[yocto] [meta-selinux][PULL] refpolicy: update to 2.20190201 and git HEAD policies (2019-04-10 10:57:14 -0400)
Yi Zhao
yi.zhao at windriver.com
Thu Apr 11 01:19:48 PDT 2019
Hi Joe,
Thank you for working on the refpolicy upgrade.
I have a quick test with your patch. Here are the results:
Machine: qemux86-64
Image: core-image-selinux
Init manager: systemd
Boot command: runqemu qemux86-64 kvm nographic bootparams="selinux=1
enforcing=X" qemuparams="-m 1024"
1. All refpolicy type of git version can be built without problems.
2. With parameter selinux=1 & enforcing=0
The qemu can boot up and login for all refpolicy types.
3. With parameter selinux=1 & enforcing=1
Some of services failed to startup when booting. But this issue also
exist on old refpolicy version (2.20170204)
4. refpolicy stable version (2.20190201)
I got an do_fetch error with refpolicy stable version.
Seems the SRC_URI is not correct. It should be
"https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20190201/refpolicy-${PV}.tar.bz2"
Regards,
Yi
在 2019/4/10 下午11:53, Joe MacDonald 写道:
> This is a huge, long-overdue update the refpolicy. I apologise for it
> blocking the other outstanding meta-selinux patches, but I've been
> trying to limit the scope of changes while this happens. Now that this
> is cleared off the slate, I'll be gathering up the other meta-selinux
> patches from the list. I'll send out a follow-up on those as they're
> merged and another when I think I'm done, so if I've missed your patch,
> that'll be the time to ping me about it.
>
> As for this, here's what I've done.
>
> - manually reviewed all patches that had been present in
> repolicy-* for both the old stable (2.20170204) and git
> versions
>
> - forked the SELinuxPolicy/refpolicy repo and applied all
> still-relevant patches to the RELEASE_2.20190201 branch
>
> - restructured the patches so that all patches that should
> reasonably apply to all variants (mcs, mls, minimum, standard
> and targeted) were in a common branch and only the ones that
> are specific to each variant would be in their own recipe
>
> - restructure the patches so that systemd and sysvinit patches
> were not applied to the same tree
>
> - created a parallel set of branches for each of these against
> current git HEAD
>
> The results of this can be examined here:
>
> https://github.com/joeythesaint/refpolicy
>
> Then each of these were exported and put in the appropriate SRC_URIs so
> the branch structure is more-or-less preserved.
>
> My goals with this approach were the following:
>
> - make it easier to keep refpolicy up to date, particularly for
> anyone wanting to use the git variants
>
> - make it easier to determine how your preferred version of
> refpolicy on Yocto differs from upstream refpolicy
>
> - limit the above differences to the minimum to achieve the goal
> of a functional Yocto system
>
> - eventually move us away from release tarballs entirely
>
> That last point is why I'm preserving the refpolicy fork above. I'd
> like to keep going with this and so future refpolicy patches will first
> be put in that repo then exported and applied to the SRC_URIs. If you
> have such a patch and want to send me a PR against the branch you think
> it belongs on from github directly, that'd be awesome, but the old
> method of patches to the mailing list will work fine too, just know that
> this is the way I'm going to try to manage this for the foreseeable
> future. Ultimately, if this proves to work well, I would like to move
> the refpolicy fork off github and house it on git.yoctoproject.org
> beside meta-selinux, but the workflow needs to be properly validated
> first.
>
> One additional point, I intend to take another pass at revising this
> stuff, ideally moving the huge number of common patches out as well.
> There's still some that aren't necessary for base yocto but are for
> additional layers. That's fine for us to have, but I'd like to get
> those moved to optional layer directories so we're making the best use
> of that functionality we can. If you have suggestions on which pieces
> already present are good candidates, let me know. Similarly, if you've
> got additional policy patches you want to see included, feel free to
> send them along, we can easily move them to optional locations inside
> meta-selinux.
>
> Finally, please everyone test this and provide feedback on anything that
> doesn't work or looks strange. This is easily the biggest change we've
> had in meta-selinux in years and I expect there's still some wrinkles to
> be ironed out. And I really appreciate everyone's patience while we got
> to this point and hope it's not too much more pain before we put a
> ribbon on this and call it done.
>
> I'll give this until at least the weekend before merging it to master,
> pending comments or an overwhelming "please just do it" from the
> community.
>
> Thanks.
