[meta-selinux][PATCH 00/10] selinux userspace: uprev packages to release 20131030

[meta-selinux][PATCH 00/10] selinux userspace: uprev packages to release 20131030

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

Changes:
1) Uprev selinux packages to release 20131030;
2) Fix build dependency to libsemanage;
3) Fix QA issues to policycoreutils;
4) Update LIC_FILES_CHKSUM for selinux packagegroups.

Some Tests:
1) build test:
- add meta-selinux path to conf/bblayers.conf;
- add DISTRO_FEATURES_append=" pam selinux" to conf/local.conf;
- build selinux image:
  $ bitbake core-image-selinux

- add below configs to conf/local.conf and run image build:
  PREFERRED_VERSION_checkpolicy = "2.2+gitAUTOINC+edc2e99687"
  PREFERRED_VERSION_libselinux = "2.2+gitAUTOINC+edc2e99687"
  PREFERRED_VERSION_libsemanage = "2.2+gitAUTOINC+edc2e99687"
  PREFERRED_VERSION_libsepol = "2.2+gitAUTOINC+edc2e99687"
  PREFERRED_VERSION_policycoreutils = "2.2.5+gitAUTOINC+edc2e99687"
  PREFERRED_VERSION_sepolgen = "1.2.1+gitAUTOINC+edc2e99687"

All builds successfully.

2) basic verification on target:
$ runqemu qemux86 core-image-selinux ext3 nographic qemuparams="-m 1024"

qemux86 login: root
root@qemux86:~# id -Z
root:sysadm_r:sysadm_t:s0-s15:c0.c1023

root@qemux86:~# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             mls
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28


The following changes since commit 2209cb5fc21c1ad5a7471897528ed64170f70219:

  policy: Create compressed_policy distro feature (2013-12-05 09:03:41 -0500)

are available in the git repository at:

  git://git.pokylinux.org/poky-contrib wenzong/selinux-uprev
  http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/selinux-uprev

Wenzong Fan (10):
  selinux userspace: uprev packages to release 20131030
  checkpolicy: migrate SRC_URI to 2.2
  libselinux: migrate SRC_URI and patches to 2.2
  libsemanage: migrate SRC_URI to 2.2
  libsepol: migrate SRC_URI to 2.2
  policycoreutils: migrate SRC_URI and patches to 2.2.5
  sepolgen: migrate SRC_URI to 1.2.1
  libsemanage: add audit dependency
  policycoreutils: fix QA issues
  selinux packagegroups: update LIC_FILES_CHKSUM

 recipes-security/audit/audit_2.3.2.bb              |    8 ++++-
 .../packagegroups/packagegroup-core-selinux.bb     |    2 +-
 .../packagegroups/packagegroup-selinux-minimal.bb  |    2 +-
 .../packagegroup-selinux-policycoreutils.bb        |    2 +-
 recipes-security/selinux/checkpolicy_2.1.12.bb     |    9 ------
 recipes-security/selinux/checkpolicy_2.2.bb        |    9 ++++++
 recipes-security/selinux/checkpolicy_git.bb        |    2 +-
 .../libselinux-fix-init-load-policy.patch          |   27 ----------------
 .../libselinux/libselinux-pcre-link-order.patch    |   31 ------------------
 .../{libselinux_2.1.13.bb => libselinux_2.2.bb}    |    8 ++---
 recipes-security/selinux/libselinux_git.bb         |   10 ++++--
 recipes-security/selinux/libsemanage.inc           |    2 +-
 .../libsemanage/libsemanage-fix-path-nologin.patch |    9 +++---
 .../{libsemanage_2.1.10.bb => libsemanage_2.2.bb}  |    6 ++--
 recipes-security/selinux/libsemanage_git.bb        |    3 +-
 recipes-security/selinux/libsepol.inc              |    5 ++-
 ...ibsepol-Change-ranlib-for-cross-compiling.patch |   31 ------------------
 recipes-security/selinux/libsepol_2.1.9.bb         |   11 -------
 recipes-security/selinux/libsepol_2.2.bb           |    9 ++++++
 recipes-security/selinux/libsepol_git.bb           |    4 +--
 recipes-security/selinux/policycoreutils.inc       |   12 ++++---
 ...policycoreutils-fix-sepolicy-install-path.patch |   18 +++++------
 .../policycoreutils-fix-strict-prototypes.patch    |   34 --------------------
 .../policycoreutils-make-O_CLOEXEC-optional.patch  |   28 ++++++++--------
 ...oreutils_2.1.14.bb => policycoreutils_2.2.5.bb} |    9 +++---
 recipes-security/selinux/policycoreutils_git.bb    |    8 +++--
 recipes-security/selinux/selinux_20130423.inc      |   12 -------
 recipes-security/selinux/selinux_20131030.inc      |   12 +++++++
 recipes-security/selinux/selinux_git.inc           |    4 +--
 recipes-security/selinux/sepolgen_1.1.9.bb         |    9 ------
 recipes-security/selinux/sepolgen_1.2.1.bb         |    9 ++++++
 recipes-security/selinux/sepolgen_git.bb           |    2 +-
 32 files changed, 117 insertions(+), 230 deletions(-)
 delete mode 100644 recipes-security/selinux/checkpolicy_2.1.12.bb
 create mode 100644 recipes-security/selinux/checkpolicy_2.2.bb
 delete mode 100644 recipes-security/selinux/libselinux/libselinux-fix-init-load-policy.patch
 delete mode 100644 recipes-security/selinux/libselinux/libselinux-pcre-link-order.patch
 rename recipes-security/selinux/{libselinux_2.1.13.bb => libselinux_2.2.bb} (58%)
 rename recipes-security/selinux/{libsemanage_2.1.10.bb => libsemanage_2.2.bb} (70%)
 delete mode 100644 recipes-security/selinux/libsepol/libsepol-Change-ranlib-for-cross-compiling.patch
 delete mode 100644 recipes-security/selinux/libsepol_2.1.9.bb
 create mode 100644 recipes-security/selinux/libsepol_2.2.bb
 delete mode 100644 recipes-security/selinux/policycoreutils/policycoreutils-fix-strict-prototypes.patch
 rename recipes-security/selinux/{policycoreutils_2.1.14.bb => policycoreutils_2.2.5.bb} (55%)
 delete mode 100644 recipes-security/selinux/selinux_20130423.inc
 create mode 100644 recipes-security/selinux/selinux_20131030.inc
 delete mode 100644 recipes-security/selinux/sepolgen_1.1.9.bb
 create mode 100644 recipes-security/selinux/sepolgen_1.2.1.bb

-- 
1.7.9.5

[meta-selinux][PATCH 01/10] selinux userspace: uprev packages to release 20131030

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

Upreved packages:
 - checkpolicy to 2.2
 - libselinux to 2.2
 - libsemanage to 2.2
 - libsepol to 2.2
 - policycoreutils to 2.2.5
 - sepolgen to 1.2.1

Migrate patches in next commits.

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 .../{checkpolicy_2.1.12.bb => checkpolicy_2.2.bb}  |    0
 .../{libselinux_2.1.13.bb => libselinux_2.2.bb}    |    0
 .../{libsemanage_2.1.10.bb => libsemanage_2.2.bb}  |    0
 .../selinux/{libsepol_2.1.9.bb => libsepol_2.2.bb} |    0
 ...oreutils_2.1.14.bb => policycoreutils_2.2.5.bb} |    0
 recipes-security/selinux/selinux_20130423.inc      |   12 ------------
 recipes-security/selinux/selinux_20131030.inc      |   12 ++++++++++++
 recipes-security/selinux/selinux_git.inc           |    4 +---
 .../{sepolgen_1.1.9.bb => sepolgen_1.2.1.bb}       |    0
 9 files changed, 13 insertions(+), 15 deletions(-)
 rename recipes-security/selinux/{checkpolicy_2.1.12.bb => checkpolicy_2.2.bb} (100%)
 rename recipes-security/selinux/{libselinux_2.1.13.bb => libselinux_2.2.bb} (100%)
 rename recipes-security/selinux/{libsemanage_2.1.10.bb => libsemanage_2.2.bb} (100%)
 rename recipes-security/selinux/{libsepol_2.1.9.bb => libsepol_2.2.bb} (100%)
 rename recipes-security/selinux/{policycoreutils_2.1.14.bb => policycoreutils_2.2.5.bb} (100%)
 delete mode 100644 recipes-security/selinux/selinux_20130423.inc
 create mode 100644 recipes-security/selinux/selinux_20131030.inc
 rename recipes-security/selinux/{sepolgen_1.1.9.bb => sepolgen_1.2.1.bb} (100%)

diff --git a/recipes-security/selinux/checkpolicy_2.1.12.bb b/recipes-security/selinux/checkpolicy_2.2.bb
similarity index 100%
rename from recipes-security/selinux/checkpolicy_2.1.12.bb
rename to recipes-security/selinux/checkpolicy_2.2.bb
diff --git a/recipes-security/selinux/libselinux_2.1.13.bb b/recipes-security/selinux/libselinux_2.2.bb
similarity index 100%
rename from recipes-security/selinux/libselinux_2.1.13.bb
rename to recipes-security/selinux/libselinux_2.2.bb
diff --git a/recipes-security/selinux/libsemanage_2.1.10.bb b/recipes-security/selinux/libsemanage_2.2.bb
similarity index 100%
rename from recipes-security/selinux/libsemanage_2.1.10.bb
rename to recipes-security/selinux/libsemanage_2.2.bb
diff --git a/recipes-security/selinux/libsepol_2.1.9.bb b/recipes-security/selinux/libsepol_2.2.bb
similarity index 100%
rename from recipes-security/selinux/libsepol_2.1.9.bb
rename to recipes-security/selinux/libsepol_2.2.bb
diff --git a/recipes-security/selinux/policycoreutils_2.1.14.bb b/recipes-security/selinux/policycoreutils_2.2.5.bb
similarity index 100%
rename from recipes-security/selinux/policycoreutils_2.1.14.bb
rename to recipes-security/selinux/policycoreutils_2.2.5.bb
diff --git a/recipes-security/selinux/selinux_20130423.inc b/recipes-security/selinux/selinux_20130423.inc
deleted file mode 100644
index d692a57..0000000
--- a/recipes-security/selinux/selinux_20130423.inc
+++ /dev/null
@@ -1,12 +0,0 @@
-SELINUX_RELEASE = "20130423"
-
-SRC_URI = "http://userspace.selinuxproject.org/releases/${SELINUX_RELEASE}/${BPN}-${PV}.tar.gz"
-
-PREFERRED_VERSION_checkpolicy = "2.1.12"
-PREFERRED_VERSION_libselinux = "2.1.13"
-PREFERRED_VERSION_libsemanage = "2.1.10"
-PREFERRED_VERSION_libsepol = "2.1.9"
-PREFERRED_VERSION_policycoreutils = "2.1.14"
-PREFERRED_VERSION_sepolgen = "1.1.9"
-
-include selinux_common.inc
diff --git a/recipes-security/selinux/selinux_20131030.inc b/recipes-security/selinux/selinux_20131030.inc
new file mode 100644
index 0000000..807a37c
--- /dev/null
+++ b/recipes-security/selinux/selinux_20131030.inc
@@ -0,0 +1,12 @@
+SELINUX_RELEASE = "20131030"
+
+SRC_URI = "http://userspace.selinuxproject.org/releases/${SELINUX_RELEASE}/${BPN}-${PV}.tar.gz"
+
+PREFERRED_VERSION_checkpolicy = "2.2"
+PREFERRED_VERSION_libselinux = "2.2"
+PREFERRED_VERSION_libsemanage = "2.2"
+PREFERRED_VERSION_libsepol = "2.2"
+PREFERRED_VERSION_policycoreutils = "2.2.5"
+PREFERRED_VERSION_sepolgen = "1.2.1"
+
+include selinux_common.inc
diff --git a/recipes-security/selinux/selinux_git.inc b/recipes-security/selinux/selinux_git.inc
index 37ea8e8..bb64d0d 100644
--- a/recipes-security/selinux/selinux_git.inc
+++ b/recipes-security/selinux/selinux_git.inc
@@ -1,8 +1,6 @@
-SRCREV = "3f52a123af40bae33bde2a1f2ecfb2320b61f9ad"
+SRCREV = "edc2e99687b050d5be21a78a66d038aa1fc068d9"
 
 SRC_URI = "git://oss.tresys.com/git/selinux.git;protocol=http"
-SRC_URI[md5sum] = "4ec64a0d24aaa77c80b86e74d271e464"
-SRC_URI[sha256sum] = "9c8a8643c9a4dd0eb76fcda1420d636b750b84b27656c6f8bc6886a829d7e520"
 
 S = "${WORKDIR}/git/${BPN}"
 
diff --git a/recipes-security/selinux/sepolgen_1.1.9.bb b/recipes-security/selinux/sepolgen_1.2.1.bb
similarity index 100%
rename from recipes-security/selinux/sepolgen_1.1.9.bb
rename to recipes-security/selinux/sepolgen_1.2.1.bb
-- 
1.7.9.5

[meta-selinux][PATCH 02/10] checkpolicy: migrate SRC_URI to 2.2

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 recipes-security/selinux/checkpolicy_2.2.bb |    6 +++---
 recipes-security/selinux/checkpolicy_git.bb |    2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/recipes-security/selinux/checkpolicy_2.2.bb b/recipes-security/selinux/checkpolicy_2.2.bb
index 198de31..8388e0f 100644
--- a/recipes-security/selinux/checkpolicy_2.2.bb
+++ b/recipes-security/selinux/checkpolicy_2.2.bb
@@ -1,9 +1,9 @@
 PR = "r0"
 
-include selinux_20130423.inc
+include selinux_20131030.inc
 include ${BPN}.inc
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
 
