Name refpolicy-targeted
Version 2.20240916+git
Summary SELinux targeted policy
Description This is the targeted variant of the SELinux reference policy. Most service domains are locked down. Users and admins will login in with unconfined_t domain, so they have the same access to the system as if SELinux was not enabled.
Section admin
License GPL-2.0-only
Homepage
Recipe file recipes-security/refpolicy/refpolicy-targeted_git.bb
recipes-security/refpolicy/refpolicy_git.inc
recipes-security/refpolicy/refpolicy_common.inc
Layer meta-selinux (styhead branch)
Inherits
  • python3-dir
  • python3native
Dependencies
  • bzip2-replacement-native
  • checkpolicy-native
  • m4-native
  • policycoreutils-native
  • python3-native
  • semodule-utils-native
  • virtual/i686-oe-linux-compilerlibs
  • virtual/i686-oe-linux-gcc
  • virtual/libc
PACKAGECONFIG options

Sources

git://github.com/SELinuxProject/refpolicy.git

Patches

Patch Status
refpolicy/0001-fc-subs-volatile-alias-common-var-volatile-paths.patch Inappropriate [embedded specific]
refpolicy/0002-fc-subs-busybox-set-aliases-for-bin-sbin-and-usr.patch Inappropriate [embedded specific]
refpolicy/0003-fc-hostname-apply-policy-to-common-yocto-hostname-al.patch Inappropriate [embedded specific]
refpolicy/0004-fc-bash-apply-usr-bin-bash-context-to-bin-bash.bash.patch Inappropriate [embedded specific]
refpolicy/0005-fc-resolv.conf-label-resolv.conf-in-var-run-properly.patch Inappropriate [embedded specific]
refpolicy/0006-fc-login-apply-login-context-to-login.shadow.patch Inappropriate [embedded specific]
refpolicy/0007-fc-hwclock-add-hwclock-alternatives.patch Inappropriate [embedded specific]
refpolicy/0008-fc-dmesg-apply-policy-to-dmesg-alternatives.patch Inappropriate [embedded specific]
refpolicy/0009-fc-ssh-apply-policy-to-ssh-alternatives.patch Inappropriate [embedded specific]
refpolicy/0010-fc-sysnetwork-apply-policy-to-network-commands-alter.patch Inappropriate [embedded specific]
refpolicy/0011-fc-rpm-apply-rpm_exec-policy-to-cpio-binaries.patch Inappropriate [embedded specific]
refpolicy/0012-fc-su-apply-policy-to-su-alternatives.patch Inappropriate [embedded specific]
refpolicy/0013-fc-fstools-fix-real-path-for-fstools.patch Inappropriate [embedded specific]
refpolicy/0014-fc-init-fix-update-alternatives-for-sysvinit.patch Inappropriate [embedded specific]
refpolicy/0015-fc-brctl-apply-policy-to-brctl-alternatives.patch Inappropriate [embedded specific]
refpolicy/0016-fc-corecommands-apply-policy-to-nologin-alternatives.patch Inappropriate [embedded specific]
refpolicy/0017-fc-locallogin-apply-policy-to-sulogin-alternatives.patch Inappropriate [embedded specific]
refpolicy/0018-fc-ntp-apply-policy-to-ntpd-alternatives.patch Inappropriate [embedded specific]
refpolicy/0019-fc-kerberos-apply-policy-to-kerberos-alternatives.patch Inappropriate [embedded specific]
refpolicy/0020-fc-ldap-apply-policy-to-ldap-alternatives.patch Inappropriate [embedded specific]
refpolicy/0021-fc-postgresql-apply-policy-to-postgresql-alternative.patch Inappropriate [embedded specific]
refpolicy/0022-fc-screen-apply-policy-to-screen-alternatives.patch Inappropriate [embedded specific]
refpolicy/0023-fc-usermanage-apply-policy-to-usermanage-alternative.patch Inappropriate [embedded specific]
refpolicy/0024-fc-getty-add-file-context-to-start_getty.patch Inappropriate [embedded specific]
refpolicy/0025-fc-vlock-apply-policy-to-vlock-alternatives.patch Inappropriate [embedded specific]
refpolicy/0026-fc-add-fcontext-for-init-scripts-and-systemd-service.patch Inappropriate [embedded specific]
refpolicy/0027-file_contexts.subs_dist-set-aliase-for-root-director.patch Inappropriate [embedded specific]
refpolicy/0028-policy-modules-system-logging-add-rules-for-the-syml.patch Inappropriate [embedded specific]
refpolicy/0029-policy-modules-system-logging-add-rules-for-syslogd-.patch Inappropriate [embedded specific]
refpolicy/0030-policy-modules-kernel-files-add-rules-for-the-symlin.patch Inappropriate [embedded specific]
refpolicy/0031-policy-modules-system-logging-fix-auditd-startup-fai.patch Inappropriate [embedded specific]
refpolicy/0032-policy-modules-kernel-terminal-don-t-audit-tty_devic.patch Inappropriate [embedded specific]
refpolicy/0033-policy-modules-system-systemd-enable-support-for-sys.patch Inappropriate [embedded specific]
refpolicy/0034-policy-modules-system-logging-allow-systemd-tmpfiles.patch Inappropriate [embedded specific]
refpolicy/0035-policy-modules-system-systemd-allow-systemd_logind_t.patch Pending
refpolicy/0036-policy-modules-roles-sysadm-allow-sysadm-to-use-init.patch Pending
refpolicy/0037-policy-modules-system-systemd-systemd-user-fixes.patch Inappropriate [embedded specific]
refpolicy/0038-policy-modules-system-logging-grant-getpcap-capabili.patch Inappropriate [embedded specific]
refpolicy/0039-policy-modules-system-allow-services-to-read-tmpfs-u.patch Pending
refpolicy/0040-policy-modules-kernel-domain-allow-all-domains-to-co.patch Pending
refpolicy/0041-policy-modules-system-mount-make-mount_t-domain-MLS-.patch Inappropriate [embedded specific]
refpolicy/0042-policy-modules-roles-sysadm-MLS-sysadm-rw-to-clearan.patch Inappropriate [embedded specific]
refpolicy/0043-policy-modules-services-rpc-make-nfsd_t-domain-MLS-t.patch Inappropriate [embedded specific]
refpolicy/0044-policy-modules-admin-dmesg-make-dmesg_t-MLS-trusted-.patch Inappropriate [embedded specific]
refpolicy/0045-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch Inappropriate [embedded specific]
refpolicy/0046-policy-modules-system-init-make-init_t-MLS-trusted-f.patch Inappropriate [embedded specific]
refpolicy/0047-policy-modules-system-systemd-make-systemd-tmpfiles_.patch Inappropriate [embedded specific]
refpolicy/0048-policy-modules-system-systemd-systemd-make-systemd_-.patch Inappropriate [embedded specific]
refpolicy/0049-policy-modules-system-logging-add-the-syslogd_t-to-t.patch Inappropriate [embedded specific]
refpolicy/0050-policy-modules-system-init-make-init_t-MLS-trusted-f.patch Inappropriate [embedded specific]
refpolicy/0051-policy-modules-system-init-all-init_t-to-read-any-le.patch Inappropriate [embedded specific]
refpolicy/0052-policy-modules-system-logging-allow-auditd_t-to-writ.patch Inappropriate [embedded specific]
refpolicy/0053-policy-modules-kernel-kernel-make-kernel_t-MLS-trust.patch Inappropriate [embedded specific]
refpolicy/0054-policy-modules-system-setrans-allow-setrans_t-use-fd.patch Inappropriate [embedded specific]
refpolicy/0055-policy-modules-system-systemd-make-_systemd_t-MLS-tr.patch Inappropriate [embedded specific]
refpolicy/0056-policy-modules-system-logging-make-syslogd_runtime_t.patch Inappropriate [embedded specific]
refpolicy/0001-refpolicy-targeted-make-unconfined_u-the-default-sel.patch Inappropriate [embedded specific]