>
> ---
>
> The following changes since commit a6a3cadb1ef3203a123d8f5f9df27832f55b2ce3:
>
> Backport patches from upstream to fix build with musl (2019-03-25 09:43:53 +0100)
>
> are available in the Git repository at:
>
> git://git.yoctoproject.org/meta-selinux yocto/master-next
>
> for you to fetch changes up to 776da889b550ac9e5be414a8cc10fd86b1923264:
>
> refpolicy: update to 2.20190201 and git HEAD policies (2019-04-10 10:57:14 -0400)
>
> ----------------------------------------------------------------
> Joe MacDonald (1):
> refpolicy: update to 2.20190201 and git HEAD policies
>
> README | 16 +-
> .../refpolicy-2.20170204/poky-fc-clock.patch | 20 --
> .../poky-fc-corecommands.patch | 24 --
> .../refpolicy-2.20170204/poky-fc-dmesg.patch | 18 --
> .../poky-fc-fix-real-path_login.patch | 37 ---
> .../poky-fc-fix-real-path_shadow.patch | 34 ---
> .../refpolicy-2.20170204/poky-fc-fstools.patch | 75 ------
> .../refpolicy-2.20170204/poky-fc-ftpwho-dir.patch | 27 ---
> .../refpolicy-2.20170204/poky-fc-iptables.patch | 24 --
> .../refpolicy-2.20170204/poky-fc-mta.patch | 27 ---
> .../refpolicy-2.20170204/poky-fc-netutils.patch | 24 --
> .../refpolicy-2.20170204/poky-fc-nscd.patch | 25 --
> .../refpolicy-2.20170204/poky-fc-rpm.patch | 23 --
> .../refpolicy-2.20170204/poky-fc-screen.patch | 23 --
> .../refpolicy-2.20170204/poky-fc-su.patch | 20 --
> .../refpolicy-2.20170204/poky-fc-subs_dist.patch | 33 ---
> .../refpolicy-2.20170204/poky-fc-sysnetwork.patch | 48 ----
> .../refpolicy-2.20170204/poky-fc-udevd.patch | 38 ---
> .../poky-fc-update-alternatives_bash.patch | 24 --
> .../poky-fc-update-alternatives_hostname.patch | 21 --
> .../poky-fc-update-alternatives_sysklogd.patch | 62 -----
> .../poky-fc-update-alternatives_sysvinit.patch | 57 -----
> ...ky-policy-add-rules-for-syslogd_t-symlink.patch | 30 ---
> ...licy-add-rules-for-var-log-symlink-apache.patch | 31 ---
> ...rules-for-var-log-symlink-audisp_remote_t.patch | 29 ---
> ...poky-policy-add-rules-for-var-log-symlink.patch | 185 ---------------
> ...-policy-allow-nfsd-to-exec-shell-commands.patch | 60 -----
> ...-policy-allow-setfiles_t-to-read-symlinks.patch | 30 ---
> .../poky-policy-fix-dmesg-to-use-dev-kmsg.patch | 37 ---
> .../poky-policy-fix-new-SELINUXMNT-in-sys.patch | 259 ---------------------
> ...olicy-fix-setfiles-statvfs-get-file-count.patch | 32 ---
> ...-volatile-alias-common-var-volatile-paths.patch | 36 +++
> ...001-fix-update-alternatives-for-sysvinit.patch} | 51 ++--
> ...nimum-audit-logging-getty-audit-related-.patch} | 17 +-
> ...-busybox-set-aliases-for-bin-sbin-and-usr.patch | 31 +++
> ...nimum-locallogin-add-allow-rules-for-typ.patch} | 11 +-
> ...ysklogd-apply-policy-to-sysklogd-symlink.patch} | 49 ++--
> ...nimum-systemd-unconfined-lib-add-systemd.patch} | 34 +--
> ...-apply-policy-to-common-yocto-hostname-al.patch | 27 +++
> ...nimum-systemd-mount-logging-authlogin-ad.patch} | 39 ++--
> ...ply-usr-bin-bash-context-to-bin-bash.bash.patch | 30 +++
> ...inimum-init-fix-reboot-with-systemd-as-in.patch | 9 +-
> ...nf-label-resolv.conf-in-var-run-properly.patch} | 24 +-
> ...inimum-systemd-mount-enable-required-refp.patch | 92 ++++++++
> ...ogin-apply-login-context-to-login.shadow.patch} | 22 +-
> ...inimum-systemd-fix-for-login-journal-serv.patch | 33 +--
> .../0008-fc-bind-fix-real-path-for-bind.patch} | 25 +-
> ...inimum-systemd-fix-for-systemd-tmp-files-.patch | 34 ++-
> .../0009-fc-hwclock-add-hwclock-alternatives.patch | 28 +++
> ...-refpolicy-minimum-systemd-fix-for-syslog.patch | 13 +-
> ...-dmesg-apply-policy-to-dmesg-alternatives.patch | 24 ++
> ...-fc-ssh-apply-policy-to-ssh-alternatives.patch} | 21 +-
> ...snetwork-apply-policy-to-ip-alternatives.patch} | 35 ++-
> ...c-udev-apply-policy-to-udevadm-in-libexec.patch | 28 +++
> ...pm-apply-rpm_exec-policy-to-cpio-binaries.patch | 29 +++
> ...15-fc-su-apply-policy-to-su-alternatives.patch} | 18 +-
> ...016-fc-fstools-fix-real-path-for-fstools.patch} | 58 ++---
> ...e-logging-Add-the-syslogd_t-to-trusted-o.patch} | 18 +-
> ...le-logging-add-rules-for-the-symlink-of-v.patch | 100 ++++++++
> ...le-logging-add-rules-for-syslogd-symlink-.patch | 33 +++
> ...e-logging-add-domain-rules-for-the-subdi.patch} | 18 +-
> ...e-files-add-rules-for-the-symlink-of-tmp.patch} | 69 ++----
> ...e-terminals-add-rules-for-bsdpty_device_.patch} | 60 ++---
> ...e-terminals-don-t-audit-tty_device_t-in-.patch} | 18 +-
> ...ule-rpc-allow-nfsd-to-exec-shell-commands.patch | 29 +++
> ...e-rpc-fix-policy-for-nfsserver-to-mount-.patch} | 96 ++++----
> ...odule-sysfs-fix-for-new-SELINUXMNT-in-sys.patch | 126 ++++++++++
> ...y-module-rpc-allow-sysadm-to-run-rpcinfo.patch} | 24 +-
> ...e-userdomain-fix-selinux-utils-to-manage.patch} | 28 +--
> ...le-selinuxutil-fix-setfiles-statvfs-to-ge.patch | 33 +++
> ...le-admin-fix-dmesg-to-use-dev-kmsg-as-def.patch | 25 ++
> ...e-ftp-add-ftpd_t-to-mls_file_write_all_l.patch} | 26 ++-
> ...e-init-update-for-systemd-related-allow-.patch} | 16 +-
> ...cy-minimum-make-sysadmin-module-optional.patch} | 28 +--
> ...le-apache-add-rules-for-the-symlink-of-va.patch | 33 +++
> ...-volatile-alias-common-var-volatile-paths.patch | 36 +++
> ...0001-fix-update-alternatives-for-sysvinit.patch | 53 +++++
> ...inimum-audit-logging-getty-audit-related-.patch | 68 ++++++
> ...-busybox-set-aliases-for-bin-sbin-and-usr.patch | 31 +++
> ...inimum-locallogin-add-allow-rules-for-typ.patch | 54 +++++
> ...sysklogd-apply-policy-to-sysklogd-symlink.patch | 57 +++++
> ...inimum-systemd-unconfined-lib-add-systemd.patch | 121 ++++++++++
> ...-apply-policy-to-common-yocto-hostname-al.patch | 27 +++
> ...inimum-systemd-mount-logging-authlogin-ad.patch | 96 ++++++++
> ...ply-usr-bin-bash-context-to-bin-bash.bash.patch | 30 +++
> ...inimum-init-fix-reboot-with-systemd-as-in.patch | 37 +++
> ...nf-label-resolv.conf-in-var-run-properly.patch} | 26 ++-
> ...inimum-systemd-mount-enable-required-refp.patch | 92 ++++++++
> ...login-apply-login-context-to-login.shadow.patch | 27 +++
> ...inimum-systemd-fix-for-login-journal-serv.patch | 103 ++++++++
> ...h => 0008-fc-bind-fix-real-path-for-bind.patch} | 25 +-
> ...inimum-systemd-fix-for-systemd-tmp-files-.patch | 110 +++++++++
> .../0009-fc-hwclock-add-hwclock-alternatives.patch | 28 +++
> ...-refpolicy-minimum-systemd-fix-for-syslog.patch | 70 ++++++
> ...-dmesg-apply-policy-to-dmesg-alternatives.patch | 24 ++
> ...-fc-ssh-apply-policy-to-ssh-alternatives.patch} | 21 +-
> ...ysnetwork-apply-policy-to-ip-alternatives.patch | 48 ++++
> ...c-udev-apply-policy-to-udevadm-in-libexec.patch | 28 +++
> ...pm-apply-rpm_exec-policy-to-cpio-binaries.patch | 29 +++
> ...15-fc-su-apply-policy-to-su-alternatives.patch} | 20 +-
> ...0016-fc-fstools-fix-real-path-for-fstools.patch | 76 ++++++
> ...e-logging-Add-the-syslogd_t-to-trusted-o.patch} | 18 +-
> ...le-logging-add-rules-for-the-symlink-of-v.patch | 100 ++++++++
> ...le-logging-add-rules-for-syslogd-symlink-.patch | 33 +++
> ...e-logging-add-domain-rules-for-the-subdi.patch} | 18 +-
> ...e-files-add-rules-for-the-symlink-of-tmp.patch} | 71 ++----
> ...e-terminals-add-rules-for-bsdpty_device_.patch} | 60 ++---
> ...e-terminals-don-t-audit-tty_device_t-in-.patch} | 18 +-
> ...ule-rpc-allow-nfsd-to-exec-shell-commands.patch | 29 +++
> ...e-rpc-fix-policy-for-nfsserver-to-mount-.patch} | 96 ++++----
> ...odule-sysfs-fix-for-new-SELINUXMNT-in-sys.patch | 126 ++++++++++
> ...y-module-rpc-allow-sysadm-to-run-rpcinfo.patch} | 24 +-
> ...e-userdomain-fix-selinux-utils-to-manage.patch} | 28 +--
> ...le-selinuxutil-fix-setfiles-statvfs-to-ge.patch | 33 +++
> ...le-admin-fix-dmesg-to-use-dev-kmsg-as-def.patch | 25 ++
> ...e-ftp-add-ftpd_t-to-mls_file_write_all_l.patch} | 26 ++-
> ...e-init-update-for-systemd-related-allow-.patch} | 23 +-
> ...cy-minimum-make-sysadmin-module-optional.patch} | 53 ++---
> ...e-apache-add-rules-for-the-symlink-of-va.patch} | 24 +-
> .../refpolicy/refpolicy-git/poky-fc-clock.patch | 19 --