-SRC_URI[md5sum] = "b82c55a95855611b67ac99c7e8f48552"
-SRC_URI[sha256sum] = "e6a0ac539b74859b4262b317eb90d9914deb15e7aa509659f47724d50fe2ecc6"
+SRC_URI[md5sum] = "9662eaa1163de67cf3d392b58d262552"
+SRC_URI[sha256sum] = "9ff6698f4d4cb59c9c916e348187d533ada4107f90c253ef7304905934e9adf8"
diff --git a/recipes-security/selinux/checkpolicy_git.bb b/recipes-security/selinux/checkpolicy_git.bb
index bd59001..bf6250d 100644
--- a/recipes-security/selinux/checkpolicy_git.bb
+++ b/recipes-security/selinux/checkpolicy_git.bb
@@ -1,5 +1,5 @@
 PR = "r0"
-PV = "2.1.12+git${SRCPV}"
+PV = "2.2+git${SRCPV}"
 
 include selinux_git.inc
 include ${BPN}.inc
-- 
1.7.9.5

[meta-selinux][PATCH 03/10] libselinux: migrate SRC_URI and patches to 2.2

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

These two patches are removed since they are merged by new version:
 - libselinux-fix-init-load-policy.patch
 - libselinux-pcre-link-order.patch

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 .../libselinux-fix-init-load-policy.patch          |   27 -----------------
 .../libselinux/libselinux-pcre-link-order.patch    |   31 --------------------
 recipes-security/selinux/libselinux_2.2.bb         |    8 ++---
 recipes-security/selinux/libselinux_git.bb         |   10 +++++--
 4 files changed, 10 insertions(+), 66 deletions(-)
 delete mode 100644 recipes-security/selinux/libselinux/libselinux-fix-init-load-policy.patch
 delete mode 100644 recipes-security/selinux/libselinux/libselinux-pcre-link-order.patch

diff --git a/recipes-security/selinux/libselinux/libselinux-fix-init-load-policy.patch b/recipes-security/selinux/libselinux/libselinux-fix-init-load-policy.patch
deleted file mode 100644
index 67e32d6..0000000
--- a/recipes-security/selinux/libselinux/libselinux-fix-init-load-policy.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From ac70ca3b336b52b01cdc38157d25bf7e85098ee1 Mon Sep 17 00:00:00 2001
-From: Xin Ouyang <Xin.Ouyang@windriver.com>
-Date: Thu, 12 Apr 2012 16:10:10 +0800
-Subject: [PATCH] libselinux: fix init load policy
-
-selinux_init_load_policy() would fail if we use the new mount point
-for selinuxfs(/sys/fs/selinux) while sysfs(/sys) is still not
-mounted.
----
- src/load_policy.c |    1 +
- 1 files changed, 1 insertions(+), 0 deletions(-)
-
-diff --git a/src/load_policy.c b/src/load_policy.c
-index f569664..60e7efd 100644
---- a/src/load_policy.c
-+++ b/src/load_policy.c
-@@ -370,6 +370,7 @@ int selinux_init_load_policy(int *enforce)
- 	 * mount it if present for use in the calls below.  
- 	 */
-	const char *mntpoint = NULL;
-+	rc = mount("sysfs", "/sys", "sysfs", 0, 0);
- 	if (mount(SELINUXFS, SELINUXMNT, SELINUXFS, 0, 0) == 0 || errno == EBUSY) {
- 		mntpoint = SELINUXMNT;
- 	} else {
--- 
-1.7.5.4
-
diff --git a/recipes-security/selinux/libselinux/libselinux-pcre-link-order.patch b/recipes-security/selinux/libselinux/libselinux-pcre-link-order.patch
deleted file mode 100644
index f011f1a..0000000
--- a/recipes-security/selinux/libselinux/libselinux-pcre-link-order.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-Subject: [PATCH] libselinux: Put -lpcre in LDADD for correct linking order
-
-Upstream-Status: pending
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- src/Makefile |    4 ++--
- 1 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/Makefile b/src/Makefile
-index c4f5d4c..8f5aec5 100644
---- a/src/Makefile
-+++ b/src/Makefile
-@@ -20,7 +20,7 @@ RUBYINC ?= $(shell pkg-config --cflags ruby)
- RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
- LIBBASE=$(shell basename $(LIBDIR))
- 
--LDFLAGS ?= -lpcre -lpthread
-+LDADD ?= -lpcre -lpthread
- 
- VERSION = $(shell cat ../VERSION)
- LIBVERSION = 1
-@@ -116,7 +116,7 @@ $(LIBA): $(OBJS)
- 	$(RANLIB) $@
- 
- $(LIBSO): $(LOBJS)
--	$(CC) $(CFLAGS) -shared -o $@ $^ -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
-+	$(CC) $(CFLAGS) -shared -o $@ $^ -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro $(LDADD)
- 	ln -sf $@ $(TARGET) 
- 
- $(LIBPC): $(LIBPC).in ../VERSION
diff --git a/recipes-security/selinux/libselinux_2.2.bb b/recipes-security/selinux/libselinux_2.2.bb
index caed650..23bb9cb 100644
--- a/recipes-security/selinux/libselinux_2.2.bb
+++ b/recipes-security/selinux/libselinux_2.2.bb
@@ -1,16 +1,14 @@
 PR = "r0"
 
-include selinux_20130423.inc
+include selinux_20131030.inc
 include ${BPN}.inc
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
 
-SRC_URI[md5sum] = "32bf7b5182977a8a9248a1eeefe49a22"
-SRC_URI[sha256sum] = "57aad47c06b7ec18a76e8d9870539277a84cb40109cfdcf70ed3260bdb04447a"
+SRC_URI[md5sum] = "d82beab880749a017f2737e6687fec30"
+SRC_URI[sha256sum] = "e9dc64216543a7283d786f623ac28e8867f8794138e7deba474a3aa8d02dce33"
 
 SRC_URI += "\
-        file://libselinux-fix-init-load-policy.patch \
-        file://libselinux-pcre-link-order.patch \
         file://libselinux-drop-Wno-unused-but-set-variable.patch \
         file://libselinux-make-O_CLOEXEC-optional.patch \
         file://libselinux-make-SOCK_CLOEXEC-optional.patch \
diff --git a/recipes-security/selinux/libselinux_git.bb b/recipes-security/selinux/libselinux_git.bb
index 6f93fd4..fb4fef2 100644
--- a/recipes-security/selinux/libselinux_git.bb
+++ b/recipes-security/selinux/libselinux_git.bb
@@ -1,10 +1,14 @@
 PR = "r0"
-PV = "2.1.13+git${SRCPV}"
+PV = "2.2+git${SRCPV}"
 
 include selinux_git.inc
 include ${BPN}.inc
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
 
-SRC_URI += "file://libselinux-fix-init-load-policy.patch \
-	file://libselinux-pcre-link-order.patch"
+SRC_URI += "\
+	file://libselinux-drop-Wno-unused-but-set-variable.patch \
+	file://libselinux-make-O_CLOEXEC-optional.patch \
+	file://libselinux-make-SOCK_CLOEXEC-optional.patch \
+	file://libselinux-define-FD_CLOEXEC-as-necessary.patch \
+	"
-- 
1.7.9.5

[meta-selinux][PATCH 04/10] libsemanage: migrate SRC_URI to 2.2

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

Updated patch:
 - libsemanage-fix-path-nologin.patch

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 .../libsemanage/libsemanage-fix-path-nologin.patch |    9 +++++----
 recipes-security/selinux/libsemanage_2.2.bb        |    6 +++---
 recipes-security/selinux/libsemanage_git.bb        |    3 ++-
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch b/recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch
index 7ce586b..5fc1e17 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch
@@ -6,12 +6,13 @@ shadow package of oe-core and Debian has installed nologin into
 Upstream-Status: Inappropriate [configuration]
 
 Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
 ---
  src/genhomedircon.c |    4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/src/genhomedircon.c b/src/genhomedircon.c
-index 262a6cd..a50e03d 100644
+index f3b9b5c..4f4865a 100644
 --- a/src/genhomedircon.c
 +++ b/src/genhomedircon.c
 @@ -58,7 +58,7 @@
@@ -23,12 +24,12 @@ index 262a6cd..a50e03d 100644
  
  /* comments written to context file */
  #define COMMENT_FILE_CONTEXT_HEADER "#\n#\n# " \
-@@ -392,7 +392,7 @@ static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s)
+@@ -393,7 +393,7 @@ static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s)
  
  			/* NOTE: old genhomedircon printed a warning on match */
  			if (hand.matched) {
--				WARN(s->h_semanage, "%s homedir %s or its parent directory conflicts with a file context already specified in the policy.  This usually indicates an incorrectly defined system account.  If it is a system account please make sure its uid is less than %u or its login shell is /sbin/nologin.", pwbuf->pw_name, pwbuf->pw_dir, minuid);
-+				WARN(s->h_semanage, "%s homedir %s or its parent directory conflicts with a file context already specified in the policy.  This usually indicates an incorrectly defined system account.  If it is a system account please make sure its uid is less than %u or its login shell is /usr/sbin/nologin.", pwbuf->pw_name, pwbuf->pw_dir, minuid);
+-				WARN(s->h_semanage, "%s homedir %s or its parent directory conflicts with a file context already specified in the policy.  This usually indicates an incorrectly defined system account.  If it is a system account please make sure its uid is less than %u or greater than %u or its login shell is /sbin/nologin.", pwbuf->pw_name, pwbuf->pw_dir, minuid, maxuid);
++				WARN(s->h_semanage, "%s homedir %s or its parent directory conflicts with a file context already specified in the policy.  This usually indicates an incorrectly defined system account.  If it is a system account please make sure its uid is less than %u or greater than %u or its login shell is /usr/sbin/nologin.", pwbuf->pw_name, pwbuf->pw_dir, minuid, maxuid);
  			} else {
  				if (semanage_list_push(&homedir_list, path))
  					goto fail;
diff --git a/recipes-security/selinux/libsemanage_2.2.bb b/recipes-security/selinux/libsemanage_2.2.bb
index 900d608..4ee93c0 100644
--- a/recipes-security/selinux/libsemanage_2.2.bb
+++ b/recipes-security/selinux/libsemanage_2.2.bb
@@ -1,12 +1,12 @@
 PR = "r0"
 
-include selinux_20130423.inc
+include selinux_20131030.inc
 include ${BPN}.inc
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
 
-SRC_URI[md5sum] = "44fc8a3387486378a21d8df7454b9d42"
-SRC_URI[sha256sum] = "de2e8077245581e94576276f54e80a53c23c28d6961d2dfbe2f004eaba452e91"
+SRC_URI[md5sum] = "2a939538645de6023633bc2247a5e72e"
+SRC_URI[sha256sum] = "11f60bfa0f1c6063cd9bd99ce0cb4acc9d6d9e9b8d7743d39e847bcd7803bd75"
 
 SRC_URI += "\
 	file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \
diff --git a/recipes-security/selinux/libsemanage_git.bb b/recipes-security/selinux/libsemanage_git.bb
index 6553c6b..c3799fd 100644
--- a/recipes-security/selinux/libsemanage_git.bb
+++ b/recipes-security/selinux/libsemanage_git.bb
@@ -1,5 +1,5 @@
 PR = "r0"
-PV = "2.1.10+git${SRCPV}"
+PV = "2.2+git${SRCPV}"
 
 include selinux_git.inc
 include ${BPN}.inc
@@ -11,4 +11,5 @@ SRC_URI += "\
 	file://libsemanage-fix-path-len-limit.patch \
 	file://libsemanage-fix-path-nologin.patch \
 	file://libsemanage-drop-Wno-unused-but-set-variable.patch \
+	file://libsemanage-define-FD_CLOEXEC-as-necessary.patch;striplevel=2 \
 	"
-- 
1.7.9.5

[meta-selinux][PATCH 05/10] libsepol: migrate SRC_URI to 2.2

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

Removed patch and ported changes to 2.2 bbfile:
 - libsepol-Change-ranlib-for-cross-compiling.patch

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 recipes-security/selinux/libsepol.inc              |    5 +++-
 ...ibsepol-Change-ranlib-for-cross-compiling.patch |   31 --------------------
 recipes-security/selinux/libsepol_2.2.bb           |    8 ++---
 recipes-security/selinux/libsepol_git.bb           |    4 +--
 4 files changed, 8 insertions(+), 40 deletions(-)
 delete mode 100644 recipes-security/selinux/libsepol/libsepol-Change-ranlib-for-cross-compiling.patch

diff --git a/recipes-security/selinux/libsepol.inc b/recipes-security/selinux/libsepol.inc
index 8f0dc33..b7509e2 100644
--- a/recipes-security/selinux/libsepol.inc
+++ b/recipes-security/selinux/libsepol.inc
@@ -10,5 +10,8 @@ LICENSE = "LGPLv2+"
 
 inherit lib_package
 
-BBCLASSEXTEND = "native"
+# Change RANLIB for cross compiling, use host-tools $(AR) rather than
+# local ranlib.
+EXTRA_OEMAKE += "RANLIB='$(AR) s'"
 
+BBCLASSEXTEND = "native"
diff --git a/recipes-security/selinux/libsepol/libsepol-Change-ranlib-for-cross-compiling.patch b/recipes-security/selinux/libsepol/libsepol-Change-ranlib-for-cross-compiling.patch
deleted file mode 100644
index f2fc313..0000000
--- a/recipes-security/selinux/libsepol/libsepol-Change-ranlib-for-cross-compiling.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 2ee1e9651ec4aa78daf15dfef74e0b6aaeb8db1e Mon Sep 17 00:00:00 2001
-From: Xin Ouyang <Xin.Ouyang@windriver.com>
-Date: Tue, 21 Feb 2012 14:47:45 +0800
-Subject: [PATCH] libsepol: Change ranlib for cross compiling.
-
-Use target host-tools to encapsulate any difference between local tools
-on different machines. For example, on local PC, libsepol.a's index could
-be added successfully by local ranlib, however, it will fail on some sever,
-so we'd better use host-tools $(AR) rather than any local ranlib.
-
-Signed-off-by: Harry Ciao<qingtao.cao@windriver.com>
----
- src/Makefile |    2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
-
-diff --git a/src/Makefile b/src/Makefile
-index cd8e767..beea232 100644
---- a/src/Makefile
-+++ b/src/Makefile
-@@ -21,7 +21,7 @@ all: $(LIBA) $(LIBSO) $(LIBPC)
- 
- $(LIBA):  $(OBJS)
- 	$(AR) rcs $@ $^
--	ranlib $@
-+	$(AR) s $@
- 
- $(LIBSO): $(LOBJS)
- 	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -Wl,-soname,$(LIBSO),--version-script=libsepol.map,-z,defs
--- 
-1.7.5.4
-
diff --git a/recipes-security/selinux/libsepol_2.2.bb b/recipes-security/selinux/libsepol_2.2.bb
index efedb63..b4d717c 100644
--- a/recipes-security/selinux/libsepol_2.2.bb
+++ b/recipes-security/selinux/libsepol_2.2.bb
@@ -1,11 +1,9 @@
 PR = "r0"
 
