ - docs/cil_conditional_statements.md | 6 +++++ - docs/cil_container_statements.md | 28 +++++++++++++++-------- - 3 files changed, 26 insertions(+), 10 deletions(-) - -Index: secilc/docs/cil_call_macro_statements.md -=================================================================== ---- secilc.orig/docs/cil_call_macro_statements.md -+++ secilc/docs/cil_call_macro_statements.md -@@ -58,6 +58,8 @@ When resolving macros the following plac - - - Items defined in the global namespace - -+[`tunable`](cil_conditional_statements.md#tunable), [`in`](cil_container_statements.md#in), [`block`](cil_container_statements.md#block), [`blockinherit`](cil_container_statements.md#blockinherit), [`blockabstract`](cil_container_statements.md#blockabstract), and other [`macro`](cil_call_macro_statements.md#macro) statements are not allowed in [`macro`](cil_call_macro_statements.md#macro) blocks. -+ - **Statement definition:** - - ```secil -Index: secilc/docs/cil_conditional_statements.md -=================================================================== ---- secilc.orig/docs/cil_conditional_statements.md -+++ secilc/docs/cil_conditional_statements.md -@@ -6,6 +6,8 @@ boolean - - Declares a run time boolean as true or false in the current namespace. The [`booleanif`](cil_conditional_statements.md#booleanif) statement contains the CIL code that will be in the binary policy file. - -+[`boolean`](cil_conditional_statements.md#boolean) are not allowed in [`booleanif`](cil_conditional_statements.md#booleanif) blocks. -+ - **Statement definition:** - - ```secil -@@ -126,6 +128,8 @@ Tunables are similar to booleans, howeve - - Note that tunables can be treated as booleans by the CIL compiler command line parameter `-P` or `--preserve-tunables` flags. - -+Since [`tunableif`](cil_conditional_statements.md#tunableif) statements are resolved first, [`tunable`](cil_conditional_statements.md#tunable) statements are not allowed in [`in`](cil_container_statements.md#in), [`macro`](cil_call_macro_statements.md#macro), [`optional`](cil_container_statements.md#optional), and [`booleanif`](cil_conditional_statements.md#booleanif) blocks. To simplify processing, they are also not allowed in [`tunableif`](cil_conditional_statements.md#tunableif) blocks. -+ - **Statement definition:** - - ```secil -@@ -164,6 +168,8 @@ tunableif - - Compile time conditional statement that may or may not add CIL statements to be compiled. - -+If tunables are being treated as booleans (by using the CIL compiler command line parameter `-P` or `--preserve-tunables` flag), then only the statements allowed in a [`booleanif`](cil_conditional_statements.md#booleanif) block are allowed in a [`tunableif`](cil_conditional_statements.md#tunableif) block. Otherwise, [`tunable`](cil_conditional_statements.md#tunable) statements are not allowed in a [`tunableif`](cil_conditional_statements.md#tunableif) block. -+ - **Statement definition:** - - ```secil -Index: secilc/docs/cil_container_statements.md -=================================================================== ---- secilc.orig/docs/cil_container_statements.md -+++ secilc/docs/cil_container_statements.md -@@ -4,7 +4,11 @@ Container Statements - block - ----- - --Start a new namespace where any CIL statement is valid. -+Start a new namespace. -+ -+Not allowed in [`macro`](cil_call_macro_statements.md#macro) and [`optional`](cil_container_statements.md#optional) blocks. -+ -+[`sensitivity`](cil_mls_labeling_statements.md#sensitivity) and [`category`](cil_mls_labeling_statements.md#category) statements are not allowed in [`block`](cil_container_statements.md#block) blocks. - - **Statement definition:** - -@@ -47,6 +51,8 @@ blockabstract - - Declares the namespace as a 'template' and does not generate code until instantiated by another namespace that has a [`blockinherit`](cil_container_statements.md#blockinherit) statement. - -+Not allowed in [`macro`](cil_call_macro_statements.md#macro) and [`optional`](cil_container_statements.md#optional) blocks. -+ - **Statement definition:** - - ```secil -@@ -97,6 +103,8 @@ blockinherit - - Used to add common policy rules to the current namespace via a template that has been defined with the [`blockabstract`](cil_container_statements.md#blockabstract) statement. All [`blockinherit`](cil_container_statements.md#blockinherit) statements are resolved first and then the contents of the block are copied. This is so that inherited blocks will not be inherited. For a concrete example, please see the examples section. - -+Not allowed in [`macro`](cil_call_macro_statements.md#macro) blocks. -+ - **Statement definition:** - - ```secil -@@ -199,15 +207,11 @@ This example contains a template `client - optional - -------- - --Declare an [`optional`](cil_container_statements.md#optional) namespace. All CIL statements in the optional block must be satisfied before instantiation in the binary policy. [`tunableif`](cil_conditional_statements.md#tunableif) and [`macro`](cil_call_macro_statements.md#macro) statements are not allowed in optional containers. The same restrictions apply to CIL policy statements within [`optional`](cil_container_statements.md#optional)'s that apply to kernel policy statements, i.e. only the policy statements shown in the following table are valid: -+Declare an [`optional`](cil_container_statements.md#optional) namespace. All CIL statements in the optional block must be satisfied before instantiation in the binary policy. - --| | | | | --| ------------------- | -------------- | ------------------ | ------------------ | --| [`allow`](cil_access_vector_rules.md#allow) | [`allowx`](cil_access_vector_rules.md#allowx) | [`auditallow`](cil_access_vector_rules.md#auditallow) | [`auditallowx`](cil_access_vector_rules.md#auditallowx) | --| [`booleanif`](cil_conditional_statements.md#booleanif) | [`dontaudit`](cil_access_vector_rules.md#dontaudit) | [`dontauditx`](cil_access_vector_rules.md#dontauditx) | [`typepermissive`](cil_type_statements.md#typepermissive) | --| [`rangetransition`](cil_mls_labeling_statements.md#rangetransition) | [`role`](cil_role_statements.md#role) | [`roleallow`](cil_role_statements.md#roleallow) | [`roleattribute`](cil_role_statements.md#roleattribute) | --| [`roletransition`](cil_role_statements.md#roletransition) | [`type`](cil_type_statements.md#type) | [`typealias`](cil_type_statements.md#typealias) | [`typeattribute`](cil_type_statements.md#typeattribute) | --| [`typechange`](cil_type_statements.md#typechange) | [`typemember`](cil_type_statements.md#typemember) | [`typetransition`](cil_type_statements.md#typetransition) | | -+Not allowed in [`booleanif`](cil_conditional_statements.md#booleanif) blocks. -+ -+[`tunable`](cil_conditional_statements.md#tunable), [`in`](cil_container_statements.md#in), [`block`](cil_container_statements.md#block), [`blockabstract`](cil_container_statements.md#blockabstract), and [`macro`](cil_call_macro_statements.md#macro) statements are not allowed in [`optional`](cil_container_statements.md#optional) blocks. - - **Statement definition:** - -@@ -266,7 +270,11 @@ This example will instantiate the option - in - -- - --Allows the insertion of CIL statements into a named container ([`block`](cil_container_statements.md#block), [`optional`](cil_container_statements.md#optional) or [`macro`](cil_call_macro_statements.md#macro)). This statement is not allowed in [`booleanif`](cil_conditional_statements.md#booleanif) or [`tunableif`](cil_conditional_statements.md#tunableif) statements. This only works for containers that aren't inherited using [`blockinherit`](cil_conditional_statements.md#blockinherit). -+Allows the insertion of CIL statements into a named container ([`block`](cil_container_statements.md#block), [`optional`](cil_container_statements.md#optional) or [`macro`](cil_call_macro_statements.md#macro)). -+ -+Not allowed in [`macro`](cil_call_macro_statements.md#macro), [`booleanif`](cil_conditional_statements.md#booleanif), and other [`in`](cil_container_statements.md#in) blocks. -+ -+[`tunable`](cil_conditional_statements.md#tunable) and [`in`](cil_container_statements.md#in) statements are not allowed in [`in`](cil_container_statements.md#in) blocks. - - **Statement definition:** - diff --git a/recipes-security/selinux/secilc_3.2.bb b/recipes-security/selinux/secilc_3.3.bb similarity index 90% rename from recipes-security/selinux/secilc_3.2.bb rename to recipes-security/selinux/secilc_3.3.bb index 50413e0..60ab2fe 100644 --- a/recipes-security/selinux/secilc_3.2.bb +++ b/recipes-security/selinux/secilc_3.3.bb @@ -8,8 +8,6 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=c7e802b9a3b0c2c852669864c08b9138" require selinux_common.inc -SRC_URI += "file://CVE-2021-36087.patch" - DEPENDS += "libsepol xmlto-native" S = "${WORKDIR}/git/secilc" diff --git a/recipes-security/selinux/selinux-dbus_3.2.bb b/recipes-security/selinux/selinux-dbus_3.3.bb similarity index 100% rename from recipes-security/selinux/selinux-dbus_3.2.bb rename to recipes-security/selinux/selinux-dbus_3.3.bb diff --git a/recipes-security/selinux/selinux-gui_3.2.bb b/recipes-security/selinux/selinux-gui_3.3.bb similarity index 100% rename from recipes-security/selinux/selinux-gui_3.2.bb rename to recipes-security/selinux/selinux-gui_3.3.bb diff --git a/recipes-security/selinux/selinux-python_3.2.bb b/recipes-security/selinux/selinux-python_3.3.bb similarity index 100% rename from recipes-security/selinux/selinux-python_3.2.bb rename to recipes-security/selinux/selinux-python_3.3.bb diff --git a/recipes-security/selinux/selinux-sandbox_3.2.bb b/recipes-security/selinux/selinux-sandbox_3.3.bb similarity index 100% rename from recipes-security/selinux/selinux-sandbox_3.2.bb rename to recipes-security/selinux/selinux-sandbox_3.3.bb diff --git a/recipes-security/selinux/selinux_common.inc b/recipes-security/selinux/selinux_common.inc index dc4ccd5..8bdf8ad 100644 --- a/recipes-security/selinux/selinux_common.inc +++ b/recipes-security/selinux/selinux_common.inc @@ -1,7 +1,7 @@ HOMEPAGE = "https://github.com/SELinuxProject" SRC_URI = "git://github.com/SELinuxProject/selinux.git;branch=master;protocol=https" -SRCREV = "cf853c1a0c2328ad6c62fb2b2cc55d4926301d6b" +SRCREV = "7f600c40bc18d8180993edcd54daf45124736776" UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+(\.\d+)+)" diff --git a/recipes-security/selinux/semodule-utils_3.2.bb b/recipes-security/selinux/semodule-utils_3.3.bb similarity index 100% rename from recipes-security/selinux/semodule-utils_3.2.bb rename to recipes-security/selinux/semodule-utils_3.3.bb