> .../refpolicy/refpolicy-git/poky-fc-dmesg.patch | 15 --
> .../poky-fc-fix-real-path_shadow.patch | 50 ----
> .../refpolicy-git/poky-fc-ftpwho-dir.patch | 27 ---
> .../refpolicy/refpolicy-git/poky-fc-mta.patch | 27 ---
> .../refpolicy/refpolicy-git/poky-fc-nscd.patch | 25 --
> .../refpolicy/refpolicy-git/poky-fc-rpm.patch | 23 --
> .../refpolicy/refpolicy-git/poky-fc-screen.patch | 23 --
> .../refpolicy-git/poky-fc-subs_dist.patch | 32 ---
> .../refpolicy/refpolicy-git/poky-fc-udevd.patch | 27 ---
> .../poky-fc-update-alternatives_bash.patch | 12 -
> .../poky-fc-update-alternatives_hostname.patch | 19 --
> ...ky-policy-add-rules-for-syslogd_t-symlink.patch | 29 ---
> ...rules-for-var-log-symlink-audisp_remote_t.patch | 29 ---
> ...poky-policy-add-rules-for-var-log-symlink.patch | 88 -------
> ...-policy-allow-nfsd-to-exec-shell-commands.patch | 81 -------
> ...-policy-allow-setfiles_t-to-read-symlinks.patch | 30 ---
> .../poky-policy-fix-dmesg-to-use-dev-kmsg.patch | 22 --
> .../poky-policy-fix-new-SELINUXMNT-in-sys.patch | 253 --------------------
> ...olicy-fix-setfiles-statvfs-get-file-count.patch | 31 ---
> ...s_2.20170204.bb => refpolicy-mcs_2.20190201.bb} | 0
> ...inimum-systemd-mount-enable-requiried-ref.patch | 47 ----
> ...20170204.bb => refpolicy-minimum_2.20190201.bb} | 39 ++--
> .../refpolicy/refpolicy-minimum_git.bb | 22 +-
> ...s_2.20170204.bb => refpolicy-mls_2.20190201.bb} | 0
> ...0170204.bb => refpolicy-standard_2.20190201.bb} | 0
> ...efpolicy-remove-duplicate-type_transition.patch | 46 ----
> ...move-duplicate-type_transition_2.20170204.patch | 46 ----
> .../refpolicy-unconfined_u-default-user.patch | 222 ------------------
> ...licy-unconfined_u-default-user_2.20170204.patch | 222 ------------------
> .../refpolicy/refpolicy-targeted_2.20170204.bb | 29 ---
> .../refpolicy/refpolicy-targeted_2.20190201.bb | 35 +++
> .../refpolicy/refpolicy-targeted_git.bb | 22 +-
> .../refpolicy/refpolicy_2.20170204.inc | 58 -----
> .../refpolicy/refpolicy_2.20190201.inc | 7 +
> recipes-security/refpolicy/refpolicy_common.inc | 48 +++-
> recipes-security/refpolicy/refpolicy_git.inc | 55 +----
> 156 files changed, 3145 insertions(+), 3748 deletions(-)
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-clock.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-corecommands.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-dmesg.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-fix-real-path_login.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-fix-real-path_shadow.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-fstools.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-ftpwho-dir.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-iptables.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-mta.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-netutils.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-nscd.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-rpm.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-screen.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-su.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-subs_dist.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-sysnetwork.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-udevd.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_bash.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_hostname.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_sysklogd.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_sysvinit.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-policy-add-rules-for-syslogd_t-symlink.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-policy-add-rules-for-var-log-symlink-apache.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-policy-add-rules-for-var-log-symlink-audisp_remote_t.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-policy-add-rules-for-var-log-symlink.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-policy-allow-nfsd-to-exec-shell-commands.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-policy-allow-setfiles_t-to-read-symlinks.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-policy-fix-dmesg-to-use-dev-kmsg.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-policy-fix-new-SELINUXMNT-in-sys.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-policy-fix-setfiles-statvfs-get-file-count.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-2.20190201/0001-fc-subs-volatile-alias-common-var-volatile-paths.patch
> rename recipes-security/refpolicy/{refpolicy-git/poky-fc-update-alternatives_sysvinit.patch => refpolicy-2.20190201/0001-fix-update-alternatives-for-sysvinit.patch} (51%)
> rename recipes-security/refpolicy/{refpolicy-minimum/0002-refpolicy-minimum-audit-logging-getty-audit-related-.patch => refpolicy-2.20190201/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch} (85%)
> create mode 100644 recipes-security/refpolicy/refpolicy-2.20190201/0002-fc-subs-busybox-set-aliases-for-bin-sbin-and-usr.patch
> rename recipes-security/refpolicy/{refpolicy-minimum/0004-refpolicy-minimum-locallogin-add-allow-rules-for-typ.patch => refpolicy-2.20190201/0002-refpolicy-minimum-locallogin-add-allow-rules-for-typ.patch} (87%)
> rename recipes-security/refpolicy/{refpolicy-git/poky-fc-update-alternatives_sysklogd.patch => refpolicy-2.20190201/0003-fc-sysklogd-apply-policy-to-sysklogd-symlink.patch} (52%)
> rename recipes-security/refpolicy/{refpolicy-minimum/0001-refpolicy-minimum-systemd-unconfined-lib-add-systemd.patch => refpolicy-2.20190201/0003-refpolicy-minimum-systemd-unconfined-lib-add-systemd.patch} (79%)
> create mode 100644 recipes-security/refpolicy/refpolicy-2.20190201/0004-fc-hostname-apply-policy-to-common-yocto-hostname-al.patch
> rename recipes-security/refpolicy/{refpolicy-minimum/0003-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch => refpolicy-2.20190201/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch} (76%)
> create mode 100644 recipes-security/refpolicy/refpolicy-2.20190201/0005-fc-bash-apply-usr-bin-bash-context-to-bin-bash.bash.patch
> rename recipes-security/refpolicy/{refpolicy-minimum => refpolicy-2.20190201}/0005-refpolicy-minimum-init-fix-reboot-with-systemd-as-in.patch (83%)
> rename recipes-security/refpolicy/{refpolicy-git/poky-fc-fix-real-path_resolv.conf.patch => refpolicy-2.20190201/0006-fc-resolv.conf-label-resolv.conf-in-var-run-properly.patch} (54%)
> create mode 100644 recipes-security/refpolicy/refpolicy-2.20190201/0006-refpolicy-minimum-systemd-mount-enable-required-refp.patch
> rename recipes-security/refpolicy/{refpolicy-git/poky-fc-fix-real-path_login.patch => refpolicy-2.20190201/0007-fc-login-apply-login-context-to-login.shadow.patch} (52%)
> rename recipes-security/refpolicy/{refpolicy-minimum => refpolicy-2.20190201}/0007-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch (82%)
> rename recipes-security/refpolicy/{refpolicy-2.20170204/poky-fc-fix-bind.patch => refpolicy-2.20190201/0008-fc-bind-fix-real-path-for-bind.patch} (62%)
> rename recipes-security/refpolicy/{refpolicy-minimum => refpolicy-2.20190201}/0008-refpolicy-minimum-systemd-fix-for-systemd-tmp-files-.patch (80%)
> create mode 100644 recipes-security/refpolicy/refpolicy-2.20190201/0009-fc-hwclock-add-hwclock-alternatives.patch
> rename recipes-security/refpolicy/{refpolicy-minimum => refpolicy-2.20190201}/0009-refpolicy-minimum-systemd-fix-for-syslog.patch (90%)
> create mode 100644 recipes-security/refpolicy/refpolicy-2.20190201/0010-fc-dmesg-apply-policy-to-dmesg-alternatives.patch
> rename recipes-security/refpolicy/{refpolicy-git/poky-fc-ssh.patch => refpolicy-2.20190201/0011-fc-ssh-apply-policy-to-ssh-alternatives.patch} (55%)
> rename recipes-security/refpolicy/{refpolicy-git/poky-fc-sysnetwork.patch => refpolicy-2.20190201/0012-fc-sysnetwork-apply-policy-to-ip-alternatives.patch} (54%)
> create mode 100644 recipes-security/refpolicy/refpolicy-2.20190201/0013-fc-udev-apply-policy-to-udevadm-in-libexec.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-2.20190201/0014-fc-rpm-apply-rpm_exec-policy-to-cpio-binaries.patch
> rename recipes-security/refpolicy/{refpolicy-git/poky-fc-fix-real-path_su.patch => refpolicy-2.20190201/0015-fc-su-apply-policy-to-su-alternatives.patch} (52%)
> rename recipes-security/refpolicy/{refpolicy-git/poky-fc-fstools.patch => refpolicy-2.20190201/0016-fc-fstools-fix-real-path-for-fstools.patch} (66%)
> rename recipes-security/refpolicy/{refpolicy-2.20170204/poky-policy-add-syslogd_t-to-trusted-object.patch => refpolicy-2.20190201/0017-policy-module-logging-Add-the-syslogd_t-to-trusted-o.patch} (69%)
> create mode 100644 recipes-security/refpolicy/refpolicy-2.20190201/0018-policy-module-logging-add-rules-for-the-symlink-of-v.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-2.20190201/0019-policy-module-logging-add-rules-for-syslogd-symlink-.patch
> rename recipes-security/refpolicy/{refpolicy-2.20170204/poky-policy-add-rules-for-var-cache-symlink.patch => refpolicy-2.20190201/0020-policy-module-logging-add-domain-rules-for-the-subdi.patch} (69%)
> rename recipes-security/refpolicy/{refpolicy-git/poky-policy-add-rules-for-tmp-symlink.patch => refpolicy-2.20190201/0021-policy-module-files-add-rules-for-the-symlink-of-tmp.patch} (54%)
> rename recipes-security/refpolicy/{refpolicy-2.20170204/poky-policy-add-rules-for-bsdpty_device_t.patch => refpolicy-2.20190201/0022-policy-module-terminals-add-rules-for-bsdpty_device_.patch} (67%)
> rename recipes-security/refpolicy/{refpolicy-2.20170204/poky-policy-don-t-audit-tty_device_t.patch => refpolicy-2.20190201/0023-policy-module-terminals-don-t-audit-tty_device_t-in-.patch} (66%)
> create mode 100644 recipes-security/refpolicy/refpolicy-2.20190201/0024-policy-module-rpc-allow-nfsd-to-exec-shell-commands.patch
> rename recipes-security/refpolicy/{refpolicy-2.20170204/poky-policy-fix-nfsd_t-to-mount_nfsd_fs_t.patch => refpolicy-2.20190201/0025-policy-module-rpc-fix-policy-for-nfsserver-to-mount-.patch} (54%)
> create mode 100644 recipes-security/refpolicy/refpolicy-2.20190201/0026-policy-module-sysfs-fix-for-new-SELINUXMNT-in-sys.patch
> rename recipes-security/refpolicy/{refpolicy-2.20170204/poky-policy-allow-sysadm-to-run-rpcinfo.patch => refpolicy-2.20190201/0027-policy-module-rpc-allow-sysadm-to-run-rpcinfo.patch} (70%)
> rename recipes-security/refpolicy/{refpolicy-2.20170204/poky-policy-fix-seutils-manage-config-files.patch => refpolicy-2.20190201/0028-policy-module-userdomain-fix-selinux-utils-to-manage.patch} (60%)
> create mode 100644 recipes-security/refpolicy/refpolicy-2.20190201/0029-policy-module-selinuxutil-fix-setfiles-statvfs-to-ge.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-2.20190201/0030-policy-module-admin-fix-dmesg-to-use-dev-kmsg-as-def.patch
> rename recipes-security/refpolicy/{refpolicy-2.20170204/ftp-add-ftpd_t-to-mlsfilewrite.patch => refpolicy-2.20190201/0031-policy-module-ftp-add-ftpd_t-to-mls_file_write_all_l.patch} (74%)
> rename recipes-security/refpolicy/{refpolicy-git/refpolicy-update-for_systemd.patch => refpolicy-2.20190201/0032-policy-module-init-update-for-systemd-related-allow-.patch} (66%)
> rename recipes-security/refpolicy/{refpolicy-targeted/refpolicy-fix-optional-issue-on-sysadm-module.patch => refpolicy-2.20190201/0033-refpolicy-minimum-make-sysadmin-module-optional.patch} (69%)
> create mode 100644 recipes-security/refpolicy/refpolicy-2.20190201/0034-policy-module-apache-add-rules-for-the-symlink-of-va.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0001-fc-subs-volatile-alias-common-var-volatile-paths.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0001-fix-update-alternatives-for-sysvinit.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0002-fc-subs-busybox-set-aliases-for-bin-sbin-and-usr.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0002-refpolicy-minimum-locallogin-add-allow-rules-for-typ.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0003-fc-sysklogd-apply-policy-to-sysklogd-symlink.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0003-refpolicy-minimum-systemd-unconfined-lib-add-systemd.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0004-fc-hostname-apply-policy-to-common-yocto-hostname-al.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0005-fc-bash-apply-usr-bin-bash-context-to-bin-bash.bash.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0005-refpolicy-minimum-init-fix-reboot-with-systemd-as-in.patch
> rename recipes-security/refpolicy/{refpolicy-2.20170204/poky-fc-fix-real-path_resolv.conf.patch => refpolicy-git/0006-fc-resolv.conf-label-resolv.conf-in-var-run-properly.patch} (52%)
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0006-refpolicy-minimum-systemd-mount-enable-required-refp.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0007-fc-login-apply-login-context-to-login.shadow.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0007-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch
> rename recipes-security/refpolicy/refpolicy-git/{poky-fc-fix-bind.patch => 0008-fc-bind-fix-real-path-for-bind.patch} (62%)
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0008-refpolicy-minimum-systemd-fix-for-systemd-tmp-files-.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0009-fc-hwclock-add-hwclock-alternatives.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0009-refpolicy-minimum-systemd-fix-for-syslog.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0010-fc-dmesg-apply-policy-to-dmesg-alternatives.patch
> rename recipes-security/refpolicy/{refpolicy-2.20170204/poky-fc-ssh.patch => refpolicy-git/0011-fc-ssh-apply-policy-to-ssh-alternatives.patch} (52%)
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0012-fc-sysnetwork-apply-policy-to-ip-alternatives.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0013-fc-udev-apply-policy-to-udevadm-in-libexec.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0014-fc-rpm-apply-rpm_exec-policy-to-cpio-binaries.patch
> rename recipes-security/refpolicy/{refpolicy-2.20170204/poky-fc-fix-real-path_su.patch => refpolicy-git/0015-fc-su-apply-policy-to-su-alternatives.patch} (52%)
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0016-fc-fstools-fix-real-path-for-fstools.patch
> rename recipes-security/refpolicy/refpolicy-git/{poky-policy-add-syslogd_t-to-trusted-object.patch => 0017-policy-module-logging-Add-the-syslogd_t-to-trusted-o.patch} (69%)
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0018-policy-module-logging-add-rules-for-the-symlink-of-v.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0019-policy-module-logging-add-rules-for-syslogd-symlink-.patch
> rename recipes-security/refpolicy/refpolicy-git/{poky-policy-add-rules-for-var-cache-symlink.patch => 0020-policy-module-logging-add-domain-rules-for-the-subdi.patch} (69%)
> rename recipes-security/refpolicy/{refpolicy-2.20170204/poky-policy-add-rules-for-tmp-symlink.patch => refpolicy-git/0021-policy-module-files-add-rules-for-the-symlink-of-tmp.patch} (53%)
> rename recipes-security/refpolicy/refpolicy-git/{poky-policy-add-rules-for-bsdpty_device_t.patch => 0022-policy-module-terminals-add-rules-for-bsdpty_device_.patch} (67%)
> rename recipes-security/refpolicy/refpolicy-git/{poky-policy-don-t-audit-tty_device_t.patch => 0023-policy-module-terminals-don-t-audit-tty_device_t-in-.patch} (66%)
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0024-policy-module-rpc-allow-nfsd-to-exec-shell-commands.patch
> rename recipes-security/refpolicy/refpolicy-git/{poky-policy-fix-nfsd_t-to-mount_nfsd_fs_t.patch => 0025-policy-module-rpc-fix-policy-for-nfsserver-to-mount-.patch} (54%)
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0026-policy-module-sysfs-fix-for-new-SELINUXMNT-in-sys.patch
> rename recipes-security/refpolicy/refpolicy-git/{poky-policy-allow-sysadm-to-run-rpcinfo.patch => 0027-policy-module-rpc-allow-sysadm-to-run-rpcinfo.patch} (70%)
