jeans/motioneyeos
jeans/motioneyeos
1
0
Fork 0
mirror of https://github.com/motioneye-project/motioneyeos.git synced 2025-07-29 14:16:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

policycoreutils: add option to build audit2allow

Browse Source 
This python utility scans the logs for messages logged when the system
denied permission for operations, and  generates  a snippet of policy
rules which, if loaded into policy, might have allowed  those operations
to succeed.  However, this utility only generates Type Enforcement (TE)
allow rules.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Thomas: adjust Config.in to propagate the dependencies of sepolgen,
checkpolicy and python3.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit is contained in:
Adam Duskett 2017-02-02 17:45:05 -05:00 committed by Thomas Petazzoni
parent eb77bd3dab
commit 005a5f33f2
2 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
package/policycoreutils/Config.in
View File

@ -45,6 +45,26 @@ config BR2_PACKAGE_POLICYCOREUTILS
if BR2_PACKAGE_POLICYCOREUTILS if BR2_PACKAGE_POLICYCOREUTILS
config BR2_PACKAGE_POLICYCOREUTILS_AUDIT2ALLOW
bool "audit2allow"
depends on BR2_USE_WCHAR # python3, sepolgen
depends on BR2_USE_MMU # python3, sepolgen
depends on BR2_TOOLCHAIN_HAS_THREADS # python3, sepolgen, checkpolicy
depends on !BR2_STATIC_LIBS # python3, sepolgen
depends on BR2_TOOLCHAIN_USES_GLIBC # checkpolicy
depends on !BR2_arc # checkpolicy
select BR2_PACKAGE_SEPOLGEN
select BR2_PACKAGE_CHECKPOLICY
select BR2_PACKAGE_PYTHON3 if !BR2_PACKAGE_PYTHON
help
Enable audit2allow to be built
comment "audit2allow needs a glibc toolchain w/ wchar, threads, dynamic library"
depends on BR2_USE_MMU
depends on !BR2_arc
depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
BR2_STATIC_LIBS
config BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND config BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND
bool "restorecond" bool "restorecond"
select BR2_PACKAGE_LIBGLIB2 select BR2_PACKAGE_LIBGLIB2

14
package/policycoreutils/policycoreutils.mk
View File

@ -50,6 +50,20 @@ ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND),y)
POLICYCOREUTILS_MAKE_DIRS += restorecond POLICYCOREUTILS_MAKE_DIRS += restorecond
POLICYCOREUTILS_DEPENDENCIES += libglib2 POLICYCOREUTILS_DEPENDENCIES += libglib2
endif endif
ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_AUDIT2ALLOW),y)
ifeq ($(BR2_PACKAGE_PYTHON3),y)
POLICYCOREUTILS_DEPENDENCIES += python3
POLICYCOREUTILS_MAKE_OPTS += PYLIBVER="python$(PYTHON3_VERSION_MAJOR)"
else
POLICYCOREUTILS_DEPENDENCIES += python
POLICYCOREUTILS_MAKE_OPTS += PYLIBVER="python$(PYTHON_VERSION_MAJOR)"
endif
POLICYCOREUTILS_DEPENDENCIES += sepolgen checkpolicy
POLICYCOREUTILS_MAKE_DIRS += audit2allow
endif
# We need to pass DESTDIR at build time because it's used by # We need to pass DESTDIR at build time because it's used by
# policycoreutils build system to find headers and libraries. # policycoreutils build system to find headers and libraries.
define POLICYCOREUTILS_BUILD_CMDS define POLICYCOREUTILS_BUILD_CMDS