mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-27 01:11:14 +00:00
9a5f385732
a857b45 resolv/locale: eventually this should be more efficient 11ed281 some more optimization 764a475 add redundant calls to file.search_conffile_dirs() 7d4558e fs: treat devtmpfs that same as tmpfs 81b677e adds irqbalance skeleton 5506244 irqbalance rules cc96cd8 adds usbutil and gtpfdisk skels 01e2a55 some fsck, gptfdisk, mkfs and usbutil rules d6d1e7d usbutil: output to terminal da576fa fsck, gptfdisk and usbutil rules 09b39e9 unbound 241a029 hotplugcall: allow dac_read_search (is a subset of dac_override) af0fe90 adds label for tcsh 160f79e adds tcpdump 6d02b96 adds coreutil execfile for busybox alternatives ac54884 coreutilexecfile: these are known to require privileges, so exclude 8cb3b66 adds chrootexecfile 6d329d3 this saves 9KiB and its a bit more robust 88e2425 move addpart/delpart/partx to gptfdisk.cil 261012d ntphotplug: reads ubox data files 0473ace various 740e820 work through to genfs_seclabel_symlinks loose ends (Linux 5.10) bef21f5 TODO adds a note about how I dont need to upgrade to polver 33 from 31 cb2e5a3 ubus uses ntpdhotplug fd, and some genfs_seclabel_symlink changes 07df9b9 luci, rpcd and wpad (mainly genfs_selabel related but not all) 8d86cab genfs_seclabel loose ends for blockmount, hotplugcall, irqbalance, zram-swap b8156cd adds a note about how i forgot to target blockd 6e82ab8 adds blockd and related 254ff43 Makefile: exclude blockd from mintesttgt 4dc6bc2 pppd update related and unbound-odhcp rules 3d7da7a igmpproxy tidy some loose ends c84ba0f rcigmpproxy: add entries to /etc when creating /etc/igmpproxy.conf 5a18967 adds igmpproxy skeleton 7e6a218 logread: support resolving dns names e39ca8b netifd: add support for /etc/udhcpc.user 7952bd0 odhcp6c: support /etc/odhcp6c.user ba0eb4e swconfig, fwenv, agent 4556b8a pppd cosmetic 9324d9d pppd: sends AT commands to model using /dev/ttyUSBN 417b14a ttydev: add some more ttyUSB ed739dc example: dont depend on policycoreutils 97613f9 dropbear: using dropbear as scp: dns name resolving 12c193b dropbear tcp connect ssh ports for scp c050077 rcdnsmasq: remove redundant rule and make rcsysntpd optional 8c5de35 this is a bug 8d5c463 uhttpd rcboot rcdnsmasq 094266e hostapd and wpa_supplicant aef0bd7 mountroot: maintains /tmp/sysupgrade.tar 24f0406 dropbear: allow it to read tmp.fs files 2901433 firstboot mkfsf2fs rcboot 2c4afb7 blockmount mmc 465ca98 adds industrial i/o (iio) nodedev 82f686e mtd stordev: back that ubiblock0_4p1 up with a filecon 7df78bd ubus: "support" older ubusd versions that run as root 4458bce swconfig: allow using terminal (to print output) e8d606d sslcert: openssl linked: this shaves off 200 bytes 93afffb jshn ntpdhotplug 0b847f0 wpad: reads /etc/ssl/openssl.cnf f14ee34 indent fix a0c7cad mtd, uhttpd, ubus and ntpdhotplug d74f98f adds a not about checkreqprot requirement in some scenarios affacce example: add policycoreutils-setfiles for make check 4f944dc kmodloader and fwenv: efe36a3 netifd: adds a comment/reminder 581b087 more fw_printenv loose ends 30177a4 fw_setenv: needs mtd write access to set and delete env da28f4c fw_printenv: some minor clean ups a062053 fw_printenv missing rules 244ba5f blockmount: extroot and /rwm 0745a6a squid: allow squid to run sslcrtd with domain transition b851df6 squid fix 8c55acd squid: adds certfile and allow connect http but... b7c1f6d Makefile: exclude tinyproxy from mintesttgt (using squid) 5ff39bd squid: forgot about luci 5366c97 squid/rcsquid some basic fill in 8743da6 squid skeleton 687a43b adds squid 3128 port to httpproxy port Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> (cherry squashed from commit3ffc30f05a
and commit41a8f093fb
) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
55 lines
1.7 KiB
Makefile
55 lines
1.7 KiB
Makefile
#
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
# See /LICENSE for more information.
|
|
#
|
|
|
|
include $(TOPDIR)/rules.mk
|
|
|
|
PKG_NAME:=selinux-policy
|
|
PKG_SOURCE_PROTO:=git
|
|
PKG_SOURCE_URL:=https://git.defensec.nl/selinux-policy.git
|
|
PKG_VERSION:=0.8
|
|
PKG_MIRROR_HASH:=3b58f751a21394e3aef47fd6c9fe9430fadde6427deb5c79f08478904837ec91
|
|
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
|
|
PKG_BUILD_DEPENDS:=secilc/host policycoreutils/host
|
|
|
|
PKG_MAINTAINER:=Dominick Grift <dominick.grift@defensec.nl>
|
|
PKG_CPE_ID:=cpe:/a:defensec:selinux-policy
|
|
PKG_LICENSE:=Unlicense
|
|
PKG_LICENSE_FILES:=LICENSE
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
|
|
define Package/selinux-policy
|
|
SECTION:=system
|
|
CATEGORY:=Base system
|
|
TITLE:=SELinux security policy for OpenWrt
|
|
URL:=https://git.defensec.nl/?p=selinux-policy.git;a=summary
|
|
PKGARCH:=all
|
|
endef
|
|
|
|
define Package/selinux-policy/description
|
|
Basic SELinux Security Policy designed specifically for
|
|
OpenWrt and written in Common Intermediate Language.
|
|
endef
|
|
|
|
define Build/Compile
|
|
$(call Build/Compile/Default,policy)
|
|
endef
|
|
|
|
define Package/selinux-policy/conffiles
|
|
/etc/selinux/config
|
|
endef
|
|
|
|
define Package/selinux-policy/install
|
|
$(INSTALL_DIR) $(1)/etc/selinux/$(PKG_NAME)/contexts/files/
|
|
$(INSTALL_DIR) $(1)/etc/selinux/$(PKG_NAME)/policy/
|
|
$(INSTALL_DATA) $(PKG_BUILD_DIR)/customizable_types $(1)/etc/selinux/$(PKG_NAME)/contexts/
|
|
$(INSTALL_DATA) $(PKG_BUILD_DIR)/file_contexts.subs_dist $(1)/etc/selinux/$(PKG_NAME)/contexts/files/
|
|
$(INSTALL_DATA) $(PKG_BUILD_DIR)/file_contexts $(1)/etc/selinux/$(PKG_NAME)/contexts/files/
|
|
$(INSTALL_CONF) $(PKG_BUILD_DIR)/policy.* $(1)/etc/selinux/$(PKG_NAME)/policy/
|
|
$(INSTALL_DATA) ./files/selinux-config $(1)/etc/selinux/config
|
|
endef
|
|
|
|
$(eval $(call BuildPackage,selinux-policy))
|