-include selinux_20130423.inc
+include selinux_20131030.inc
 include ${BPN}.inc
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
 
-SRC_URI[md5sum] = "980964224683fa29d4ed65beb94b56ee"
-SRC_URI[sha256sum] = "290d17f583635a4a5d8a2141511272adf0571c4205cdea38b5a68df20d58a70b"
-
-SRC_URI += "file://libsepol-Change-ranlib-for-cross-compiling.patch"
+SRC_URI[md5sum] = "41cbe38ea809b5752f520bdeac4d2cf8"
+SRC_URI[sha256sum] = "77a4b27006295805bdbd7f240038cb32a49be1d60847d413899501702933fc0f"
diff --git a/recipes-security/selinux/libsepol_git.bb b/recipes-security/selinux/libsepol_git.bb
index 1fa83a4..bc2bd8f 100644
--- a/recipes-security/selinux/libsepol_git.bb
+++ b/recipes-security/selinux/libsepol_git.bb
@@ -1,9 +1,7 @@
 PR = "r0"
-PV = "2.1.9+git${SRCPV}"
+PV = "2.2+git${SRCPV}"
 
 include selinux_git.inc
 include ${BPN}.inc
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
-
-SRC_URI += "file://libsepol-Change-ranlib-for-cross-compiling.patch"
-- 
1.7.9.5

[meta-selinux][PATCH 06/10] policycoreutils: migrate SRC_URI and patches to 2.2.5

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

This patch is removed since it is merged by new version:
 - policycoreutils-fix-strict-prototypes.patch

These two patches are updated:
 - policycoreutils-fix-sepolicy-install-path.patch
 - policycoreutils-make-O_CLOEXEC-optional.patch

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 recipes-security/selinux/policycoreutils.inc       |    2 +-
 ...policycoreutils-fix-sepolicy-install-path.patch |   18 +++++------
 .../policycoreutils-fix-strict-prototypes.patch    |   34 --------------------
 .../policycoreutils-make-O_CLOEXEC-optional.patch  |   28 ++++++++--------
 recipes-security/selinux/policycoreutils_2.2.5.bb  |    9 +++---
 recipes-security/selinux/policycoreutils_git.bb    |    8 +++--
 6 files changed, 32 insertions(+), 67 deletions(-)
 delete mode 100644 recipes-security/selinux/policycoreutils/policycoreutils-fix-strict-prototypes.patch

diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc
index a474cb0..430b03f 100644
--- a/recipes-security/selinux/policycoreutils.inc
+++ b/recipes-security/selinux/policycoreutils.inc
@@ -1,4 +1,4 @@
-PRINC = "3"
+PRINC = "1"
 
 SUMMARY = "SELinux policy core utilities"
 DESCRIPTION = "policycoreutils contains the policy core utilities that are required \
diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-fix-sepolicy-install-path.patch b/recipes-security/selinux/policycoreutils/policycoreutils-fix-sepolicy-install-path.patch
index aaf2e66..617908a 100644
--- a/recipes-security/selinux/policycoreutils/policycoreutils-fix-sepolicy-install-path.patch
+++ b/recipes-security/selinux/policycoreutils/policycoreutils-fix-sepolicy-install-path.patch
@@ -1,35 +1,33 @@
-From 086f715e2a0dd05c07f0428f424017cc96acc387 Mon Sep 17 00:00:00 2001
-From: Xin Ouyang <Xin.Ouyang@windriver.com>
-Date: Thu, 22 Aug 2013 16:40:26 +0800
 Subject: [PATCH] policycoreutils: fix install path for new pymodule sepolicy
 
 Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
 ---
  sepolicy/Makefile |    4 +++-
  1 file changed, 3 insertions(+), 1 deletion(-)
 
 diff --git a/sepolicy/Makefile b/sepolicy/Makefile
-index 11b534f..9e46b74 100644
+index 2b8716c..70f4bdd 100644
 --- a/sepolicy/Makefile
 +++ b/sepolicy/Makefile
-@@ -11,6 +11,8 @@ BASHCOMPLETIONDIR ?= $(DESTDIR)/etc/bash_completion.d/
+@@ -12,6 +12,8 @@ BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions
  SHAREDIR ?= $(PREFIX)/share/sandbox
- override CFLAGS = $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="policycoreutils" -Wall -Werror -Wextra -W  -DSHARED -shared
+ override CFLAGS = -I$(PREFIX)/include -DPACKAGE="policycoreutils" -Wall -Werror -Wextra -W  -DSHARED -shared
  
 +PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
 +
- BASHCOMPLETIONS=sepolicy-bash-completion.sh 
+ BASHCOMPLETIONS=sepolicy-bash-completion.sh
  
  all: python-build
-@@ -23,7 +25,7 @@ clean:
- 	-rm -rf build *~ \#* *pyc .#*
+@@ -30,7 +32,7 @@ test:
+ 	@python test_sepolicy.py -v
  
  install:
 -	$(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
 +	$(PYTHON) setup.py install --install-lib $(LIBDIR)/$(PYLIBVER)/site-packages
  	[ -d $(BINDIR) ] || mkdir -p $(BINDIR)
  	install -m 755 sepolicy.py $(BINDIR)/sepolicy
- 	-mkdir -p $(MANDIR)/man8
+ 	(cd $(BINDIR); ln -sf sepolicy sepolgen)
 -- 
 1.7.9.5
 
diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-fix-strict-prototypes.patch b/recipes-security/selinux/policycoreutils/policycoreutils-fix-strict-prototypes.patch
deleted file mode 100644
index 9bb353a..0000000
--- a/recipes-security/selinux/policycoreutils/policycoreutils-fix-strict-prototypes.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 5944e9908fc12d69d19a1d24128cbc6d1a423c3d Mon Sep 17 00:00:00 2001
-From: Xin Ouyang <Xin.Ouyang@windriver.com>
-Date: Tue, 18 Jun 2013 12:29:00 +0800
-Subject: [PATCH] policycoreutils: fix build strict-prototypes failure
-
-| policy.c:90:6: error: function declaration isn't a prototype
-[-Werror=strict-prototypes]
-| cc1: all warnings being treated as errors
-| error: command 'i586-poky-linux-gcc' failed with exit status 1
-| make[1]: *** [python-build] Error 1
-
-Upstream-Status: pending
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- sepolicy/policy.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/sepolicy/policy.c b/sepolicy/policy.c
-index 4eca22d..e454e75 100644
---- a/sepolicy/policy.c
-+++ b/sepolicy/policy.c
-@@ -87,7 +87,7 @@ static PyMethodDef methods[] = {
- 	{NULL, NULL, 0, NULL}	/* sentinel */
- };
- 
--void init_policy() {
-+void init_policy(void) {
- PyObject *m;
- m = Py_InitModule("_policy", methods);
- init_info(m);
--- 
-1.7.9.5
-
diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch b/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch
index aaaa1e5..d50356e 100644
--- a/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch
+++ b/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch
@@ -1,7 +1,4 @@
-From dca6a89058d818827d6f1c80c9b6abb46002b855 Mon Sep 17 00:00:00 2001
-From: Joe MacDonald <joe.macdonald@windriver.com>
-Date: Fri, 11 Oct 2013 09:55:43 -0400
-Subject: [PATCH 1/2] policycoreutils: make O_CLOEXEC optional
+Subject: [PATCH] policycoreutils: make O_CLOEXEC optional
 
 Various commits in the selinux tree in the current release added O_CLOEXEC
 to open() calls in an attempt to address file descriptor leaks as
@@ -17,29 +14,30 @@ produce curious AVC Denied messages.
 Uptream-Status: Inappropriate [O_CLOEXEC has been in Linux since 2007 and POSIX since 2008]
 
 Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
 ---
  restorecond/user.c |    8 +++++++-
  1 file changed, 7 insertions(+), 1 deletion(-)
 
 diff --git a/restorecond/user.c b/restorecond/user.c
-index 00a646f..50f3ab6 100644
+index 2c28676..6235772 100644
 --- a/restorecond/user.c
 +++ b/restorecond/user.c
-@@ -201,7 +201,13 @@ static int local_server() {
+@@ -202,7 +202,13 @@ static int local_server() {
  			perror("asprintf");
  		return -1;
  	}
--	int fd = open(ptr, O_CREAT | O_WRONLY | O_NOFOLLOW | O_CLOEXEC, S_IRUSR | S_IWUSR);
-+	int fd = open(ptr, O_CREAT | O_WRONLY | O_NOFOLLOW 
-+#ifdef O_CLOEXEC
-+                 | O_CLOEXEC
-+#else
-+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
-+#endif
-+                 , S_IRUSR | S_IWUSR);
+-	local_lock_fd = open(ptr, O_CREAT | O_WRONLY | O_NOFOLLOW | O_CLOEXEC, S_IRUSR | S_IWUSR);
++	local_lock_fd = open(ptr, O_CREAT | O_WRONLY | O_NOFOLLOW
++	#ifdef O_CLOEXEC
++		| O_CLOEXEC
++	#else
++		#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
++	#endif
++		, S_IRUSR | S_IWUSR);
  	if (debug_mode)
  		g_warning ("Lock file: %s", ptr);
  
 -- 
-1.7.10.4
+1.7.9.5
 
diff --git a/recipes-security/selinux/policycoreutils_2.2.5.bb b/recipes-security/selinux/policycoreutils_2.2.5.bb
index 64f0d8d..23cc42f 100644
--- a/recipes-security/selinux/policycoreutils_2.2.5.bb
+++ b/recipes-security/selinux/policycoreutils_2.2.5.bb
@@ -1,15 +1,14 @@
-PR = "r3"
+PR = "r0"
 
-include selinux_20130423.inc
+include selinux_20131030.inc
 include ${BPN}.inc
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
 
-SRC_URI[md5sum] = "f34216414b650a0a25dec89a758234fb"
-SRC_URI[sha256sum] = "b6881741f9f9988346a73bfeccb0299941dc117349753f0ef3f23ee86f06c1b5"
+SRC_URI[md5sum] = "a2963d7024c5c4ce89f2459d48f91ec8"
+SRC_URI[sha256sum] = "bbf850a8c3c2f371f439d6525663eecdd3a737acd594d2f27f8d8f3a07830cc4"
 
 SRC_URI += "\
-	file://policycoreutils-fix-strict-prototypes.patch \
 	file://policycoreutils-revert-run_init-open_init_pty.patch \
 	file://policycoreutils-fix-sepolicy-install-path.patch \
 	file://policycoreutils-make-O_CLOEXEC-optional.patch \
diff --git a/recipes-security/selinux/policycoreutils_git.bb b/recipes-security/selinux/policycoreutils_git.bb
index fb7b48f..9a6425b 100644
--- a/recipes-security/selinux/policycoreutils_git.bb
+++ b/recipes-security/selinux/policycoreutils_git.bb
@@ -1,9 +1,13 @@
 PR = "r0"
-PV = "2.1.14+git${SRCPV}"
+PV = "2.2.5+git${SRCPV}"
 
 include selinux_git.inc
 include ${BPN}.inc
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
 
-SRC_URI += "file://policycoreutils-fix-strict-prototypes.patch"
+SRC_URI += "\
+	file://policycoreutils-revert-run_init-open_init_pty.patch \
+	file://policycoreutils-fix-sepolicy-install-path.patch \
+	file://policycoreutils-make-O_CLOEXEC-optional.patch \
+	"
-- 
1.7.9.5

[meta-selinux][PATCH 07/10] sepolgen: migrate SRC_URI to 1.2.1

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 recipes-security/selinux/sepolgen_1.2.1.bb |    6 +++---
 recipes-security/selinux/sepolgen_git.bb   |    2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/recipes-security/selinux/sepolgen_1.2.1.bb b/recipes-security/selinux/sepolgen_1.2.1.bb
index a132727..eb1065a 100644
--- a/recipes-security/selinux/sepolgen_1.2.1.bb
+++ b/recipes-security/selinux/sepolgen_1.2.1.bb
@@ -1,9 +1,9 @@
 PR = "r0"
 
-include selinux_20130423.inc
+include selinux_20131030.inc
 include ${BPN}.inc
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
 
-SRC_URI[md5sum] = "505a8b70eb110b770119e6560d183216"
-SRC_URI[sha256sum] = "8a1c6d3a78c9b6ad3555c74def555f65a62950bf21c111c585bfc382fec3a645"
+SRC_URI[md5sum] = "ce662a83188bc3a9b40c15792fcaf2c8"
+SRC_URI[sha256sum] = "438c246bdc6b3cf1b12116831f4c601aaae6e93decb007dddab212a3c88781b0"
diff --git a/recipes-security/selinux/sepolgen_git.bb b/recipes-security/selinux/sepolgen_git.bb
index 710019d..95c3491 100644
--- a/recipes-security/selinux/sepolgen_git.bb
+++ b/recipes-security/selinux/sepolgen_git.bb
@@ -1,5 +1,5 @@
 PR = "r0"
-PV = "1.1.9+git${SRCPV}"
+PV = "1.2.1+git${SRCPV}"
 
 include selinux_git.inc
 include ${BPN}.inc
-- 
1.7.9.5

[meta-selinux][PATCH 08/10] libsemanage: add audit dependency

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

Building libsemanage 2.2 need the header libaudit.h.