Other branches

This recipe in other branches of meta-selinux:

Branch Recipe
master refpolicy-targeted 2.20240916+git
styhead (Yocto Project 5.1) refpolicy-targeted 2.20240916+git (this recipe)
scarthgap (Yocto Project 5.0) refpolicy-targeted 2.20240226+git
nanbield (Yocto Project 4.3) refpolicy-targeted 2.20231002+gitX
mickledore (Yocto Project 4.2) refpolicy-targeted 2.20221101+gitX
langdale (Yocto Project 4.1) refpolicy-targeted 2.20221101+gitX
kirkstone (Yocto Project 4.0) refpolicy-targeted 2.20210908+gitX
honister (Yocto Project 3.4) refpolicy-targeted 2.20210203+gitX
hardknott (Yocto Project 3.3) refpolicy-targeted 2.20210203+gitX
gatesgarth (Yocto Project 3.2) refpolicy-targeted 2.20200229+gitX
dunfell (Yocto Project 3.1) refpolicy-targeted 2.20200229+gitX
zeus (Yocto Project 3.0) refpolicy-targeted 2.20190201
zeus (Yocto Project 3.0) refpolicy-targeted 2.20190201+gitX
warrior (Yocto Project 2.7) refpolicy-targeted 2.20190201
warrior (Yocto Project 2.7) refpolicy-targeted 2.20190201+gitX
thud (Yocto Project 2.6) refpolicy-targeted 2.20170204
thud (Yocto Project 2.6) refpolicy-targeted 2.20170805+gitX
sumo (Yocto Project 2.5) refpolicy-targeted 2.20170204
sumo (Yocto Project 2.5) refpolicy-targeted 2.20170805+gitX
rocko (Yocto Project 2.4) refpolicy-targeted 2.20170204
rocko (Yocto Project 2.4) refpolicy-targeted 2.20170805+gitX
morty (Yocto Project 2.2) refpolicy-targeted git
morty (Yocto Project 2.2) refpolicy-targeted 2.20151208
jethro (Yocto Project 2.0) refpolicy-targeted git
jethro (Yocto Project 2.0) refpolicy-targeted 2.20141203
jethro (Yocto Project 2.0) refpolicy-targeted 2.20140311
fido (Yocto Project 1.8) refpolicy-targeted 2.20140311
dizzy (Yocto Project 1.7) refpolicy-targeted 2.20140311