> rename recipes-security/refpolicy/refpolicy-git/{poky-policy-fix-seutils-manage-config-files.patch => 0028-policy-module-userdomain-fix-selinux-utils-to-manage.patch} (60%)
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0029-policy-module-selinuxutil-fix-setfiles-statvfs-to-ge.patch
> create mode 100644 recipes-security/refpolicy/refpolicy-git/0030-policy-module-admin-fix-dmesg-to-use-dev-kmsg-as-def.patch
> rename recipes-security/refpolicy/refpolicy-git/{ftp-add-ftpd_t-to-mlsfilewrite.patch => 0031-policy-module-ftp-add-ftpd_t-to-mls_file_write_all_l.patch} (74%)
> rename recipes-security/refpolicy/{refpolicy-2.20170204/refpolicy-update-for_systemd.patch => refpolicy-git/0032-policy-module-init-update-for-systemd-related-allow-.patch} (52%)
> rename recipes-security/refpolicy/{refpolicy-targeted/refpolicy-fix-optional-issue-on-sysadm-module_2.20170204.patch => refpolicy-git/0033-refpolicy-minimum-make-sysadmin-module-optional.patch} (56%)
> rename recipes-security/refpolicy/refpolicy-git/{poky-policy-add-rules-for-var-log-symlink-apache.patch => 0034-policy-module-apache-add-rules-for-the-symlink-of-va.patch} (54%)
> delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-fc-clock.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-fc-dmesg.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-fc-fix-real-path_shadow.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-fc-ftpwho-dir.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-fc-mta.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-fc-nscd.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-fc-rpm.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-fc-screen.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-fc-subs_dist.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-fc-udevd.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-fc-update-alternatives_bash.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-fc-update-alternatives_hostname.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-syslogd_t-symlink.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-audisp_remote_t.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-policy-allow-nfsd-to-exec-shell-commands.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-policy-allow-setfiles_t-to-read-symlinks.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-policy-fix-dmesg-to-use-dev-kmsg.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-policy-fix-new-SELINUXMNT-in-sys.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-git/poky-policy-fix-setfiles-statvfs-get-file-count.patch
> rename recipes-security/refpolicy/{refpolicy-mcs_2.20170204.bb => refpolicy-mcs_2.20190201.bb} (100%)
> delete mode 100644 recipes-security/refpolicy/refpolicy-minimum/0006-refpolicy-minimum-systemd-mount-enable-requiried-ref.patch
> rename recipes-security/refpolicy/{refpolicy-minimum_2.20170204.bb => refpolicy-minimum_2.20190201.bb} (66%)
> rename recipes-security/refpolicy/{refpolicy-mls_2.20170204.bb => refpolicy-mls_2.20190201.bb} (100%)
> rename recipes-security/refpolicy/{refpolicy-standard_2.20170204.bb => refpolicy-standard_2.20190201.bb} (100%)
> delete mode 100644 recipes-security/refpolicy/refpolicy-targeted/refpolicy-remove-duplicate-type_transition.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-targeted/refpolicy-remove-duplicate-type_transition_2.20170204.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-targeted/refpolicy-unconfined_u-default-user.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-targeted/refpolicy-unconfined_u-default-user_2.20170204.patch
> delete mode 100644 recipes-security/refpolicy/refpolicy-targeted_2.20170204.bb
> create mode 100644 recipes-security/refpolicy/refpolicy-targeted_2.20190201.bb
> delete mode 100644 recipes-security/refpolicy/refpolicy_2.20170204.inc
> create mode 100644 recipes-security/refpolicy/refpolicy_2.20190201.inc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20190411/f5ee9b3c/attachment-0001.html>
More information about the yocto
mailing list