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 recipes-security/audit/audit_2.3.2.bb    |    8 +++++++-
 recipes-security/selinux/libsemanage.inc |    2 +-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/recipes-security/audit/audit_2.3.2.bb b/recipes-security/audit/audit_2.3.2.bb
index bd7b4eb..b546297 100644
--- a/recipes-security/audit/audit_2.3.2.bb
+++ b/recipes-security/audit/audit_2.3.2.bb
@@ -26,6 +26,7 @@ SRC_URI[md5sum] = "4e8d065b5cc16b77b9b61e93a9ed160e"
 SRC_URI[sha256sum] = "8872e0b5392888789061db8034164305ef0e1b34543e1e7004d275f039081d29"
 
 DEPENDS += "python tcp-wrappers libcap-ng linux-libc-headers (>= 2.6.30)"
+DEPENDS_class-native = ""
 
 EXTRA_OECONF += "--without-prelude \
 	--with-libwrap \
@@ -37,6 +38,9 @@ EXTRA_OECONF += "--without-prelude \
 	--sbindir=${base_sbindir} \
 	"
 
+# Remove extra configs for native build
+EXTRA_OECONF_class-native = "--with-python=no"
+
 EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' \
 	PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \
 	pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \
@@ -62,7 +66,7 @@ FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug"
 FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
 FILES_${PN}-dev += "${base_libdir}/*.so ${base_libdir}/*.la"
 
-do_install_append() {
+do_install_append_class-target() {
 	rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a
 	rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la
 
@@ -75,3 +79,5 @@ do_install_append() {
 	install -D -m 0755 ${S}/../auditd ${D}/etc/init.d/auditd
 	rm -rf ${D}/etc/rc.d
 }
+
+BBCLASSEXTEND = "native"
diff --git a/recipes-security/selinux/libsemanage.inc b/recipes-security/selinux/libsemanage.inc
index dfc3006..a978c75 100644
--- a/recipes-security/selinux/libsemanage.inc
+++ b/recipes-security/selinux/libsemanage.inc
@@ -10,7 +10,7 @@ LICENSE = "LGPLv2.1+"
 
 inherit lib_package
 
-DEPENDS += "libsepol libselinux ustr bzip2 python bison-native flex-native"
+DEPENDS += "libsepol libselinux ustr bzip2 python audit bison-native flex-native"
 
 PACKAGES += "${PN}-python"
 FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*"
-- 
1.7.9.5

[meta-selinux][PATCH 09/10] policycoreutils: fix QA issues

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

ERROR: QA Issue: policycoreutils: Files/directories were installed \
but not shipped
  /usr/share/icons/hicolor/24x24/apps/system-config-selinux.png
  /usr/share/bash-completion/completions/setsebool
  /usr/share/bash-completion/completions/sepolicy
  /usr/share/bash-completion/completions/semanage
  /usr/share/dbus-1/system-services/org.selinux.service
  /usr/share/polkit-1/actions/org.selinux.config.policy
  /usr/share/polkit-1/actions/org.selinux.policy

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 recipes-security/selinux/policycoreutils.inc |   10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc
index 430b03f..56470e9 100644
--- a/recipes-security/selinux/policycoreutils.inc
+++ b/recipes-security/selinux/policycoreutils.inc
@@ -176,7 +176,7 @@ FILES_${PN}-sandbox += "\
 FILES_${PN}-secon += "${bindir}/secon"
 FILES_${PN}-semanage = "\
 	${sbindir}/semanage \
-	${sysconfdir}/bash_completion.d/semanage-bash-completion.sh \
+	${datadir}/bash-completion/completions/semanage \
 "
 FILES_${PN}-semodule += "${sbindir}/semodule"
 FILES_${PN}-semodule-deps += "${bindir}/semodule_deps"
@@ -188,7 +188,9 @@ FILES_${PN}-semodule-package += "\
 "
 FILES_${PN}-sepolicy += "\
 	${bindir}/sepolicy \
-	${sysconfdir}/bash_completion.d/sepolicy-bash-completion.sh \
+	${datadir}/bash-completion/completions/sepolicy \
+	${datadir}/dbus-1/system-services/org.selinux.service \
+	${datadir}/polkit-1/actions/org.selinux.policy \
 "
 FILES_${PN}-sepolgen-ifgen += "\
 	${bindir}/sepolgen-ifgen \
@@ -204,11 +206,13 @@ FILES_${PN}-setfiles += "\
 "
 FILES_${PN}-setsebool += "\
 	${sbindir}/setsebool \
-	${sysconfdir}/bash_completion.d/setsebool-bash-completion.sh \
+	${datadir}/bash-completion/completions/setsebool \
 "
 FILES_system-config-selinux = " \
     ${bindir}/sepolgen \
     ${datadir}/system-config-selinux/* \
+    ${datadir}/icons/hicolor/24x24/apps/system-config-selinux.png \
+    ${datadir}/polkit-1/actions/org.selinux.config.policy \
 "
 
 export STAGING_INCDIR
-- 
1.7.9.5

[meta-selinux][PATCH 10/10] selinux packagegroups: update LIC_FILES_CHKSUM

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 .../packagegroups/packagegroup-core-selinux.bb     |    2 +-
 .../packagegroups/packagegroup-selinux-minimal.bb  |    2 +-
 .../packagegroup-selinux-policycoreutils.bb        |    2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/recipes-security/packagegroups/packagegroup-core-selinux.bb b/recipes-security/packagegroups/packagegroup-core-selinux.bb
index 76863b0..1852aba 100644
--- a/recipes-security/packagegroups/packagegroup-core-selinux.bb
+++ b/recipes-security/packagegroups/packagegroup-core-selinux.bb
@@ -1,6 +1,6 @@
 DESCRIPTION = "SELinux packagegroup for Poky"
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=3f40d7994397109285ec7b81fdeb3b58 \
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
                     file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
 PR = "r0"
 
diff --git a/recipes-security/packagegroups/packagegroup-selinux-minimal.bb b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
index bae15ea..2ff16f8 100644
--- a/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
+++ b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
@@ -1,6 +1,6 @@
 DESCRIPTION = "SELinux packagegroup with only packages required for basic operations"
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=3f40d7994397109285ec7b81fdeb3b58 \
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
                     file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
 PR = "r0"
 
diff --git a/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb b/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb
index bb221eb..7f56d7c 100644
--- a/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb
+++ b/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb
@@ -1,6 +1,6 @@
 DESCRIPTION = "SELinux policycoreutils packagegroup"
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=3f40d7994397109285ec7b81fdeb3b58 \
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
                     file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420 \
 "
 PR = "r0"
-- 
1.7.9.5

Re: [meta-selinux][PATCH 00/10] selinux userspace: uprev packages to release 20131030

[Paul Eggleton]

Hi Wenzong,

On Wednesday 08 January 2014 04:32:20 wenzong.fan@windriver.com wrote:
> From: Wenzong Fan <wenzong.fan@windriver.com>
>...

Patches for meta-selinux need to be sent to the yocto@yoctoproject.org mailing 
list as noted in the MAINTAINERS file in meta-selinux, not this mailing list.

Cheers,
Paul

-- 

Paul Eggleton
Intel Open Source Technology Centre

[meta-selinux][PATCH 00/10] selinux userspace: uprev packages to release 20131030

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

Changes:
1) Uprev selinux packages to release 20131030;
2) Fix build dependency to libsemanage;
3) Fix QA issues to policycoreutils;
4) Update LIC_FILES_CHKSUM for selinux packagegroups.

Some Tests:
1) build test:
- add meta-selinux path to conf/bblayers.conf;
- add DISTRO_FEATURES_append=" pam selinux" to conf/local.conf;
- build selinux image:
  $ bitbake core-image-selinux

- add below configs to conf/local.conf and run image build:
  PREFERRED_VERSION_checkpolicy = "2.2+gitAUTOINC+edc2e99687"
  PREFERRED_VERSION_libselinux = "2.2+gitAUTOINC+edc2e99687"
  PREFERRED_VERSION_libsemanage = "2.2+gitAUTOINC+edc2e99687"
  PREFERRED_VERSION_libsepol = "2.2+gitAUTOINC+edc2e99687"
  PREFERRED_VERSION_policycoreutils = "2.2.5+gitAUTOINC+edc2e99687"
  PREFERRED_VERSION_sepolgen = "1.2.1+gitAUTOINC+edc2e99687"

All builds successfully.

2) basic verification on target:
$ runqemu qemux86 core-image-selinux ext3 nographic qemuparams="-m 1024"

qemux86 login: root
root@qemux86:~# id -Z
root:sysadm_r:sysadm_t:s0-s15:c0.c1023

root@qemux86:~# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             mls
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28


The following changes since commit 2209cb5fc21c1ad5a7471897528ed64170f70219:

  policy: Create compressed_policy distro feature (2013-12-05 09:03:41 -0500)

are available in the git repository at:

  git://git.pokylinux.org/poky-contrib wenzong/selinux-uprev
  http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/selinux-uprev

Wenzong Fan (10):
  selinux userspace: uprev packages to release 20131030
  checkpolicy: migrate SRC_URI to 2.2
  libselinux: migrate SRC_URI and patches to 2.2
  libsemanage: migrate SRC_URI to 2.2
  libsepol: migrate SRC_URI to 2.2
  policycoreutils: migrate SRC_URI and patches to 2.2.5
  sepolgen: migrate SRC_URI to 1.2.1
  libsemanage: add audit dependency
  policycoreutils: fix QA issues
  selinux packagegroups: update LIC_FILES_CHKSUM

 recipes-security/audit/audit_2.3.2.bb              |    8 ++++-
 .../packagegroups/packagegroup-core-selinux.bb     |    2 +-
 .../packagegroups/packagegroup-selinux-minimal.bb  |    2 +-
 .../packagegroup-selinux-policycoreutils.bb        |    2 +-
 recipes-security/selinux/checkpolicy_2.1.12.bb     |    9 ------
 recipes-security/selinux/checkpolicy_2.2.bb        |    9 ++++++
 recipes-security/selinux/checkpolicy_git.bb        |    2 +-
 .../libselinux-fix-init-load-policy.patch          |   27 ----------------
 .../libselinux/libselinux-pcre-link-order.patch    |   31 ------------------
 .../{libselinux_2.1.13.bb => libselinux_2.2.bb}    |    8 ++---
 recipes-security/selinux/libselinux_git.bb         |   10 ++++--
 recipes-security/selinux/libsemanage.inc           |    2 +-
 .../libsemanage/libsemanage-fix-path-nologin.patch |    9 +++---
 .../{libsemanage_2.1.10.bb => libsemanage_2.2.bb}  |    6 ++--
 recipes-security/selinux/libsemanage_git.bb        |    3 +-
 recipes-security/selinux/libsepol.inc              |    5 ++-
 ...ibsepol-Change-ranlib-for-cross-compiling.patch |   31 ------------------
 recipes-security/selinux/libsepol_2.1.9.bb         |   11 -------
 recipes-security/selinux/libsepol_2.2.bb           |    9 ++++++
 recipes-security/selinux/libsepol_git.bb           |    4 +--
 recipes-security/selinux/policycoreutils.inc       |   12 ++++---
 ...policycoreutils-fix-sepolicy-install-path.patch |   18 +++++------
 .../policycoreutils-fix-strict-prototypes.patch    |   34 --------------------
 .../policycoreutils-make-O_CLOEXEC-optional.patch  |   28 ++++++++--------
 ...oreutils_2.1.14.bb => policycoreutils_2.2.5.bb} |    9 +++---
 recipes-security/selinux/policycoreutils_git.bb    |    8 +++--
 recipes-security/selinux/selinux_20130423.inc      |   12 -------
 recipes-security/selinux/selinux_20131030.inc      |   12 +++++++
 recipes-security/selinux/selinux_git.inc           |    4 +--
 recipes-security/selinux/sepolgen_1.1.9.bb         |    9 ------
 recipes-security/selinux/sepolgen_1.2.1.bb         |    9 ++++++
 recipes-security/selinux/sepolgen_git.bb           |    2 +-
 32 files changed, 117 insertions(+), 230 deletions(-)
 delete mode 100644 recipes-security/selinux/checkpolicy_2.1.12.bb
 create mode 100644 recipes-security/selinux/checkpolicy_2.2.bb
 delete mode 100644 recipes-security/selinux/libselinux/libselinux-fix-init-load-policy.patch
 delete mode 100644 recipes-security/selinux/libselinux/libselinux-pcre-link-order.patch
 rename recipes-security/selinux/{libselinux_2.1.13.bb => libselinux_2.2.bb} (58%)
 rename recipes-security/selinux/{libsemanage_2.1.10.bb => libsemanage_2.2.bb} (70%)
 delete mode 100644 recipes-security/selinux/libsepol/libsepol-Change-ranlib-for-cross-compiling.patch
 delete mode 100644 recipes-security/selinux/libsepol_2.1.9.bb
 create mode 100644 recipes-security/selinux/libsepol_2.2.bb
 delete mode 100644 recipes-security/selinux/policycoreutils/policycoreutils-fix-strict-prototypes.patch
 rename recipes-security/selinux/{policycoreutils_2.1.14.bb => policycoreutils_2.2.5.bb} (55%)
 delete mode 100644 recipes-security/selinux/selinux_20130423.inc
 create mode 100644 recipes-security/selinux/selinux_20131030.inc
 delete mode 100644 recipes-security/selinux/sepolgen_1.1.9.bb
 create mode 100644 recipes-security/selinux/sepolgen_1.2.1.bb

-- 
1.7.9.5

[meta-selinux][PATCH 01/10] selinux userspace: uprev packages to release 20131030

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

Upreved packages:
 - checkpolicy to 2.2
 - libselinux to 2.2
 - libsemanage to 2.2
 - libsepol to 2.2
 - policycoreutils to 2.2.5
 - sepolgen to 1.2.1

Migrate patches in next commits.

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 .../{checkpolicy_2.1.12.bb => checkpolicy_2.2.bb}  |    0
 .../{libselinux_2.1.13.bb => libselinux_2.2.bb}    |    0
 .../{libsemanage_2.1.10.bb => libsemanage_2.2.bb}  |    0
 .../selinux/{libsepol_2.1.9.bb => libsepol_2.2.bb} |    0
 ...oreutils_2.1.14.bb => policycoreutils_2.2.5.bb} |    0
 recipes-security/selinux/selinux_20130423.inc      |   12 ------------
 recipes-security/selinux/selinux_20131030.inc      |   12 ++++++++++++
 recipes-security/selinux/selinux_git.inc           |    4 +---
 .../{sepolgen_1.1.9.bb => sepolgen_1.2.1.bb}       |    0
 9 files changed, 13 insertions(+), 15 deletions(-)
 rename recipes-security/selinux/{checkpolicy_2.1.12.bb => checkpolicy_2.2.bb} (100%)
 rename recipes-security/selinux/{libselinux_2.1.13.bb => libselinux_2.2.bb} (100%)
 rename recipes-security/selinux/{libsemanage_2.1.10.bb => libsemanage_2.2.bb} (100%)
 rename recipes-security/selinux/{libsepol_2.1.9.bb => libsepol_2.2.bb} (100%)
 rename recipes-security/selinux/{policycoreutils_2.1.14.bb => policycoreutils_2.2.5.bb} (100%)
 delete mode 100644 recipes-security/selinux/selinux_20130423.inc
 create mode 100644 recipes-security/selinux/selinux_20131030.inc
 rename recipes-security/selinux/{sepolgen_1.1.9.bb => sepolgen_1.2.1.bb} (100%)

diff --git a/recipes-security/selinux/checkpolicy_2.1.12.bb b/recipes-security/selinux/checkpolicy_2.2.bb
similarity index 100%
rename from recipes-security/selinux/checkpolicy_2.1.12.bb
rename to recipes-security/selinux/checkpolicy_2.2.bb
diff --git a/recipes-security/selinux/libselinux_2.1.13.bb b/recipes-security/selinux/libselinux_2.2.bb
similarity index 100%
rename from recipes-security/selinux/libselinux_2.1.13.bb
rename to recipes-security/selinux/libselinux_2.2.bb
diff --git a/recipes-security/selinux/libsemanage_2.1.10.bb b/recipes-security/selinux/libsemanage_2.2.bb
similarity index 100%
rename from recipes-security/selinux/libsemanage_2.1.10.bb
rename to recipes-security/selinux/libsemanage_2.2.bb
diff --git a/recipes-security/selinux/libsepol_2.1.9.bb b/recipes-security/selinux/libsepol_2.2.bb
similarity index 100%
rename from recipes-security/selinux/libsepol_2.1.9.bb
rename to recipes-security/selinux/libsepol_2.2.bb
diff --git a/recipes-security/selinux/policycoreutils_2.1.14.bb b/recipes-security/selinux/policycoreutils_2.2.5.bb
similarity index 100%
rename from recipes-security/selinux/policycoreutils_2.1.14.bb
rename to recipes-security/selinux/policycoreutils_2.2.5.bb
diff --git a/recipes-security/selinux/selinux_20130423.inc b/recipes-security/selinux/selinux_20130423.inc
deleted file mode 100644
index d692a57..0000000
--- a/recipes-security/selinux/selinux_20130423.inc
+++ /dev/null
@@ -1,12 +0,0 @@
-SELINUX_RELEASE = "20130423"
-
-SRC_URI = "http://userspace.selinuxproject.org/releases/${SELINUX_RELEASE}/${BPN}-${PV}.tar.gz"
-
-PREFERRED_VERSION_checkpolicy = "2.1.12"
-PREFERRED_VERSION_libselinux = "2.1.13"
-PREFERRED_VERSION_libsemanage = "2.1.10"
-PREFERRED_VERSION_libsepol = "2.1.9"
-PREFERRED_VERSION_policycoreutils = "2.1.14"
-PREFERRED_VERSION_sepolgen = "1.1.9"
-
-include selinux_common.inc
diff --git a/recipes-security/selinux/selinux_20131030.inc b/recipes-security/selinux/selinux_20131030.inc
new file mode 100644
index 0000000..807a37c
--- /dev/null
+++ b/recipes-security/selinux/selinux_20131030.inc
@@ -0,0 +1,12 @@
+SELINUX_RELEASE = "20131030"
+
+SRC_URI = "http://userspace.selinuxproject.org/releases/${SELINUX_RELEASE}/${BPN}-${PV}.tar.gz"
+
+PREFERRED_VERSION_checkpolicy = "2.2"
+PREFERRED_VERSION_libselinux = "2.2"
+PREFERRED_VERSION_libsemanage = "2.2"
+PREFERRED_VERSION_libsepol = "2.2"
+PREFERRED_VERSION_policycoreutils = "2.2.5"
+PREFERRED_VERSION_sepolgen = "1.2.1"
+
+include selinux_common.inc
diff --git a/recipes-security/selinux/selinux_git.inc b/recipes-security/selinux/selinux_git.inc
index 37ea8e8..bb64d0d 100644
--- a/recipes-security/selinux/selinux_git.inc
+++ b/recipes-security/selinux/selinux_git.inc
@@ -1,8 +1,6 @@
-SRCREV = "3f52a123af40bae33bde2a1f2ecfb2320b61f9ad"
+SRCREV = "edc2e99687b050d5be21a78a66d038aa1fc068d9"
 
 SRC_URI = "git://oss.tresys.com/git/selinux.git;protocol=http"
-SRC_URI[md5sum] = "4ec64a0d24aaa77c80b86e74d271e464"
-SRC_URI[sha256sum] = "9c8a8643c9a4dd0eb76fcda1420d636b750b84b27656c6f8bc6886a829d7e520"
 
 S = "${WORKDIR}/git/${BPN}"
 
diff --git a/recipes-security/selinux/sepolgen_1.1.9.bb b/recipes-security/selinux/sepolgen_1.2.1.bb
similarity index 100%
rename from recipes-security/selinux/sepolgen_1.1.9.bb
rename to recipes-security/selinux/sepolgen_1.2.1.bb
-- 
1.7.9.5

[meta-selinux][PATCH 02/10] checkpolicy: migrate SRC_URI to 2.2

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 recipes-security/selinux/checkpolicy_2.2.bb |    6 +++---
 recipes-security/selinux/checkpolicy_git.bb |    2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/recipes-security/selinux/checkpolicy_2.2.bb b/recipes-security/selinux/checkpolicy_2.2.bb
index 198de31..8388e0f 100644
--- a/recipes-security/selinux/checkpolicy_2.2.bb
+++ b/recipes-security/selinux/checkpolicy_2.2.bb
@@ -1,9 +1,9 @@
 PR = "r0"
 
-include selinux_20130423.inc
+include selinux_20131030.inc
 include ${BPN}.inc
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
 
-SRC_URI[md5sum] = "b82c55a95855611b67ac99c7e8f48552"
-SRC_URI[sha256sum] = "e6a0ac539b74859b4262b317eb90d9914deb15e7aa509659f47724d50fe2ecc6"
+SRC_URI[md5sum] = "9662eaa1163de67cf3d392b58d262552"
+SRC_URI[sha256sum] = "9ff6698f4d4cb59c9c916e348187d533ada4107f90c253ef7304905934e9adf8"
diff --git a/recipes-security/selinux/checkpolicy_git.bb b/recipes-security/selinux/checkpolicy_git.bb
index bd59001..bf6250d 100644
--- a/recipes-security/selinux/checkpolicy_git.bb
+++ b/recipes-security/selinux/checkpolicy_git.bb
@@ -1,5 +1,5 @@
 PR = "r0"
-PV = "2.1.12+git${SRCPV}"
+PV = "2.2+git${SRCPV}"
 
 include selinux_git.inc
 include ${BPN}.inc
-- 
1.7.9.5

[meta-selinux][PATCH 03/10] libselinux: migrate SRC_URI and patches to 2.2

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

These two patches are removed since they are merged by new version:
 - libselinux-fix-init-load-policy.patch
 - libselinux-pcre-link-order.patch

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 .../libselinux-fix-init-load-policy.patch          |   27 -----------------
 .../libselinux/libselinux-pcre-link-order.patch    |   31 --------------------
 recipes-security/selinux/libselinux_2.2.bb         |    8 ++---
 recipes-security/selinux/libselinux_git.bb         |   10 +++++--
 4 files changed, 10 insertions(+), 66 deletions(-)
 delete mode 100644 recipes-security/selinux/libselinux/libselinux-fix-init-load-policy.patch
 delete mode 100644 recipes-security/selinux/libselinux/libselinux-pcre-link-order.patch

diff --git a/recipes-security/selinux/libselinux/libselinux-fix-init-load-policy.patch b/recipes-security/selinux/libselinux/libselinux-fix-init-load-policy.patch
deleted file mode 100644
index 67e32d6..0000000
--- a/recipes-security/selinux/libselinux/libselinux-fix-init-load-policy.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From ac70ca3b336b52b01cdc38157d25bf7e85098ee1 Mon Sep 17 00:00:00 2001
-From: Xin Ouyang <Xin.Ouyang@windriver.com>
-Date: Thu, 12 Apr 2012 16:10:10 +0800
-Subject: [PATCH] libselinux: fix init load policy
-
-selinux_init_load_policy() would fail if we use the new mount point
-for selinuxfs(/sys/fs/selinux) while sysfs(/sys) is still not
-mounted.
----
- src/load_policy.c |    1 +
- 1 files changed, 1 insertions(+), 0 deletions(-)
-
-diff --git a/src/load_policy.c b/src/load_policy.c
-index f569664..60e7efd 100644
---- a/src/load_policy.c
-+++ b/src/load_policy.c
-@@ -370,6 +370,7 @@ int selinux_init_load_policy(int *enforce)
- 	 * mount it if present for use in the calls below.  
- 	 */
-	const char *mntpoint = NULL;
-+	rc = mount("sysfs", "/sys", "sysfs", 0, 0);
- 	if (mount(SELINUXFS, SELINUXMNT, SELINUXFS, 0, 0) == 0 || errno == EBUSY) {
- 		mntpoint = SELINUXMNT;
- 	} else {
--- 
-1.7.5.4
-
diff --git a/recipes-security/selinux/libselinux/libselinux-pcre-link-order.patch b/recipes-security/selinux/libselinux/libselinux-pcre-link-order.patch
deleted file mode 100644
index f011f1a..0000000
--- a/recipes-security/selinux/libselinux/libselinux-pcre-link-order.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-Subject: [PATCH] libselinux: Put -lpcre in LDADD for correct linking order
-
-Upstream-Status: pending
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- src/Makefile |    4 ++--
- 1 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/Makefile b/src/Makefile
-index c4f5d4c..8f5aec5 100644
---- a/src/Makefile
-+++ b/src/Makefile
-@@ -20,7 +20,7 @@ RUBYINC ?= $(shell pkg-config --cflags ruby)
- RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
- LIBBASE=$(shell basename $(LIBDIR))
- 
--LDFLAGS ?= -lpcre -lpthread
-+LDADD ?= -lpcre -lpthread
- 
- VERSION = $(shell cat ../VERSION)
- LIBVERSION = 1
-@@ -116,7 +116,7 @@ $(LIBA): $(OBJS)
- 	$(RANLIB) $@
- 
- $(LIBSO): $(LOBJS)
--	$(CC) $(CFLAGS) -shared -o $@ $^ -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
-+	$(CC) $(CFLAGS) -shared -o $@ $^ -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro $(LDADD)
- 	ln -sf $@ $(TARGET) 
- 
- $(LIBPC): $(LIBPC).in ../VERSION
diff --git a/recipes-security/selinux/libselinux_2.2.bb b/recipes-security/selinux/libselinux_2.2.bb
index caed650..23bb9cb 100644
--- a/recipes-security/selinux/libselinux_2.2.bb
+++ b/recipes-security/selinux/libselinux_2.2.bb
@@ -1,16 +1,14 @@
 PR = "r0"
 
-include selinux_20130423.inc
+include selinux_20131030.inc
 include ${BPN}.inc
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
 
-SRC_URI[md5sum] = "32bf7b5182977a8a9248a1eeefe49a22"
-SRC_URI[sha256sum] = "57aad47c06b7ec18a76e8d9870539277a84cb40109cfdcf70ed3260bdb04447a"
+SRC_URI[md5sum] = "d82beab880749a017f2737e6687fec30"
+SRC_URI[sha256sum] = "e9dc64216543a7283d786f623ac28e8867f8794138e7deba474a3aa8d02dce33"
 
 SRC_URI += "\
-        file://libselinux-fix-init-load-policy.patch \
-        file://libselinux-pcre-link-order.patch \
         file://libselinux-drop-Wno-unused-but-set-variable.patch \
         file://libselinux-make-O_CLOEXEC-optional.patch \
         file://libselinux-make-SOCK_CLOEXEC-optional.patch \
diff --git a/recipes-security/selinux/libselinux_git.bb b/recipes-security/selinux/libselinux_git.bb
index 6f93fd4..fb4fef2 100644
--- a/recipes-security/selinux/libselinux_git.bb
+++ b/recipes-security/selinux/libselinux_git.bb
@@ -1,10 +1,14 @@
 PR = "r0"
-PV = "2.1.13+git${SRCPV}"
+PV = "2.2+git${SRCPV}"
 
 include selinux_git.inc
 include ${BPN}.inc
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
 
-SRC_URI += "file://libselinux-fix-init-load-policy.patch \
-	file://libselinux-pcre-link-order.patch"
+SRC_URI += "\
+	file://libselinux-drop-Wno-unused-but-set-variable.patch \
+	file://libselinux-make-O_CLOEXEC-optional.patch \
+	file://libselinux-make-SOCK_CLOEXEC-optional.patch \
+	file://libselinux-define-FD_CLOEXEC-as-necessary.patch \
+	"
-- 
1.7.9.5

[meta-selinux][PATCH 04/10] libsemanage: migrate SRC_URI to 2.2

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

Updated patch:
 - libsemanage-fix-path-nologin.patch

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 .../libsemanage/libsemanage-fix-path-nologin.patch |    9 +++++----
 recipes-security/selinux/libsemanage_2.2.bb        |    6 +++---
 recipes-security/selinux/libsemanage_git.bb        |    3 ++-
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch b/recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch
index 7ce586b..5fc1e17 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch
@@ -6,12 +6,13 @@ shadow package of oe-core and Debian has installed nologin into
 Upstream-Status: Inappropriate [configuration]
 
 Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
 ---
  src/genhomedircon.c |    4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/src/genhomedircon.c b/src/genhomedircon.c
-index 262a6cd..a50e03d 100644
+index f3b9b5c..4f4865a 100644
 --- a/src/genhomedircon.c
 +++ b/src/genhomedircon.c
 @@ -58,7 +58,7 @@
@@ -23,12 +24,12 @@ index 262a6cd..a50e03d 100644
  
  /* comments written to context file */
  #define COMMENT_FILE_CONTEXT_HEADER "#\n#\n# " \
-@@ -392,7 +392,7 @@ static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s)
+@@ -393,7 +393,7 @@ static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s)
  
  			/* NOTE: old genhomedircon printed a warning on match */
  			if (hand.matched) {
--				WARN(s->h_semanage, "%s homedir %s or its parent directory conflicts with a file context already specified in the policy.  This usually indicates an incorrectly defined system account.  If it is a system account please make sure its uid is less than %u or its login shell is /sbin/nologin.", pwbuf->pw_name, pwbuf->pw_dir, minuid);
-+				WARN(s->h_semanage, "%s homedir %s or its parent directory conflicts with a file context already specified in the policy.  This usually indicates an incorrectly defined system account.  If it is a system account please make sure its uid is less than %u or its login shell is /usr/sbin/nologin.", pwbuf->pw_name, pwbuf->pw_dir, minuid);
+-				WARN(s->h_semanage, "%s homedir %s or its parent directory conflicts with a file context already specified in the policy.  This usually indicates an incorrectly defined system account.  If it is a system account please make sure its uid is less than %u or greater than %u or its login shell is /sbin/nologin.", pwbuf->pw_name, pwbuf->pw_dir, minuid, maxuid);
++				WARN(s->h_semanage, "%s homedir %s or its parent directory conflicts with a file context already specified in the policy.  This usually indicates an incorrectly defined system account.  If it is a system account please make sure its uid is less than %u or greater than %u or its login shell is /usr/sbin/nologin.", pwbuf->pw_name, pwbuf->pw_dir, minuid, maxuid);
  			} else {
  				if (semanage_list_push(&homedir_list, path))
  					goto fail;
diff --git a/recipes-security/selinux/libsemanage_2.2.bb b/recipes-security/selinux/libsemanage_2.2.bb
index 900d608..4ee93c0 100644
--- a/recipes-security/selinux/libsemanage_2.2.bb
+++ b/recipes-security/selinux/libsemanage_2.2.bb
@@ -1,12 +1,12 @@
 PR = "r0"
 
-include selinux_20130423.inc
+include selinux_20131030.inc
 include ${BPN}.inc
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
 
-SRC_URI[md5sum] = "44fc8a3387486378a21d8df7454b9d42"
-SRC_URI[sha256sum] = "de2e8077245581e94576276f54e80a53c23c28d6961d2dfbe2f004eaba452e91"
+SRC_URI[md5sum] = "2a939538645de6023633bc2247a5e72e"
+SRC_URI[sha256sum] = "11f60bfa0f1c6063cd9bd99ce0cb4acc9d6d9e9b8d7743d39e847bcd7803bd75"
 
 SRC_URI += "\
 	file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \
diff --git a/recipes-security/selinux/libsemanage_git.bb b/recipes-security/selinux/libsemanage_git.bb
index 6553c6b..c3799fd 100644
--- a/recipes-security/selinux/libsemanage_git.bb
+++ b/recipes-security/selinux/libsemanage_git.bb
@@ -1,5 +1,5 @@
 PR = "r0"
-PV = "2.1.10+git${SRCPV}"
+PV = "2.2+git${SRCPV}"
 
 include selinux_git.inc
 include ${BPN}.inc
@@ -11,4 +11,5 @@ SRC_URI += "\
 	file://libsemanage-fix-path-len-limit.patch \
 	file://libsemanage-fix-path-nologin.patch \
 	file://libsemanage-drop-Wno-unused-but-set-variable.patch \
+	file://libsemanage-define-FD_CLOEXEC-as-necessary.patch;striplevel=2 \
 	"
-- 
1.7.9.5

[meta-selinux][PATCH 05/10] libsepol: migrate SRC_URI to 2.2

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

Removed patch and ported changes to 2.2 bbfile:
 - libsepol-Change-ranlib-for-cross-compiling.patch

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 recipes-security/selinux/libsepol.inc              |    5 +++-
 ...ibsepol-Change-ranlib-for-cross-compiling.patch |   31 --------------------
 recipes-security/selinux/libsepol_2.2.bb           |    8 ++---
 recipes-security/selinux/libsepol_git.bb           |    4 +--
 4 files changed, 8 insertions(+), 40 deletions(-)
 delete mode 100644 recipes-security/selinux/libsepol/libsepol-Change-ranlib-for-cross-compiling.patch

diff --git a/recipes-security/selinux/libsepol.inc b/recipes-security/selinux/libsepol.inc
index 8f0dc33..b7509e2 100644
--- a/recipes-security/selinux/libsepol.inc
+++ b/recipes-security/selinux/libsepol.inc
@@ -10,5 +10,8 @@ LICENSE = "LGPLv2+"
 
 inherit lib_package
 
-BBCLASSEXTEND = "native"
+# Change RANLIB for cross compiling, use host-tools $(AR) rather than
+# local ranlib.
+EXTRA_OEMAKE += "RANLIB='$(AR) s'"
 
+BBCLASSEXTEND = "native"
diff --git a/recipes-security/selinux/libsepol/libsepol-Change-ranlib-for-cross-compiling.patch b/recipes-security/selinux/libsepol/libsepol-Change-ranlib-for-cross-compiling.patch
deleted file mode 100644
index f2fc313..0000000
--- a/recipes-security/selinux/libsepol/libsepol-Change-ranlib-for-cross-compiling.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 2ee1e9651ec4aa78daf15dfef74e0b6aaeb8db1e Mon Sep 17 00:00:00 2001
-From: Xin Ouyang <Xin.Ouyang@windriver.com>
-Date: Tue, 21 Feb 2012 14:47:45 +0800
-Subject: [PATCH] libsepol: Change ranlib for cross compiling.
-
-Use target host-tools to encapsulate any difference between local tools
-on different machines. For example, on local PC, libsepol.a's index could
-be added successfully by local ranlib, however, it will fail on some sever,
-so we'd better use host-tools $(AR) rather than any local ranlib.
-
-Signed-off-by: Harry Ciao<qingtao.cao@windriver.com>
----
- src/Makefile |    2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
-
-diff --git a/src/Makefile b/src/Makefile
-index cd8e767..beea232 100644
---- a/src/Makefile
-+++ b/src/Makefile
-@@ -21,7 +21,7 @@ all: $(LIBA) $(LIBSO) $(LIBPC)
- 
- $(LIBA):  $(OBJS)
- 	$(AR) rcs $@ $^
--	ranlib $@
-+	$(AR) s $@
- 
- $(LIBSO): $(LOBJS)
- 	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -Wl,-soname,$(LIBSO),--version-script=libsepol.map,-z,defs
--- 
-1.7.5.4
-
diff --git a/recipes-security/selinux/libsepol_2.2.bb b/recipes-security/selinux/libsepol_2.2.bb
index efedb63..b4d717c 100644
--- a/recipes-security/selinux/libsepol_2.2.bb
+++ b/recipes-security/selinux/libsepol_2.2.bb
@@ -1,11 +1,9 @@
 PR = "r0"
 
-include selinux_20130423.inc
+include selinux_20131030.inc
 include ${BPN}.inc
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
 
-SRC_URI[md5sum] = "980964224683fa29d4ed65beb94b56ee"
-SRC_URI[sha256sum] = "290d17f583635a4a5d8a2141511272adf0571c4205cdea38b5a68df20d58a70b"
-
-SRC_URI += "file://libsepol-Change-ranlib-for-cross-compiling.patch"
+SRC_URI[md5sum] = "41cbe38ea809b5752f520bdeac4d2cf8"
+SRC_URI[sha256sum] = "77a4b27006295805bdbd7f240038cb32a49be1d60847d413899501702933fc0f"
diff --git a/recipes-security/selinux/libsepol_git.bb b/recipes-security/selinux/libsepol_git.bb
index 1fa83a4..bc2bd8f 100644
--- a/recipes-security/selinux/libsepol_git.bb
+++ b/recipes-security/selinux/libsepol_git.bb
@@ -1,9 +1,7 @@
 PR = "r0"
-PV = "2.1.9+git${SRCPV}"
+PV = "2.2+git${SRCPV}"
 
 include selinux_git.inc
 include ${BPN}.inc
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
-
-SRC_URI += "file://libsepol-Change-ranlib-for-cross-compiling.patch"
-- 
1.7.9.5

[meta-selinux][PATCH 06/10] policycoreutils: migrate SRC_URI and patches to 2.2.5

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

This patch is removed since it is merged by new version:
 - policycoreutils-fix-strict-prototypes.patch

These two patches are updated:
 - policycoreutils-fix-sepolicy-install-path.patch
 - policycoreutils-make-O_CLOEXEC-optional.patch

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 recipes-security/selinux/policycoreutils.inc       |    2 +-
 ...policycoreutils-fix-sepolicy-install-path.patch |   18 +++++------
 .../policycoreutils-fix-strict-prototypes.patch    |   34 --------------------
 .../policycoreutils-make-O_CLOEXEC-optional.patch  |   28 ++++++++--------
 recipes-security/selinux/policycoreutils_2.2.5.bb  |    9 +++---
 recipes-security/selinux/policycoreutils_git.bb    |    8 +++--
 6 files changed, 32 insertions(+), 67 deletions(-)
 delete mode 100644 recipes-security/selinux/policycoreutils/policycoreutils-fix-strict-prototypes.patch

diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc
index a474cb0..430b03f 100644
--- a/recipes-security/selinux/policycoreutils.inc
+++ b/recipes-security/selinux/policycoreutils.inc
@@ -1,4 +1,4 @@
-PRINC = "3"
+PRINC = "1"
 
 SUMMARY = "SELinux policy core utilities"
 DESCRIPTION = "policycoreutils contains the policy core utilities that are required \
diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-fix-sepolicy-install-path.patch b/recipes-security/selinux/policycoreutils/policycoreutils-fix-sepolicy-install-path.patch
index aaf2e66..617908a 100644
--- a/recipes-security/selinux/policycoreutils/policycoreutils-fix-sepolicy-install-path.patch
+++ b/recipes-security/selinux/policycoreutils/policycoreutils-fix-sepolicy-install-path.patch
@@ -1,35 +1,33 @@
-From 086f715e2a0dd05c07f0428f424017cc96acc387 Mon Sep 17 00:00:00 2001
-From: Xin Ouyang <Xin.Ouyang@windriver.com>
-Date: Thu, 22 Aug 2013 16:40:26 +0800
 Subject: [PATCH] policycoreutils: fix install path for new pymodule sepolicy
 
 Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
 ---
  sepolicy/Makefile |    4 +++-
  1 file changed, 3 insertions(+), 1 deletion(-)
 
 diff --git a/sepolicy/Makefile b/sepolicy/Makefile
-index 11b534f..9e46b74 100644
+index 2b8716c..70f4bdd 100644
 --- a/sepolicy/Makefile
 +++ b/sepolicy/Makefile
-@@ -11,6 +11,8 @@ BASHCOMPLETIONDIR ?= $(DESTDIR)/etc/bash_completion.d/
+@@ -12,6 +12,8 @@ BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions
  SHAREDIR ?= $(PREFIX)/share/sandbox
- override CFLAGS = $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="policycoreutils" -Wall -Werror -Wextra -W  -DSHARED -shared
+ override CFLAGS = -I$(PREFIX)/include -DPACKAGE="policycoreutils" -Wall -Werror -Wextra -W  -DSHARED -shared
  
