[v2,00/14] packages: Add SELinux modules to some packages

Message ID	20201228161134.303992-1-maxime.chevallier@bootlin.com
Headers	show Return-Path: <buildroot-bounces@busybox.net> sender: maxime.chevallier@bootlin.com) by relay3-d.mail.gandi.net (Postfix) with ESMTPSA id E5D7460008; Mon, 28 Dec 2020 16:11:36 +0000 (UTC) From: Maxime Chevallier <maxime.chevallier@bootlin.com> To: buildroot@buildroot.org Date: Mon, 28 Dec 2020 17:11:20 +0100 Message-Id: <20201228161134.303992-1-maxime.chevallier@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH v2 00/14] packages: Add SELinux modules to some packages Precedence: list Cc: Antoine Tenart <antoine.tenart@kernel.org>, Thomas Petazzoni <thomas.petazzoni@bootlin.com>, Maxime Chevallier <maxime.chevallier@bootlin.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" <buildroot-bounces@busybox.net>
Series	packages: Add SELinux modules to some packages \| expand [v2,00/14] packages: Add SELinux modules to some packages [v2,01/14] package/iwd: add SELinux module [v2,02/14] package/network-manager: add SELinux module [v2,03/14] package/wpa_supplicant: add SELinux module [v2,04/14] package/ebtables: add SELinux module [v2,05/14] package/ipset: add SELinux module [v2,06/14] package/iptables: add SELinux module [v2,07/14] package/nftables: add SELinux module [v2,08/14] package/fping: add SELinux module [v2,09/14] package/iputils: add SELinux module [v2,10/14] package/mtr: add SELinux module [v2,11/14] package/nmap: add SELinux module [v2,12/14] package/tcpdump: add SELinux module [v2,13/14] package/haveged: add SELinux module [v2,14/14] package/jitterentropy-library: add SELinux module

Message ID

20201228161134.303992-1-maxime.chevallier@bootlin.com

Headers

From: Maxime Chevallier <maxime.chevallier@bootlin.com>
To: buildroot@buildroot.org
Date: Mon, 28 Dec 2020 17:11:20 +0100
Message-Id: <20201228161134.303992-1-maxime.chevallier@bootlin.com>
MIME-Version: 1.0
Subject: [Buildroot] [PATCH v2 00/14] packages: Add SELinux modules to some
 packages
Precedence: list
Cc: Antoine Tenart <antoine.tenart@kernel.org>,
 Thomas Petazzoni <thomas.petazzoni@bootlin.com>,
 Maxime Chevallier <maxime.chevallier@bootlin.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Series

packages: Add SELinux modules to some packages | expand

Message

Maxime Chevallier Dec. 28, 2020, 4:11 p.m. UTC

Hello everyone,

This is the second iteration of the series adding matching between
packages and the SELinux refpolicy module that supports them.

This series focuses on the tools that are impacted by the following
modules in the refpolicy [2] :

  - services/networkmanager, which adds support for :
    - iwd
    - network-manager
    - wpa_supplicant

  - system/ipatbles, which adds support for :
    - ebtables
    - ipset
    - iptables
    - nftables

  - admin/netutils, which adds support for :
    - fping
    - Some of the iputils tools :
      - arping
      - ping
      - tracepath
      - traceroute6
    - mtr
    - nmap
    - tcpdump

  - services/entropyd, which adds support for :
    - haveged
    - jitterentropy-library

With this series, the above-mentionned tools can now be used on systems
that have SELinux enabled.

Since V1, the main changes were the removal of the dhcp package which
will be part of another series, and the rework of the iputils package
according to Antoine Tenart's review.

Thanks,

Maxime

Maxime Chevallier (14):
  package/iwd: add SELinux module
  package/network-manager: add SELinux module
  package/wpa_supplicant: add SELinux module
  package/ebtables: add SELinux module
  package/ipset: add SELinux module
  package/iptables: add SELinux module
  package/nftables: add SELinux module
  package/fping: add SELinux module
  package/iputils: add SELinux module
  package/mtr: add SELinux module
  package/nmap: add SELinux module
  package/tcpdump: add SELinux module
  package/haveged: add SELinux module
  package/jitterentropy-library: add SELinux module

 package/ebtables/ebtables.mk                     |  1 +
 package/fping/fping.mk                           |  1 +
 package/haveged/haveged.mk                       |  1 +
 package/ipset/ipset.mk                           |  1 +
 package/iptables/iptables.mk                     |  2 ++
 package/iputils/iputils.mk                       | 16 ++++++++++++++++
 package/iwd/iwd.mk                               |  1 +
 .../jitterentropy-library.mk                     |  1 +
 package/mtr/mtr.mk                               |  1 +
 package/network-manager/network-manager.mk       |  1 +
 package/nftables/nftables.mk                     |  1 +
 package/nmap/nmap.mk                             |  1 +
 package/tcpdump/tcpdump.mk                       |  1 +
 package/wpa_supplicant/wpa_supplicant.mk         |  1 +
 14 files changed, 30 insertions(+)

