mirror of
https://github.com/home-assistant/operating-system.git
synced 2025-11-18 07:09:28 +00:00
a0871be6c0
* Update buildroot-patches for 2020.11-rc1 buildroot * Update buildroot to 2020.11-rc1 Signed-off-by: Stefan Agner <stefan@agner.ch> * Don't rely on sfdisk --list-free output The --list-free (-F) argument does not allow machine readable mode. And it seems that the output format changes over time (different spacing, using size postfixes instead of raw blocks). Use sfdisk json output and calculate free partition space ourselfs. This works for 2.35 and 2.36 and is more robust since we rely on output which is meant for scripts to parse. * Migrate defconfigs for Buildroot 2020.11-rc1 In particular, rename BR2_TARGET_UBOOT_BOOT_SCRIPT(_SOURCE) to BR2_PACKAGE_HOST_UBOOT_TOOLS_BOOT_SCRIPT(_SOURCE). * Rebase/remove systemd patches for systemd 246 * Drop apparmor/libapparmor from buildroot-external * hassos-persists: use /run as directory for lockfiles The U-Boot tools use /var/lock by default which is not created any more by systemd by default (it is under tmpfiles legacy.conf, which we no longer install). * Disable systemd-update-done.service The service is not suited for pure read-only systems. In particular the service needs to be able to write a file in /etc and /var. Remove the service. Note: This is a static service and cannot be removed using systemd-preset. * Disable apparmor.service for now The service loads all default profiles. Some might actually cause problems. E.g. the profile for ping seems not to match our setup for /etc/resolv.conf: [85503.634653] audit: type=1400 audit(1605286002.684:236): apparmor="DENIED" operation="open" profile="ping" name="/run/resolv.conf" pid=27585 comm="ping" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
49 lines
1.4 KiB
Plaintext
49 lines
1.4 KiB
Plaintext
config BR2_PACKAGE_SELINUX_PYTHON
|
|
bool "selinux-python"
|
|
depends on !BR2_PACKAGE_PYTHON
|
|
depends on BR2_USE_MMU
|
|
depends on BR2_USE_WCHAR
|
|
depends on BR2_TOOLCHAIN_HAS_THREADS
|
|
depends on !BR2_STATIC_LIBS
|
|
select BR2_PACKAGE_PYTHON3
|
|
help
|
|
A set of SELinux tools written in python that help with
|
|
managing a system with SELinux enabled. If no packages are
|
|
selected nothing will actually be built.
|
|
|
|
https://github.com/SELinuxProject/selinux/wiki
|
|
|
|
if BR2_PACKAGE_SELINUX_PYTHON
|
|
|
|
config BR2_PACKAGE_SELINUX_PYTHON_AUDIT2ALLOW
|
|
bool "audit2allow"
|
|
select BR2_PACKAGE_CHECKPOLICY
|
|
select BR2_PACKAGE_SELINUX_PYTHON_SEPOLGEN
|
|
select BR2_PACKAGE_SEMODULE_UTILS
|
|
help
|
|
This module installs two programs:
|
|
|
|
audit2allow - Generate SELinux policy allow/dontaudit rules
|
|
from logs of denied operations.
|
|
|
|
audit2why - translates SELinux audit messages into a
|
|
description of why the access was denied (audit2allow -w)
|
|
|
|
config BR2_PACKAGE_SELINUX_PYTHON_SEPOLGEN
|
|
bool "sepolgen"
|
|
select BR2_PACKAGE_SEMODULE_UTILS
|
|
help
|
|
This package contains a Python module that allows you to
|
|
generate an initial SELinux policy module template.
|
|
|
|
endif
|
|
|
|
comment "selinux-python needs python3"
|
|
depends on BR2_USE_MMU
|
|
depends on BR2_PACKAGE_PYTHON
|
|
|
|
comment "selinux-python packages needs a toolchain w/ wchar, threads, dynamic library"
|
|
depends on BR2_USE_MMU
|
|
depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
|
|
BR2_STATIC_LIBS
|