Name refpolicy-targeted
Version 2.20210203+gitX
Summary SELinux targeted policy
Description This is the targeted variant of the SELinux reference policy. Most service domains are locked down. Users and admins will login in with unconfined_t domain, so they have the same access to the system as if SELinux was not enabled.
Section admin
License GPLv2
Homepage
Recipe file recipes-security/refpolicy/refpolicy-targeted_git.bb
recipes-security/refpolicy/refpolicy_git.inc
recipes-security/refpolicy/refpolicy_common.inc
Layer meta-selinux (hardknott branch)
Inherits
  • python3-dir
  • python3native
Dependencies
  • bzip2-replacement-native
  • checkpolicy-native
  • m4-native
  • policycoreutils-native
  • python3-native
  • semodule-utils-native
  • virtual/i686-oe-linux-compilerlibs
  • virtual/i686-oe-linux-gcc
  • virtual/libc
PACKAGECONFIG options

Sources

git://github.com/SELinuxProject/refpolicy.git

Patches

Patch Status
refpolicy/0001-fc-subs-volatile-alias-common-var-volatile-paths.patch Inappropriate [embedded specific]
refpolicy/0002-fc-subs-busybox-set-aliases-for-bin-sbin-and-usr.patch Inappropriate [embedded specific]
refpolicy/0003-fc-hostname-apply-policy-to-common-yocto-hostname-al.patch Inappropriate [embedded specific]
refpolicy/0004-fc-bash-apply-usr-bin-bash-context-to-bin-bash.bash.patch Inappropriate [embedded specific]
refpolicy/0005-fc-resolv.conf-label-resolv.conf-in-var-run-properly.patch Inappropriate [embedded specific]
refpolicy/0006-fc-login-apply-login-context-to-login.shadow.patch Inappropriate [embedded specific]
refpolicy/0007-fc-bind-fix-real-path-for-bind.patch Inappropriate [embedded specific]
refpolicy/0008-fc-hwclock-add-hwclock-alternatives.patch Inappropriate [embedded specific]
refpolicy/0009-fc-dmesg-apply-policy-to-dmesg-alternatives.patch Inappropriate [embedded specific]
refpolicy/0010-fc-ssh-apply-policy-to-ssh-alternatives.patch Inappropriate [embedded specific]
refpolicy/0011-fc-sysnetwork-apply-policy-to-ip-alternatives.patch Inappropriate [embedded specific]
refpolicy/0012-fc-udev-apply-policy-to-udevadm-in-libexec.patch Inappropriate [embedded specific]
refpolicy/0013-fc-rpm-apply-rpm_exec-policy-to-cpio-binaries.patch Inappropriate [embedded specific]
refpolicy/0014-fc-su-apply-policy-to-su-alternatives.patch Inappropriate [embedded specific]
refpolicy/0015-fc-fstools-fix-real-path-for-fstools.patch Inappropriate [embedded specific]
refpolicy/0016-fc-init-fix-update-alternatives-for-sysvinit.patch Inappropriate [embedded specific]
refpolicy/0017-fc-brctl-apply-policy-to-brctl-alternatives.patch Inappropriate [embedded specific]
refpolicy/0018-fc-corecommands-apply-policy-to-nologin-alternatives.patch Inappropriate [embedded specific]
refpolicy/0019-fc-locallogin-apply-policy-to-sulogin-alternatives.patch Inappropriate [embedded specific]
refpolicy/0020-fc-ntp-apply-policy-to-ntpd-alternatives.patch Inappropriate [embedded specific]
refpolicy/0021-fc-kerberos-apply-policy-to-kerberos-alternatives.patch Inappropriate [embedded specific]
refpolicy/0022-fc-ldap-apply-policy-to-ldap-alternatives.patch Inappropriate [embedded specific]
refpolicy/0023-fc-postgresql-apply-policy-to-postgresql-alternative.patch Inappropriate [embedded specific]
refpolicy/0024-fc-screen-apply-policy-to-screen-alternatives.patch Inappropriate [embedded specific]
refpolicy/0025-fc-usermanage-apply-policy-to-usermanage-alternative.patch Inappropriate [embedded specific]
refpolicy/0026-fc-getty-add-file-context-to-start_getty.patch Inappropriate [embedded specific]
refpolicy/0027-fc-init-add-file-context-to-etc-network-if-files.patch Inappropriate [embedded specific]
refpolicy/0028-fc-vlock-apply-policy-to-vlock-alternatives.patch Inappropriate [embedded specific]
refpolicy/0029-fc-cron-apply-policy-to-etc-init.d-crond.patch Inappropriate [embedded specific]
refpolicy/0030-fc-sysnetwork-update-file-context-for-ifconfig.patch Inappropriate [embedded specific]
refpolicy/0031-file_contexts.subs_dist-set-aliase-for-root-director.patch Inappropriate [embedded specific]
refpolicy/0032-policy-modules-system-logging-add-rules-for-the-syml.patch Inappropriate [embedded specific]
refpolicy/0033-policy-modules-system-logging-add-rules-for-syslogd-.patch Inappropriate [embedded specific]
refpolicy/0034-policy-modules-kernel-files-add-rules-for-the-symlin.patch Inappropriate [embedded specific]
refpolicy/0035-policy-modules-system-logging-fix-auditd-startup-fai.patch Inappropriate [embedded specific]
refpolicy/0036-policy-modules-kernel-terminal-don-t-audit-tty_devic.patch Inappropriate [embedded specific]
refpolicy/0037-policy-modules-system-modutils-allow-mod_t-to-access.patch Inappropriate [embedded specific]
refpolicy/0038-policy-modules-services-avahi-allow-avahi_t-to-watch.patch Inappropriate [embedded specific]
refpolicy/0039-policy-modules-system-getty-allow-getty_t-to-search-.patch Inappropriate [embedded specific]
refpolicy/0040-policy-modules-services-bluetooth-fix-bluetoothd-sta.patch Inappropriate [embedded specific]
refpolicy/0041-policy-modules-roles-sysadm-allow-sysadm-to-run-rpci.patch Inappropriate [embedded specific]
refpolicy/0042-policy-modules-services-rpc-add-capability-dac_read_.patch Inappropriate [embedded specific]
refpolicy/0043-policy-modules-services-rpcbind-allow-rpcbind_t-to-c.patch Inappropriate [embedded specific]
refpolicy/0044-policy-modules-services-rngd-fix-security-context-fo.patch Inappropriate [embedded specific]
refpolicy/0045-policy-modules-services-ssh-allow-ssh_keygen_t-to-re.patch Inappropriate [embedded specific]
refpolicy/0046-policy-modules-services-ssh-make-respective-init-scr.patch Inappropriate [embedded specific]
refpolicy/0047-policy-modules-kernel-terminal-allow-loging-to-reset.patch Inappropriate [embedded specific]
refpolicy/0048-policy-modules-system-selinuxutil-allow-semanage_t-t.patch Inappropriate [embedded specific]
refpolicy/0049-policy-modules-system-systemd-enable-support-for-sys.patch Inappropriate [embedded specific]
refpolicy/0050-policy-modules-system-systemd-fix-systemd-resolved-s.patch Inappropriate [embedded specific]
refpolicy/0051-policy-modules-system-init-add-capability2-bpf-and-p.patch Inappropriate [embedded specific]
refpolicy/0052-policy-modules-system-systemd-allow-systemd_logind_t.patch Inappropriate [embedded specific]
refpolicy/0053-policy-modules-system-logging-set-label-devlog_t-to-.patch Inappropriate [embedded specific]
refpolicy/0054-policy-modules-system-systemd-support-systemd-user.patch Inappropriate [embedded specific]
refpolicy/0055-policy-modules-system-systemd-allow-systemd-generato.patch Inappropriate [embedded specific]
refpolicy/0056-policy-modules-system-systemd-allow-systemd_backligh.patch Inappropriate [embedded specific]
refpolicy/0057-policy-modules-system-logging-fix-systemd-journald-s.patch Inappropriate [embedded specific]
refpolicy/0058-policy-modules-services-cron-allow-crond_t-to-search.patch Inappropriate [embedded specific]
refpolicy/0059-policy-modules-services-crontab-allow-sysadm_r-to-ru.patch Inappropriate [embedded specific]
refpolicy/0060-policy-modules-system-sysnetwork-support-priviledge-.patch Inappropriate [embedded specific]
refpolicy/0061-policy-modules-services-acpi-allow-acpid-to-watch-th.patch Inappropriate [embedded specific]
refpolicy/0062-policy-modules-system-setrans-allow-setrans-to-acces.patch Inappropriate [embedded specific]
refpolicy/0063-policy-modules-system-modutils-allow-kmod_t-to-write.patch Inappropriate [embedded specific]
refpolicy/0064-policy-modules-roles-sysadm-allow-sysadm_t-to-watch-.patch Inappropriate [embedded specific]
refpolicy/0065-policy-modules-system-selinux-allow-setfiles_t-to-re.patch Inappropriate [embedded specific]
refpolicy/0066-policy-modules-system-mount-make-mount_t-domain-MLS-.patch Inappropriate [embedded specific]
refpolicy/0067-policy-modules-roles-sysadm-MLS-sysadm-rw-to-clearan.patch Inappropriate [embedded specific]
refpolicy/0068-policy-modules-services-rpc-make-nfsd_t-domain-MLS-t.patch Inappropriate [embedded specific]
refpolicy/0069-policy-modules-admin-dmesg-make-dmesg_t-MLS-trusted-.patch Inappropriate [embedded specific]
refpolicy/0070-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch Inappropriate [embedded specific]
refpolicy/0071-policy-modules-system-init-make-init_t-MLS-trusted-f.patch Inappropriate [embedded specific]
refpolicy/0072-policy-modules-system-systemd-make-systemd-tmpfiles_.patch Inappropriate [embedded specific]
refpolicy/0073-policy-modules-system-logging-add-the-syslogd_t-to-t.patch Inappropriate [embedded specific]
refpolicy/0074-policy-modules-system-init-make-init_t-MLS-trusted-f.patch Inappropriate [embedded specific]
refpolicy/0075-policy-modules-system-init-all-init_t-to-read-any-le.patch Inappropriate [embedded specific]
refpolicy/0076-policy-modules-system-logging-allow-auditd_t-to-writ.patch Inappropriate [embedded specific]
refpolicy/0077-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch Inappropriate [embedded specific]
refpolicy/0078-policy-modules-system-systemd-make-systemd-logind-do.patch Inappropriate [embedded specific]
refpolicy/0079-policy-modules-system-systemd-systemd-user-sessions-.patch Inappropriate [embedded specific]
refpolicy/0080-policy-modules-system-systemd-systemd-make-systemd_-.patch Inappropriate [embedded specific]
refpolicy/0081-policy-modules-services-ntp-make-nptd_t-MLS-trusted-.patch Inappropriate [embedded specific]
refpolicy/0082-policy-modules-system-setrans-allow-setrans_t-use-fd.patch Inappropriate [embedded specific]
refpolicy/0083-policy-modules-services-acpi-make-acpid_t-domain-MLS.patch Inappropriate [embedded specific]
refpolicy/0084-policy-modules-services-avahi-make-avahi_t-MLS-trust.patch Inappropriate [embedded specific]
refpolicy/0085-policy-modules-services-bluetooth-make-bluetooth_t-d.patch Inappropriate [embedded specific]
refpolicy/0086-policy-modules-system-sysnetwork-make-dhcpc_t-domain.patch Inappropriate [embedded specific]
refpolicy/0087-policy-modules-services-inetd-make-inetd_t-domain-ML.patch Inappropriate [embedded specific]
refpolicy/0088-policy-modules-services-bind-make-named_t-domain-MLS.patch Inappropriate [embedded specific]
refpolicy/0089-policy-modules-services-rpc-make-rpcd_t-MLS-trusted-.patch Inappropriate [embedded specific]
refpolicy/0090-policy-modules-system-systemd-make-_systemd_t-MLS-tr.patch Inappropriate [embedded specific]
refpolicy/0001-refpolicy-targeted-make-unconfined_u-the-default-sel.patch Inappropriate [configuration]

Other branches

This recipe in other branches of meta-selinux:

Branch Recipe
master refpolicy-targeted 2.20240226+git
scarthgap (Yocto Project 5.0) refpolicy-targeted 2.20240226+git
nanbield (Yocto Project 4.3) refpolicy-targeted 2.20231002+gitX
mickledore (Yocto Project 4.2) refpolicy-targeted 2.20221101+gitX
langdale (Yocto Project 4.1) refpolicy-targeted 2.20221101+gitX
kirkstone (Yocto Project 4.0) refpolicy-targeted 2.20210908+gitX
honister (Yocto Project 3.4) refpolicy-targeted 2.20210203+gitX
hardknott (Yocto Project 3.3) refpolicy-targeted 2.20210203+gitX (this recipe)
gatesgarth (Yocto Project 3.2) refpolicy-targeted 2.20200229+gitX
dunfell (Yocto Project 3.1) refpolicy-targeted 2.20200229+gitX
zeus (Yocto Project 3.0) refpolicy-targeted 2.20190201
zeus (Yocto Project 3.0) refpolicy-targeted 2.20190201+gitX
warrior (Yocto Project 2.7) refpolicy-targeted 2.20190201
warrior (Yocto Project 2.7) refpolicy-targeted 2.20190201+gitX
thud (Yocto Project 2.6) refpolicy-targeted 2.20170204
thud (Yocto Project 2.6) refpolicy-targeted 2.20170805+gitX
sumo (Yocto Project 2.5) refpolicy-targeted 2.20170204
sumo (Yocto Project 2.5) refpolicy-targeted 2.20170805+gitX
rocko (Yocto Project 2.4) refpolicy-targeted 2.20170204
rocko (Yocto Project 2.4) refpolicy-targeted 2.20170805+gitX
morty (Yocto Project 2.2) refpolicy-targeted git
morty (Yocto Project 2.2) refpolicy-targeted 2.20151208
jethro (Yocto Project 2.0) refpolicy-targeted git
jethro (Yocto Project 2.0) refpolicy-targeted 2.20141203
jethro (Yocto Project 2.0) refpolicy-targeted 2.20140311
fido (Yocto Project 1.8) refpolicy-targeted 2.20140311
dizzy (Yocto Project 1.7) refpolicy-targeted 2.20140311