Name refpolicy-minimum
Version 2.20210908+gitX
Summary SELinux minimum policy
Description This is a minimum reference policy with just core policy modules, and could be used as a base for customizing targeted policy. Pretty much everything runs as initrc_t or unconfined_t so all of the domains are unconfined.
Section admin
License GPL-2.0-only
Homepage
Recipe file recipes-security/refpolicy/refpolicy-minimum_git.bb
recipes-security/refpolicy/refpolicy-targeted_git.bb
recipes-security/refpolicy/refpolicy_git.inc
recipes-security/refpolicy/refpolicy_common.inc
Layer meta-selinux (kirkstone branch)
Inherits
  • python3-dir
  • python3native
Dependencies
  • bzip2-replacement-native
  • checkpolicy-native
  • m4-native
  • policycoreutils-native
  • python3-native
  • semodule-utils-native
  • virtual/i686-oe-linux-compilerlibs
  • virtual/i686-oe-linux-gcc
  • virtual/libc
PACKAGECONFIG options

Sources

git://github.com/SELinuxProject/refpolicy.git

Patches

Patch Status
refpolicy/0001-fc-subs-volatile-alias-common-var-volatile-paths.patch Inappropriate [embedded specific]
refpolicy/0002-fc-subs-busybox-set-aliases-for-bin-sbin-and-usr.patch Inappropriate [embedded specific]
refpolicy/0003-fc-hostname-apply-policy-to-common-yocto-hostname-al.patch Inappropriate [embedded specific]
refpolicy/0004-fc-bash-apply-usr-bin-bash-context-to-bin-bash.bash.patch Inappropriate [embedded specific]
refpolicy/0005-fc-resolv.conf-label-resolv.conf-in-var-run-properly.patch Inappropriate [embedded specific]
refpolicy/0006-fc-login-apply-login-context-to-login.shadow.patch Inappropriate [embedded specific]
refpolicy/0007-fc-hwclock-add-hwclock-alternatives.patch Inappropriate [embedded specific]
refpolicy/0008-fc-dmesg-apply-policy-to-dmesg-alternatives.patch Inappropriate [embedded specific]
refpolicy/0009-fc-ssh-apply-policy-to-ssh-alternatives.patch Inappropriate [embedded specific]
refpolicy/0010-fc-sysnetwork-apply-policy-to-network-commands-alter.patch Inappropriate [embedded specific]
refpolicy/0011-fc-udev-apply-policy-to-udevadm-in-libexec.patch Inappropriate [embedded specific]
refpolicy/0012-fc-rpm-apply-rpm_exec-policy-to-cpio-binaries.patch Inappropriate [embedded specific]
refpolicy/0013-fc-su-apply-policy-to-su-alternatives.patch Inappropriate [embedded specific]
refpolicy/0014-fc-fstools-fix-real-path-for-fstools.patch Inappropriate [embedded specific]
refpolicy/0015-fc-init-fix-update-alternatives-for-sysvinit.patch Inappropriate [embedded specific]
refpolicy/0016-fc-brctl-apply-policy-to-brctl-alternatives.patch Inappropriate [embedded specific]
refpolicy/0017-fc-corecommands-apply-policy-to-nologin-alternatives.patch Inappropriate [embedded specific]
refpolicy/0018-fc-locallogin-apply-policy-to-sulogin-alternatives.patch Inappropriate [embedded specific]
refpolicy/0019-fc-ntp-apply-policy-to-ntpd-alternatives.patch Inappropriate [embedded specific]
refpolicy/0020-fc-kerberos-apply-policy-to-kerberos-alternatives.patch Inappropriate [embedded specific]
refpolicy/0021-fc-ldap-apply-policy-to-ldap-alternatives.patch Inappropriate [embedded specific]
refpolicy/0022-fc-postgresql-apply-policy-to-postgresql-alternative.patch Inappropriate [embedded specific]
refpolicy/0023-fc-screen-apply-policy-to-screen-alternatives.patch Inappropriate [embedded specific]
refpolicy/0024-fc-usermanage-apply-policy-to-usermanage-alternative.patch Inappropriate [embedded specific]
refpolicy/0025-fc-getty-add-file-context-to-start_getty.patch Inappropriate [embedded specific]
refpolicy/0026-fc-vlock-apply-policy-to-vlock-alternatives.patch Inappropriate [embedded specific]
refpolicy/0027-fc-add-fcontext-for-init-scripts-and-systemd-service.patch Inappropriate [embedded specific]
refpolicy/0028-file_contexts.subs_dist-set-aliase-for-root-director.patch Inappropriate [embedded specific]
refpolicy/0029-policy-modules-system-logging-add-rules-for-the-syml.patch Inappropriate [embedded specific]
refpolicy/0030-policy-modules-system-logging-add-rules-for-syslogd-.patch Inappropriate [embedded specific]
refpolicy/0031-policy-modules-kernel-files-add-rules-for-the-symlin.patch Inappropriate [embedded specific]
refpolicy/0032-policy-modules-system-logging-fix-auditd-startup-fai.patch Inappropriate [embedded specific]
refpolicy/0033-policy-modules-kernel-terminal-don-t-audit-tty_devic.patch Inappropriate [embedded specific]
refpolicy/0034-policy-modules-system-modutils-allow-mod_t-to-access.patch Inappropriate [embedded specific]
refpolicy/0035-policy-modules-system-getty-allow-getty_t-to-search-.patch Inappropriate [embedded specific]
refpolicy/0036-policy-modules-services-rpcbind-allow-rpcbind_t-to-c.patch Inappropriate [embedded specific]
refpolicy/0037-policy-modules-admin-usermanage-allow-useradd-to-rel.patch Inappropriate [embedded specific]
refpolicy/0038-policy-modules-system-systemd-enable-support-for-sys.patch Inappropriate [embedded specific]
refpolicy/0039-policy-modules-system-systemd-fix-systemd-resolved-s.patch Inappropriate [embedded specific]
refpolicy/0040-policy-modules-system-systemd-allow-systemd_-_t-to-g.patch Inappropriate [embedded specific]
refpolicy/0041-policy-modules-system-logging-fix-syslogd-failures-f.patch Inappropriate [embedded specific]
refpolicy/0042-policy-modules-system-systemd-systemd-user-fixes.patch Inappropriate [embedded specific]
refpolicy/0043-policy-modules-system-sysnetwork-support-priviledge-.patch Inappropriate [embedded specific]
refpolicy/0044-policy-modules-system-modutils-allow-kmod_t-to-write.patch Inappropriate [embedded specific]
refpolicy/0045-policy-modules-system-systemd-allow-systemd_logind_t.patch Pending
refpolicy/0046-policy-modules-system-mount-make-mount_t-domain-MLS-.patch Inappropriate [embedded specific]
refpolicy/0047-policy-modules-roles-sysadm-MLS-sysadm-rw-to-clearan.patch Inappropriate [embedded specific]
refpolicy/0048-policy-modules-services-rpc-make-nfsd_t-domain-MLS-t.patch Inappropriate [embedded specific]
refpolicy/0049-policy-modules-admin-dmesg-make-dmesg_t-MLS-trusted-.patch Inappropriate [embedded specific]
refpolicy/0050-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch Inappropriate [embedded specific]
refpolicy/0051-policy-modules-system-init-make-init_t-MLS-trusted-f.patch Inappropriate [embedded specific]
refpolicy/0052-policy-modules-system-systemd-make-systemd-tmpfiles_.patch Inappropriate [embedded specific]
refpolicy/0053-policy-modules-system-systemd-systemd-make-systemd_-.patch Inappropriate [embedded specific]
refpolicy/0054-policy-modules-system-logging-add-the-syslogd_t-to-t.patch Inappropriate [embedded specific]
refpolicy/0055-policy-modules-system-init-make-init_t-MLS-trusted-f.patch Inappropriate [embedded specific]
refpolicy/0056-policy-modules-system-init-all-init_t-to-read-any-le.patch Inappropriate [embedded specific]
refpolicy/0057-policy-modules-system-logging-allow-auditd_t-to-writ.patch Inappropriate [embedded specific]
refpolicy/0058-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch Inappropriate [embedded specific]
refpolicy/0059-policy-modules-system-setrans-allow-setrans_t-use-fd.patch Inappropriate [embedded specific]
refpolicy/0060-policy-modules-system-systemd-make-_systemd_t-MLS-tr.patch Inappropriate [embedded specific]
refpolicy/0061-policy-modules-system-logging-make-syslogd_runtime_t.patch Pending
refpolicy/0062-systemd-systemd-resolved-is-linked-to-libselinux.patch Backport
refpolicy/0063-sysnetwork-systemd-allow-DNS-resolution-over-io.syst.patch Backport
refpolicy/0064-term-init-allow-systemd-to-watch-and-watch-reads-on-.patch Backport
refpolicy/0065-systemd-add-file-transition-for-systemd-networkd-run.patch Backport
refpolicy/0066-systemd-add-missing-file-context-for-run-systemd-net.patch Backport
refpolicy/0067-systemd-add-file-contexts-for-systemd-network-genera.patch Backport
refpolicy/0068-systemd-udev-allow-udev-to-read-systemd-networkd-run.patch Backport
refpolicy/0069-fc-fstools-apply-policy-to-findfs-alternative.patch Inappropriate [embedded specific]
refpolicy/0001-refpolicy-targeted-make-unconfined_u-the-default-sel.patch Inappropriate [configuration]
refpolicy/0002-refpolicy-targeted-add-capability2-bpf-and-perfmon-f.patch Inappropriate [embedded specific]
refpolicy/0001-refpolicy-minimum-make-sysadmin-module-optional.patch Inappropriate [embedded specific]
refpolicy/0002-refpolicy-minimum-make-xdg-module-optional.patch Inappropriate [embedded specific]
refpolicy/0003-refpolicy-minimum-enable-nscd_use_shm.patch Inappropriate [embedded specific]

bbappends

This recipe is appended by:

meta-digi-dey refpolicy-minimum_git.bbappend
de-ensc-bpi-router refpolicy-minimum_git.bbappend
de-ensc-bpi-router refpolicy-minimum_%.bbappend

Other branches

This recipe in other branches of meta-selinux:

Branch Recipe
master refpolicy-minimum 2.20240916+git
styhead (Yocto Project 5.1) refpolicy-minimum 2.20240916+git
scarthgap (Yocto Project 5.0) refpolicy-minimum 2.20240226+git
nanbield (Yocto Project 4.3) refpolicy-minimum 2.20231002+gitX
mickledore (Yocto Project 4.2) refpolicy-minimum 2.20221101+gitX
langdale (Yocto Project 4.1) refpolicy-minimum 2.20221101+gitX
kirkstone (Yocto Project 4.0) refpolicy-minimum 2.20210908+gitX (this recipe)
honister (Yocto Project 3.4) refpolicy-minimum 2.20210203+gitX
hardknott (Yocto Project 3.3) refpolicy-minimum 2.20210203+gitX
gatesgarth (Yocto Project 3.2) refpolicy-minimum 2.20200229+gitX
dunfell (Yocto Project 3.1) refpolicy-minimum 2.20200229+gitX
zeus (Yocto Project 3.0) refpolicy-minimum 2.20190201+gitX
zeus (Yocto Project 3.0) refpolicy-minimum 2.20190201
warrior (Yocto Project 2.7) refpolicy-minimum 2.20190201+gitX
warrior (Yocto Project 2.7) refpolicy-minimum 2.20190201
thud (Yocto Project 2.6) refpolicy-minimum 2.20170204
thud (Yocto Project 2.6) refpolicy-minimum 2.20170805+gitX
sumo (Yocto Project 2.5) refpolicy-minimum 2.20170204
sumo (Yocto Project 2.5) refpolicy-minimum 2.20170805+gitX
rocko (Yocto Project 2.4) refpolicy-minimum 2.20170204
rocko (Yocto Project 2.4) refpolicy-minimum 2.20170805+gitX
morty (Yocto Project 2.2) refpolicy-minimum 2.20151208
morty (Yocto Project 2.2) refpolicy-minimum git
jethro (Yocto Project 2.0) refpolicy-minimum 2.20140311
jethro (Yocto Project 2.0) refpolicy-minimum 2.20141203
jethro (Yocto Project 2.0) refpolicy-minimum git
fido (Yocto Project 1.8) refpolicy-minimum 2.20140311
dizzy (Yocto Project 1.7) refpolicy-minimum 2.20140311