Comments

Antoine Tenart Dec. 29, 2020, 10:30 a.m. UTC | #1

Hi Maxime,

Quoting Maxime Chevallier (2020-12-28 17:11:20)
> Hello everyone,
> 
> This is the second iteration of the series adding matching between
> packages and the SELinux refpolicy module that supports them.
> 
> This series focuses on the tools that are impacted by the following
> modules in the refpolicy [2] :
> 
>   - services/networkmanager, which adds support for :
>     - iwd
>     - network-manager
>     - wpa_supplicant
> 
>   - system/ipatbles, which adds support for :
>     - ebtables
>     - ipset
>     - iptables
>     - nftables
> 
>   - admin/netutils, which adds support for :
>     - fping
>     - Some of the iputils tools :
>       - arping
>       - ping
>       - tracepath
>       - traceroute6
>     - mtr
>     - nmap
>     - tcpdump
> 
>   - services/entropyd, which adds support for :
>     - haveged
>     - jitterentropy-library
> 
> With this series, the above-mentionned tools can now be used on systems
> that have SELinux enabled.
> 
> Since V1, the main changes were the removal of the dhcp package which
> will be part of another series, and the rework of the iputils package
> according to Antoine Tenart's review.

The series looks good to me.

Thanks!
Antoine

> Maxime Chevallier (14):
>   package/iwd: add SELinux module
>   package/network-manager: add SELinux module
>   package/wpa_supplicant: add SELinux module
>   package/ebtables: add SELinux module
>   package/ipset: add SELinux module
>   package/iptables: add SELinux module
>   package/nftables: add SELinux module
>   package/fping: add SELinux module
>   package/iputils: add SELinux module
>   package/mtr: add SELinux module
>   package/nmap: add SELinux module
>   package/tcpdump: add SELinux module
>   package/haveged: add SELinux module
>   package/jitterentropy-library: add SELinux module
> 
>  package/ebtables/ebtables.mk                     |  1 +
>  package/fping/fping.mk                           |  1 +
>  package/haveged/haveged.mk                       |  1 +
>  package/ipset/ipset.mk                           |  1 +
>  package/iptables/iptables.mk                     |  2 ++
>  package/iputils/iputils.mk                       | 16 ++++++++++++++++
>  package/iwd/iwd.mk                               |  1 +
>  .../jitterentropy-library.mk                     |  1 +
>  package/mtr/mtr.mk                               |  1 +
>  package/network-manager/network-manager.mk       |  1 +
>  package/nftables/nftables.mk                     |  1 +
>  package/nmap/nmap.mk                             |  1 +
>  package/tcpdump/tcpdump.mk                       |  1 +
>  package/wpa_supplicant/wpa_supplicant.mk         |  1 +
>  14 files changed, 30 insertions(+)
> 
> -- 
> 2.25.4
> 
> _______________________________________________
> buildroot mailing list
> buildroot@busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
>

Yann E. MORIN Dec. 29, 2020, 2:05 p.m. UTC | #2

Maxime, All,

On 2020-12-28 17:11 +0100, Maxime Chevallier spake thusly:
> This is the second iteration of the series adding matching between
> packages and the SELinux refpolicy module that supports them.

Series applied to master, thanks. I did some tweaks to one patch, I'll
be replying separately to that one.

Regards,
Yann E. MORIN.

> Maxime
> 
> Maxime Chevallier (14):
>   package/iwd: add SELinux module
>   package/network-manager: add SELinux module
>   package/wpa_supplicant: add SELinux module
>   package/ebtables: add SELinux module
>   package/ipset: add SELinux module
>   package/iptables: add SELinux module
>   package/nftables: add SELinux module
>   package/fping: add SELinux module
>   package/iputils: add SELinux module
>   package/mtr: add SELinux module
>   package/nmap: add SELinux module
>   package/tcpdump: add SELinux module
>   package/haveged: add SELinux module
>   package/jitterentropy-library: add SELinux module
> 
>  package/ebtables/ebtables.mk                     |  1 +
>  package/fping/fping.mk                           |  1 +
>  package/haveged/haveged.mk                       |  1 +
>  package/ipset/ipset.mk                           |  1 +
>  package/iptables/iptables.mk                     |  2 ++
>  package/iputils/iputils.mk                       | 16 ++++++++++++++++
>  package/iwd/iwd.mk                               |  1 +
>  .../jitterentropy-library.mk                     |  1 +
>  package/mtr/mtr.mk                               |  1 +
>  package/network-manager/network-manager.mk       |  1 +
>  package/nftables/nftables.mk                     |  1 +
>  package/nmap/nmap.mk                             |  1 +
>  package/tcpdump/tcpdump.mk                       |  1 +
>  package/wpa_supplicant/wpa_supplicant.mk         |  1 +
>  14 files changed, 30 insertions(+)
> 
> -- 
> 2.25.4
> 
> _______________________________________________
> buildroot mailing list
> buildroot@busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot