From patchwork Mon Oct 9 22:27:30 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adam Duskett X-Patchwork-Id: 823566 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="r6DinxWk"; dkim-atps=neutral Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3y9vyQ02Czz9t5R for ; Tue, 10 Oct 2017 09:27:57 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 52A7A886B6; Mon, 9 Oct 2017 22:27:56 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i1ZH1eqQ3tEL; Mon, 9 Oct 2017 22:27:49 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id F269C886C2; Mon, 9 Oct 2017 22:27:48 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id 131651C024B for ; Mon, 9 Oct 2017 22:27:43 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id DE14D87B94 for ; Mon, 9 Oct 2017 22:27:42 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GO7Hti_rUw71 for ; Mon, 9 Oct 2017 22:27:42 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-qt0-f196.google.com (mail-qt0-f196.google.com [209.85.216.196]) by fraxinus.osuosl.org (Postfix) with ESMTPS id BB8E387051 for ; Mon, 9 Oct 2017 22:27:41 +0000 (UTC) Received: by mail-qt0-f196.google.com with SMTP id z19so4884957qtg.2 for ; Mon, 09 Oct 2017 15:27:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=1nyMAq754XqaC1/wXgujMO1hgVZTD1XmRLgiGeZo14c=; b=r6DinxWkRV+96xA13y98KPiHv8jiCKT1Fa/HE1GOkd0oHZVeVdj9bV/OlVqUgcGufz Tlsoz8DWBasVT+vLONkgXXgBqbcl0e0rFF4v/oVbk3ClZhyY7uCZEs7iPSYZylaJ16VW BpOLlaiE5WHrd4xk+vx3nVe9jaN+c+fEsx2eQIOH1ztV8DjWaxLOfMhOqy39gi+PPDTJ ryJqaqQeJU7+Blo3SL4zXKTZcXrm9HCZFgaMNIt2ZBMUUwJZfYjvl2gS4IKBfmw1BfAr a9Ekp5gNpdOXwlCfQapIFbyX9yfGQ1SlGiFjqj7BNne5VkDugXfsQh23++17H+osmjvb OHhg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=1nyMAq754XqaC1/wXgujMO1hgVZTD1XmRLgiGeZo14c=; b=dk1+391wfiLzBSuITDCb+5a3Skw/2uas+xk7HCAFJDvx/BfllCJR7lDZJ0qrXQo6x4 nGuX8NXs4hlya6XgHRG+m0ByYJ5xbJpjsD06ApXV1efGx6EwWZncKYR1SzTT+csS1d3f ZiofyGW0EfH0c8ehcxHkuJC67UMJ0jxT1cysUHCzdUKgFR/rbTgpWBDrNJkB+/T4giGG n/ZyEMBSOhpl9wKKFtVyBQe/94tcEbblTAoAgcf2ZI3Fy+DW49AeZioj06mOzgGKilwU 3enLsz/wrgLNvOXkbqn3Zy7msbNLwe+JtRuAmgvw2NHgys2bMypr+Lhwh6w+Bne0ha7W lC6w== X-Gm-Message-State: AMCzsaUI/UapRN7ffMXHVTvvvrZUl3Sry47TU3WOyZBe9qp+XzHRDNQc jGcbaB8zUoiK9nI09eQ1EImEbkU6 X-Google-Smtp-Source: AOwi7QC2lSjo/bKnFMdD47Tks1MiNUoQB0oZ9XF+/cU9jVRVCpky8sY30r2811/StljT+fYOqf1ovg== X-Received: by 10.129.98.213 with SMTP id w204mr825967ywb.247.1507588060490; Mon, 09 Oct 2017 15:27:40 -0700 (PDT) Received: from aduskett.duskett (2600-6c4a-767f-ff91-be5f-f4ff-feef-f9a2.dhcp6.chtrptr.net. [2600:6c4a:767f:ff91:be5f:f4ff:feef:f9a2]) by smtp.gmail.com with ESMTPSA id o126sm3589115ywb.8.2017.10.09.15.27.39 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 09 Oct 2017 15:27:39 -0700 (PDT) From: Adam Duskett X-Google-Original-From: Adam Duskett To: buildroot@buildroot.org Date: Mon, 9 Oct 2017 18:27:30 -0400 Message-Id: <20171009222731.15119-7-Adamduskett@outlook.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20171009222731.15119-1-Adamduskett@outlook.com> References: <20171009222731.15119-1-Adamduskett@outlook.com> Cc: Adam Duskett Subject: [Buildroot] [PATCH 7/8] restorecond: new package X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" restorecond is now a seperate package released by the SELinux maintainers. restorecond is a daemon that watches for file creation and then sets the default SELinux file context for that file. Signed-off-by: Adam Duskett --- DEVELOPERS | 1 + package/Config.in | 1 + package/restorecond/Config.in | 12 +++++++++ package/restorecond/restorecond.hash | 2 ++ package/restorecond/restorecond.mk | 48 ++++++++++++++++++++++++++++++++++++ 5 files changed, 64 insertions(+) create mode 100644 package/restorecond/Config.in create mode 100644 package/restorecond/restorecond.hash create mode 100644 package/restorecond/restorecond.mk diff --git a/DEVELOPERS b/DEVELOPERS index f35d6f3688..18e878d8d5 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -41,6 +41,7 @@ F: package/libsepol/ F: package/nginx-naxsi/ F: package/policycoreutils/ F: package/python-mutagen/ +F: package/restorecond/ F: package/refpolicy/ F: package/sepolgen/ F: package/setools/ diff --git a/package/Config.in b/package/Config.in index b9c62de1f3..c9677a460c 100644 --- a/package/Config.in +++ b/package/Config.in @@ -1840,6 +1840,7 @@ menu "Security" source "package/paxtest/Config.in" source "package/policycoreutils/Config.in" source "package/refpolicy/Config.in" + source "package/restorecond/Config.in" source "package/setools/Config.in" endmenu diff --git a/package/restorecond/Config.in b/package/restorecond/Config.in new file mode 100644 index 0000000000..f9c3ebe6ba --- /dev/null +++ b/package/restorecond/Config.in @@ -0,0 +1,12 @@ +config BR2_PACKAGE_RESTORECOND + bool "restorecond" + depends on BR2_PACKAGE_DBUS # dbus-glib + depends on BR2_USE_WCHAR # glib2 + depends on BR2_TOOLCHAIN_HAS_THREADS # glib2 + depends on BR2_USE_MMU # glib2 + select BR2_PACKAGE_LIBSELINUX + select BR2_PACKAGE_DBUS_GLIB + select BR2_PACKAGE_LIBGLIB2 + help + restorecond is a daemon that watches for file creation and then sets the + default SELinux file context for that file. diff --git a/package/restorecond/restorecond.hash b/package/restorecond/restorecond.hash new file mode 100644 index 0000000000..f52bbd2161 --- /dev/null +++ b/package/restorecond/restorecond.hash @@ -0,0 +1,2 @@ +# https://github.com/SELinuxProject/selinux/wiki/Releases +sha256 cb8e0a8d706cb2c1f105125f3514dffffefcbcfb49199183a7f91ab0bdf1f24d restorecond-2.7.tar.gz diff --git a/package/restorecond/restorecond.mk b/package/restorecond/restorecond.mk new file mode 100644 index 0000000000..98ae3e7314 --- /dev/null +++ b/package/restorecond/restorecond.mk @@ -0,0 +1,48 @@ +################################################################################ +# +# restorecond +# +################################################################################ + +RESTORECOND_VERSION = 2.7 +RESTORECOND_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804 +RESTORECOND_LICENSE = GPL-2.0 +RESTORECOND_LICENSE_FILES = COPYING + +RESTORECOND_DEPENDENCIES = libglib2 libselinux dbus-glib + +RESTORECOND_MAKE_OPTS += \ + $(TARGET_CONFIGURE_OPTS) \ + CFLAGS="$(TARGET_CFLAGS) -U_FILE_OFFSET_BITS" \ + CPPFLAGS="$(TARGET_CPPFLAGS) -U_FILE_OFFSET_BITS" \ + ARCH="$(BR2_ARCH)" + +# We need to pass DESTDIR at build time because it's used by +# RESTORECOND build system to find headers and libraries. +define RESTORECOND_BUILD_CMDS + $(MAKE) -C $(@D) $(RESTORECOND_MAKE_OPTS) DESTDIR=$(STAGING_DIR) all +endef + +define RESTORECOND_INSTALL_INIT_SYSV + $(INSTALL) -m 0755 -D $(@D)/restorecond.init \ + $(TARGET_DIR)/etc/init.d/restorecond +endef + +define RESTORECOND_INSTALL_INIT_SYSTEMD + $(INSTALL) -m 0644 -D $(@D)/restorecond.service \ + $(TARGET_DIR)/usr/lib/systemd/system/restorecond.service + + $(INSTALL) -m 0600 -D $(@D)/org.selinux.Restorecond.service \ + $(TARGET_DIR)/etc/systemd/system/org.selinux.Restorecond.service +endef + +define RESTORECOND_INSTALL_TARGET_CMDS + $(INSTALL) -m 0644 -D $(@D)/restorecond.conf $(TARGET_DIR)/etc/selinux + $(INSTALL) -m 0644 -D $(@D)/restorecond_user.conf $(TARGET_DIR)/etc/selinux + $(INSTALL) -m 0755 -D $(@D)/restorecond $(TARGET_DIR)/usr/sbin +endef + + + +$(eval $(generic-package)) +$(eval $(host-generic-package))