 +PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
 +
- BASHCOMPLETIONS=sepolicy-bash-completion.sh 
+ BASHCOMPLETIONS=sepolicy-bash-completion.sh
  
  all: python-build
-@@ -23,7 +25,7 @@ clean:
- 	-rm -rf build *~ \#* *pyc .#*
+@@ -30,7 +32,7 @@ test:
+ 	@python test_sepolicy.py -v
  
  install:
 -	$(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
 +	$(PYTHON) setup.py install --install-lib $(LIBDIR)/$(PYLIBVER)/site-packages
  	[ -d $(BINDIR) ] || mkdir -p $(BINDIR)
  	install -m 755 sepolicy.py $(BINDIR)/sepolicy
- 	-mkdir -p $(MANDIR)/man8
+ 	(cd $(BINDIR); ln -sf sepolicy sepolgen)
 -- 
 1.7.9.5
 
diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-fix-strict-prototypes.patch b/recipes-security/selinux/policycoreutils/policycoreutils-fix-strict-prototypes.patch
deleted file mode 100644
index 9bb353a..0000000
--- a/recipes-security/selinux/policycoreutils/policycoreutils-fix-strict-prototypes.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 5944e9908fc12d69d19a1d24128cbc6d1a423c3d Mon Sep 17 00:00:00 2001
-From: Xin Ouyang <Xin.Ouyang@windriver.com>
-Date: Tue, 18 Jun 2013 12:29:00 +0800
-Subject: [PATCH] policycoreutils: fix build strict-prototypes failure
-
-| policy.c:90:6: error: function declaration isn't a prototype
-[-Werror=strict-prototypes]
-| cc1: all warnings being treated as errors
-| error: command 'i586-poky-linux-gcc' failed with exit status 1
-| make[1]: *** [python-build] Error 1
-
-Upstream-Status: pending
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
----
- sepolicy/policy.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/sepolicy/policy.c b/sepolicy/policy.c
-index 4eca22d..e454e75 100644
---- a/sepolicy/policy.c
-+++ b/sepolicy/policy.c
-@@ -87,7 +87,7 @@ static PyMethodDef methods[] = {
- 	{NULL, NULL, 0, NULL}	/* sentinel */
- };
- 
--void init_policy() {
-+void init_policy(void) {
- PyObject *m;
- m = Py_InitModule("_policy", methods);
- init_info(m);
--- 
-1.7.9.5
-
diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch b/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch
index aaaa1e5..d50356e 100644
--- a/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch
+++ b/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch
@@ -1,7 +1,4 @@
-From dca6a89058d818827d6f1c80c9b6abb46002b855 Mon Sep 17 00:00:00 2001
-From: Joe MacDonald <joe.macdonald@windriver.com>
-Date: Fri, 11 Oct 2013 09:55:43 -0400
-Subject: [PATCH 1/2] policycoreutils: make O_CLOEXEC optional
+Subject: [PATCH] policycoreutils: make O_CLOEXEC optional
 
 Various commits in the selinux tree in the current release added O_CLOEXEC
 to open() calls in an attempt to address file descriptor leaks as
@@ -17,29 +14,30 @@ produce curious AVC Denied messages.
 Uptream-Status: Inappropriate [O_CLOEXEC has been in Linux since 2007 and POSIX since 2008]
 
 Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
 ---
  restorecond/user.c |    8 +++++++-
  1 file changed, 7 insertions(+), 1 deletion(-)
 
 diff --git a/restorecond/user.c b/restorecond/user.c
-index 00a646f..50f3ab6 100644
+index 2c28676..6235772 100644
 --- a/restorecond/user.c
 +++ b/restorecond/user.c
-@@ -201,7 +201,13 @@ static int local_server() {
+@@ -202,7 +202,13 @@ static int local_server() {
  			perror("asprintf");
  		return -1;
  	}
--	int fd = open(ptr, O_CREAT | O_WRONLY | O_NOFOLLOW | O_CLOEXEC, S_IRUSR | S_IWUSR);
-+	int fd = open(ptr, O_CREAT | O_WRONLY | O_NOFOLLOW 
-+#ifdef O_CLOEXEC
-+                 | O_CLOEXEC
-+#else
-+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
-+#endif
-+                 , S_IRUSR | S_IWUSR);
+-	local_lock_fd = open(ptr, O_CREAT | O_WRONLY | O_NOFOLLOW | O_CLOEXEC, S_IRUSR | S_IWUSR);
++	local_lock_fd = open(ptr, O_CREAT | O_WRONLY | O_NOFOLLOW
++	#ifdef O_CLOEXEC
++		| O_CLOEXEC
++	#else
++		#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
++	#endif
++		, S_IRUSR | S_IWUSR);
  	if (debug_mode)
  		g_warning ("Lock file: %s", ptr);
  
 -- 
-1.7.10.4
+1.7.9.5
 
diff --git a/recipes-security/selinux/policycoreutils_2.2.5.bb b/recipes-security/selinux/policycoreutils_2.2.5.bb
index 64f0d8d..23cc42f 100644
--- a/recipes-security/selinux/policycoreutils_2.2.5.bb
+++ b/recipes-security/selinux/policycoreutils_2.2.5.bb
@@ -1,15 +1,14 @@
-PR = "r3"
+PR = "r0"
 
-include selinux_20130423.inc
+include selinux_20131030.inc
 include ${BPN}.inc
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
 
-SRC_URI[md5sum] = "f34216414b650a0a25dec89a758234fb"
-SRC_URI[sha256sum] = "b6881741f9f9988346a73bfeccb0299941dc117349753f0ef3f23ee86f06c1b5"
+SRC_URI[md5sum] = "a2963d7024c5c4ce89f2459d48f91ec8"
+SRC_URI[sha256sum] = "bbf850a8c3c2f371f439d6525663eecdd3a737acd594d2f27f8d8f3a07830cc4"
 
 SRC_URI += "\
-	file://policycoreutils-fix-strict-prototypes.patch \
 	file://policycoreutils-revert-run_init-open_init_pty.patch \
 	file://policycoreutils-fix-sepolicy-install-path.patch \
 	file://policycoreutils-make-O_CLOEXEC-optional.patch \
diff --git a/recipes-security/selinux/policycoreutils_git.bb b/recipes-security/selinux/policycoreutils_git.bb
index fb7b48f..9a6425b 100644
--- a/recipes-security/selinux/policycoreutils_git.bb
+++ b/recipes-security/selinux/policycoreutils_git.bb
@@ -1,9 +1,13 @@
 PR = "r0"
-PV = "2.1.14+git${SRCPV}"
+PV = "2.2.5+git${SRCPV}"
 
 include selinux_git.inc
 include ${BPN}.inc
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
 
-SRC_URI += "file://policycoreutils-fix-strict-prototypes.patch"
+SRC_URI += "\
+	file://policycoreutils-revert-run_init-open_init_pty.patch \
+	file://policycoreutils-fix-sepolicy-install-path.patch \
+	file://policycoreutils-make-O_CLOEXEC-optional.patch \
+	"
-- 
1.7.9.5

[meta-selinux][PATCH 07/10] sepolgen: migrate SRC_URI to 1.2.1

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 recipes-security/selinux/sepolgen_1.2.1.bb |    6 +++---
 recipes-security/selinux/sepolgen_git.bb   |    2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/recipes-security/selinux/sepolgen_1.2.1.bb b/recipes-security/selinux/sepolgen_1.2.1.bb
index a132727..eb1065a 100644
--- a/recipes-security/selinux/sepolgen_1.2.1.bb
+++ b/recipes-security/selinux/sepolgen_1.2.1.bb
@@ -1,9 +1,9 @@
 PR = "r0"
 
-include selinux_20130423.inc
+include selinux_20131030.inc
 include ${BPN}.inc
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
 
-SRC_URI[md5sum] = "505a8b70eb110b770119e6560d183216"
-SRC_URI[sha256sum] = "8a1c6d3a78c9b6ad3555c74def555f65a62950bf21c111c585bfc382fec3a645"
+SRC_URI[md5sum] = "ce662a83188bc3a9b40c15792fcaf2c8"
+SRC_URI[sha256sum] = "438c246bdc6b3cf1b12116831f4c601aaae6e93decb007dddab212a3c88781b0"
diff --git a/recipes-security/selinux/sepolgen_git.bb b/recipes-security/selinux/sepolgen_git.bb
index 710019d..95c3491 100644
--- a/recipes-security/selinux/sepolgen_git.bb
+++ b/recipes-security/selinux/sepolgen_git.bb
@@ -1,5 +1,5 @@
 PR = "r0"
-PV = "1.1.9+git${SRCPV}"
+PV = "1.2.1+git${SRCPV}"
 
 include selinux_git.inc
 include ${BPN}.inc
-- 
1.7.9.5

[meta-selinux][PATCH 08/10] libsemanage: add audit dependency

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

Building libsemanage 2.2 need the header libaudit.h.

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 recipes-security/audit/audit_2.3.2.bb    |    8 +++++++-
 recipes-security/selinux/libsemanage.inc |    2 +-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/recipes-security/audit/audit_2.3.2.bb b/recipes-security/audit/audit_2.3.2.bb
index bd7b4eb..b546297 100644
--- a/recipes-security/audit/audit_2.3.2.bb
+++ b/recipes-security/audit/audit_2.3.2.bb
@@ -26,6 +26,7 @@ SRC_URI[md5sum] = "4e8d065b5cc16b77b9b61e93a9ed160e"
 SRC_URI[sha256sum] = "8872e0b5392888789061db8034164305ef0e1b34543e1e7004d275f039081d29"
 
 DEPENDS += "python tcp-wrappers libcap-ng linux-libc-headers (>= 2.6.30)"
+DEPENDS_class-native = ""
 
 EXTRA_OECONF += "--without-prelude \
 	--with-libwrap \
@@ -37,6 +38,9 @@ EXTRA_OECONF += "--without-prelude \
 	--sbindir=${base_sbindir} \
 	"
 
+# Remove extra configs for native build
+EXTRA_OECONF_class-native = "--with-python=no"
+
 EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' \
 	PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \
 	pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \
@@ -62,7 +66,7 @@ FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug"
 FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
 FILES_${PN}-dev += "${base_libdir}/*.so ${base_libdir}/*.la"
 
-do_install_append() {
+do_install_append_class-target() {
 	rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a
 	rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la
 
@@ -75,3 +79,5 @@ do_install_append() {
 	install -D -m 0755 ${S}/../auditd ${D}/etc/init.d/auditd
 	rm -rf ${D}/etc/rc.d
 }
+
+BBCLASSEXTEND = "native"
diff --git a/recipes-security/selinux/libsemanage.inc b/recipes-security/selinux/libsemanage.inc
index dfc3006..a978c75 100644
--- a/recipes-security/selinux/libsemanage.inc
+++ b/recipes-security/selinux/libsemanage.inc
@@ -10,7 +10,7 @@ LICENSE = "LGPLv2.1+"
 
 inherit lib_package
 
-DEPENDS += "libsepol libselinux ustr bzip2 python bison-native flex-native"
+DEPENDS += "libsepol libselinux ustr bzip2 python audit bison-native flex-native"
 
 PACKAGES += "${PN}-python"
 FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*"
-- 
1.7.9.5

[meta-selinux][PATCH 09/10] policycoreutils: fix QA issues

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

ERROR: QA Issue: policycoreutils: Files/directories were installed \
but not shipped
  /usr/share/icons/hicolor/24x24/apps/system-config-selinux.png
  /usr/share/bash-completion/completions/setsebool
  /usr/share/bash-completion/completions/sepolicy
  /usr/share/bash-completion/completions/semanage
  /usr/share/dbus-1/system-services/org.selinux.service
  /usr/share/polkit-1/actions/org.selinux.config.policy
  /usr/share/polkit-1/actions/org.selinux.policy

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 recipes-security/selinux/policycoreutils.inc |   10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc
index 430b03f..56470e9 100644
--- a/recipes-security/selinux/policycoreutils.inc
+++ b/recipes-security/selinux/policycoreutils.inc
@@ -176,7 +176,7 @@ FILES_${PN}-sandbox += "\
 FILES_${PN}-secon += "${bindir}/secon"
 FILES_${PN}-semanage = "\
 	${sbindir}/semanage \
-	${sysconfdir}/bash_completion.d/semanage-bash-completion.sh \
+	${datadir}/bash-completion/completions/semanage \
 "
 FILES_${PN}-semodule += "${sbindir}/semodule"
 FILES_${PN}-semodule-deps += "${bindir}/semodule_deps"
@@ -188,7 +188,9 @@ FILES_${PN}-semodule-package += "\
 "
 FILES_${PN}-sepolicy += "\
 	${bindir}/sepolicy \
-	${sysconfdir}/bash_completion.d/sepolicy-bash-completion.sh \
+	${datadir}/bash-completion/completions/sepolicy \
+	${datadir}/dbus-1/system-services/org.selinux.service \
+	${datadir}/polkit-1/actions/org.selinux.policy \
 "
 FILES_${PN}-sepolgen-ifgen += "\
 	${bindir}/sepolgen-ifgen \
@@ -204,11 +206,13 @@ FILES_${PN}-setfiles += "\
 "
 FILES_${PN}-setsebool += "\
 	${sbindir}/setsebool \
-	${sysconfdir}/bash_completion.d/setsebool-bash-completion.sh \
+	${datadir}/bash-completion/completions/setsebool \
 "
 FILES_system-config-selinux = " \
     ${bindir}/sepolgen \
     ${datadir}/system-config-selinux/* \
+    ${datadir}/icons/hicolor/24x24/apps/system-config-selinux.png \
+    ${datadir}/polkit-1/actions/org.selinux.config.policy \
 "
 
 export STAGING_INCDIR
-- 
1.7.9.5

[meta-selinux][PATCH 10/10] selinux packagegroups: update LIC_FILES_CHKSUM

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 .../packagegroups/packagegroup-core-selinux.bb     |    2 +-
 .../packagegroups/packagegroup-selinux-minimal.bb  |    2 +-
 .../packagegroup-selinux-policycoreutils.bb        |    2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/recipes-security/packagegroups/packagegroup-core-selinux.bb b/recipes-security/packagegroups/packagegroup-core-selinux.bb
index 76863b0..1852aba 100644
--- a/recipes-security/packagegroups/packagegroup-core-selinux.bb
+++ b/recipes-security/packagegroups/packagegroup-core-selinux.bb
@@ -1,6 +1,6 @@
 DESCRIPTION = "SELinux packagegroup for Poky"
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=3f40d7994397109285ec7b81fdeb3b58 \
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
                     file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
 PR = "r0"
 
diff --git a/recipes-security/packagegroups/packagegroup-selinux-minimal.bb b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
index bae15ea..2ff16f8 100644
--- a/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
+++ b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb
@@ -1,6 +1,6 @@
 DESCRIPTION = "SELinux packagegroup with only packages required for basic operations"
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=3f40d7994397109285ec7b81fdeb3b58 \
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
                     file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
 PR = "r0"
 
diff --git a/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb b/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb
index bb221eb..7f56d7c 100644
--- a/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb
+++ b/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb
@@ -1,6 +1,6 @@
 DESCRIPTION = "SELinux policycoreutils packagegroup"
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=3f40d7994397109285ec7b81fdeb3b58 \
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
                     file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420 \
 "
 PR = "r0"
-- 
1.7.9.5

Re: [meta-selinux][PATCH 00/10] selinux userspace: uprev packages to release 20131030

[Pascal Ouyang]

于 14-1-9 上午9:38, wenzong.fan@windriver.com 写道:
> From: Wenzong Fan <wenzong.fan@windriver.com>
> 
> Changes:
> 1) Uprev selinux packages to release 20131030;
> 2) Fix build dependency to libsemanage;
> 3) Fix QA issues to policycoreutils;
> 4) Update LIC_FILES_CHKSUM for selinux packagegroups.
> 
> Some Tests:
> 1) build test:
> - add meta-selinux path to conf/bblayers.conf;
> - add DISTRO_FEATURES_append=" pam selinux" to conf/local.conf;
> - build selinux image:
>    $ bitbake core-image-selinux
> 
> - add below configs to conf/local.conf and run image build:
>    PREFERRED_VERSION_checkpolicy = "2.2+gitAUTOINC+edc2e99687"
>    PREFERRED_VERSION_libselinux = "2.2+gitAUTOINC+edc2e99687"
>    PREFERRED_VERSION_libsemanage = "2.2+gitAUTOINC+edc2e99687"
>    PREFERRED_VERSION_libsepol = "2.2+gitAUTOINC+edc2e99687"
>    PREFERRED_VERSION_policycoreutils = "2.2.5+gitAUTOINC+edc2e99687"
>    PREFERRED_VERSION_sepolgen = "1.2.1+gitAUTOINC+edc2e99687"
> 
> All builds successfully.
> 
> 2) basic verification on target:
> $ runqemu qemux86 core-image-selinux ext3 nographic qemuparams="-m 1024"
> 
> qemux86 login: root
> root@qemux86:~# id -Z
> root:sysadm_r:sysadm_t:s0-s15:c0.c1023
> 
> root@qemux86:~# sestatus
> SELinux status:                 enabled
> SELinuxfs mount:                /sys/fs/selinux
> SELinux root directory:         /etc/selinux
> Loaded policy name:             mls
> Current mode:                   enforcing
> Mode from config file:          enforcing
> Policy MLS status:              enabled
> Policy deny_unknown status:     allowed
> Max kernel policy version:      28
> 
> 
> The following changes since commit 2209cb5fc21c1ad5a7471897528ed64170f70219:
> 
>    policy: Create compressed_policy distro feature (2013-12-05 09:03:41 -0500)
> 
> are available in the git repository at:
> 
>    git://git.pokylinux.org/poky-contrib wenzong/selinux-uprev
>    http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/selinux-uprev
> 
> Wenzong Fan (10):
>    selinux userspace: uprev packages to release 20131030
>    checkpolicy: migrate SRC_URI to 2.2
>    libselinux: migrate SRC_URI and patches to 2.2
>    libsemanage: migrate SRC_URI to 2.2
>    libsepol: migrate SRC_URI to 2.2
>    policycoreutils: migrate SRC_URI and patches to 2.2.5
>    sepolgen: migrate SRC_URI to 1.2.1
>    libsemanage: add audit dependency
>    policycoreutils: fix QA issues
>    selinux packagegroups: update LIC_FILES_CHKSUM
> 
>   recipes-security/audit/audit_2.3.2.bb              |    8 ++++-
>   .../packagegroups/packagegroup-core-selinux.bb     |    2 +-
>   .../packagegroups/packagegroup-selinux-minimal.bb  |    2 +-
>   .../packagegroup-selinux-policycoreutils.bb        |    2 +-
>   recipes-security/selinux/checkpolicy_2.1.12.bb     |    9 ------
>   recipes-security/selinux/checkpolicy_2.2.bb        |    9 ++++++
>   recipes-security/selinux/checkpolicy_git.bb        |    2 +-
>   .../libselinux-fix-init-load-policy.patch          |   27 ----------------
>   .../libselinux/libselinux-pcre-link-order.patch    |   31 ------------------
>   .../{libselinux_2.1.13.bb => libselinux_2.2.bb}    |    8 ++---
>   recipes-security/selinux/libselinux_git.bb         |   10 ++++--
>   recipes-security/selinux/libsemanage.inc           |    2 +-
>   .../libsemanage/libsemanage-fix-path-nologin.patch |    9 +++---
>   .../{libsemanage_2.1.10.bb => libsemanage_2.2.bb}  |    6 ++--
>   recipes-security/selinux/libsemanage_git.bb        |    3 +-
>   recipes-security/selinux/libsepol.inc              |    5 ++-
>   ...ibsepol-Change-ranlib-for-cross-compiling.patch |   31 ------------------
>   recipes-security/selinux/libsepol_2.1.9.bb         |   11 -------
>   recipes-security/selinux/libsepol_2.2.bb           |    9 ++++++
>   recipes-security/selinux/libsepol_git.bb           |    4 +--
>   recipes-security/selinux/policycoreutils.inc       |   12 ++++---
>   ...policycoreutils-fix-sepolicy-install-path.patch |   18 +++++------
>   .../policycoreutils-fix-strict-prototypes.patch    |   34 --------------------
>   .../policycoreutils-make-O_CLOEXEC-optional.patch  |   28 ++++++++--------
>   ...oreutils_2.1.14.bb => policycoreutils_2.2.5.bb} |    9 +++---
>   recipes-security/selinux/policycoreutils_git.bb    |    8 +++--
>   recipes-security/selinux/selinux_20130423.inc      |   12 -------
>   recipes-security/selinux/selinux_20131030.inc      |   12 +++++++
>   recipes-security/selinux/selinux_git.inc           |    4 +--
>   recipes-security/selinux/sepolgen_1.1.9.bb         |    9 ------
>   recipes-security/selinux/sepolgen_1.2.1.bb         |    9 ++++++
>   recipes-security/selinux/sepolgen_git.bb           |    2 +-
>   32 files changed, 117 insertions(+), 230 deletions(-)
>   delete mode 100644 recipes-security/selinux/checkpolicy_2.1.12.bb
>   create mode 100644 recipes-security/selinux/checkpolicy_2.2.bb
>   delete mode 100644 recipes-security/selinux/libselinux/libselinux-fix-init-load-policy.patch
>   delete mode 100644 recipes-security/selinux/libselinux/libselinux-pcre-link-order.patch
>   rename recipes-security/selinux/{libselinux_2.1.13.bb => libselinux_2.2.bb} (58%)
>   rename recipes-security/selinux/{libsemanage_2.1.10.bb => libsemanage_2.2.bb} (70%)
>   delete mode 100644 recipes-security/selinux/libsepol/libsepol-Change-ranlib-for-cross-compiling.patch
>   delete mode 100644 recipes-security/selinux/libsepol_2.1.9.bb
>   create mode 100644 recipes-security/selinux/libsepol_2.2.bb
>   delete mode 100644 recipes-security/selinux/policycoreutils/policycoreutils-fix-strict-prototypes.patch
>   rename recipes-security/selinux/{policycoreutils_2.1.14.bb => policycoreutils_2.2.5.bb} (55%)
>   delete mode 100644 recipes-security/selinux/selinux_20130423.inc
>   create mode 100644 recipes-security/selinux/selinux_20131030.inc
>   delete mode 100644 recipes-security/selinux/sepolgen_1.1.9.bb
>   create mode 100644 recipes-security/selinux/sepolgen_1.2.1.bb
> 

Tech is ok for me.

@Mark, please do the merge as well. Thanks. :)

-- 
- Pascal

Re: [meta-selinux][PATCH 00/10] selinux userspace: uprev packages to release 20131030

[Mark Hatle]

On 1/8/14, 7:38 PM, wenzong.fan@windriver.com wrote:

merged to master-next

> From: Wenzong Fan <wenzong.fan@windriver.com>
>
> Changes:
> 1) Uprev selinux packages to release 20131030;
> 2) Fix build dependency to libsemanage;
> 3) Fix QA issues to policycoreutils;
> 4) Update LIC_FILES_CHKSUM for selinux packagegroups.
>
> Some Tests:
> 1) build test:
> - add meta-selinux path to conf/bblayers.conf;
> - add DISTRO_FEATURES_append=" pam selinux" to conf/local.conf;
> - build selinux image:
>    $ bitbake core-image-selinux
>
> - add below configs to conf/local.conf and run image build:
>    PREFERRED_VERSION_checkpolicy = "2.2+gitAUTOINC+edc2e99687"
>    PREFERRED_VERSION_libselinux = "2.2+gitAUTOINC+edc2e99687"
>    PREFERRED_VERSION_libsemanage = "2.2+gitAUTOINC+edc2e99687"
>    PREFERRED_VERSION_libsepol = "2.2+gitAUTOINC+edc2e99687"
>    PREFERRED_VERSION_policycoreutils = "2.2.5+gitAUTOINC+edc2e99687"
>    PREFERRED_VERSION_sepolgen = "1.2.1+gitAUTOINC+edc2e99687"
>
> All builds successfully.
>
> 2) basic verification on target:
> $ runqemu qemux86 core-image-selinux ext3 nographic qemuparams="-m 1024"
>
> qemux86 login: root
> root@qemux86:~# id -Z
> root:sysadm_r:sysadm_t:s0-s15:c0.c1023
>
> root@qemux86:~# sestatus
> SELinux status:                 enabled
> SELinuxfs mount:                /sys/fs/selinux
> SELinux root directory:         /etc/selinux
> Loaded policy name:             mls
> Current mode:                   enforcing
> Mode from config file:          enforcing
> Policy MLS status:              enabled
> Policy deny_unknown status:     allowed
> Max kernel policy version:      28
>
>
> The following changes since commit 2209cb5fc21c1ad5a7471897528ed64170f70219:
>
>    policy: Create compressed_policy distro feature (2013-12-05 09:03:41 -0500)
>
> are available in the git repository at:
>
>    git://git.pokylinux.org/poky-contrib wenzong/selinux-uprev
>    http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/selinux-uprev
>
> Wenzong Fan (10):
>    selinux userspace: uprev packages to release 20131030
>    checkpolicy: migrate SRC_URI to 2.2
>    libselinux: migrate SRC_URI and patches to 2.2
>    libsemanage: migrate SRC_URI to 2.2
>    libsepol: migrate SRC_URI to 2.2
>    policycoreutils: migrate SRC_URI and patches to 2.2.5
>    sepolgen: migrate SRC_URI to 1.2.1
>    libsemanage: add audit dependency
>    policycoreutils: fix QA issues
>    selinux packagegroups: update LIC_FILES_CHKSUM
>
>   recipes-security/audit/audit_2.3.2.bb              |    8 ++++-
>   .../packagegroups/packagegroup-core-selinux.bb     |    2 +-
>   .../packagegroups/packagegroup-selinux-minimal.bb  |    2 +-
>   .../packagegroup-selinux-policycoreutils.bb        |    2 +-
>   recipes-security/selinux/checkpolicy_2.1.12.bb     |    9 ------
>   recipes-security/selinux/checkpolicy_2.2.bb        |    9 ++++++
>   recipes-security/selinux/checkpolicy_git.bb        |    2 +-
>   .../libselinux-fix-init-load-policy.patch          |   27 ----------------
>   .../libselinux/libselinux-pcre-link-order.patch    |   31 ------------------
>   .../{libselinux_2.1.13.bb => libselinux_2.2.bb}    |    8 ++---
>   recipes-security/selinux/libselinux_git.bb         |   10 ++++--
>   recipes-security/selinux/libsemanage.inc           |    2 +-
>   .../libsemanage/libsemanage-fix-path-nologin.patch |    9 +++---
>   .../{libsemanage_2.1.10.bb => libsemanage_2.2.bb}  |    6 ++--
>   recipes-security/selinux/libsemanage_git.bb        |    3 +-
>   recipes-security/selinux/libsepol.inc              |    5 ++-
>   ...ibsepol-Change-ranlib-for-cross-compiling.patch |   31 ------------------
>   recipes-security/selinux/libsepol_2.1.9.bb         |   11 -------
>   recipes-security/selinux/libsepol_2.2.bb           |    9 ++++++
>   recipes-security/selinux/libsepol_git.bb           |    4 +--
>   recipes-security/selinux/policycoreutils.inc       |   12 ++++---
>   ...policycoreutils-fix-sepolicy-install-path.patch |   18 +++++------
>   .../policycoreutils-fix-strict-prototypes.patch    |   34 --------------------
>   .../policycoreutils-make-O_CLOEXEC-optional.patch  |   28 ++++++++--------
>   ...oreutils_2.1.14.bb => policycoreutils_2.2.5.bb} |    9 +++---
>   recipes-security/selinux/policycoreutils_git.bb    |    8 +++--
>   recipes-security/selinux/selinux_20130423.inc      |   12 -------
>   recipes-security/selinux/selinux_20131030.inc      |   12 +++++++
>   recipes-security/selinux/selinux_git.inc           |    4 +--
>   recipes-security/selinux/sepolgen_1.1.9.bb         |    9 ------
>   recipes-security/selinux/sepolgen_1.2.1.bb         |    9 ++++++
>   recipes-security/selinux/sepolgen_git.bb           |    2 +-
>   32 files changed, 117 insertions(+), 230 deletions(-)
>   delete mode 100644 recipes-security/selinux/checkpolicy_2.1.12.bb
>   create mode 100644 recipes-security/selinux/checkpolicy_2.2.bb
>   delete mode 100644 recipes-security/selinux/libselinux/libselinux-fix-init-load-policy.patch
>   delete mode 100644 recipes-security/selinux/libselinux/libselinux-pcre-link-order.patch
>   rename recipes-security/selinux/{libselinux_2.1.13.bb => libselinux_2.2.bb} (58%)
>   rename recipes-security/selinux/{libsemanage_2.1.10.bb => libsemanage_2.2.bb} (70%)
>   delete mode 100644 recipes-security/selinux/libsepol/libsepol-Change-ranlib-for-cross-compiling.patch
>   delete mode 100644 recipes-security/selinux/libsepol_2.1.9.bb
>   create mode 100644 recipes-security/selinux/libsepol_2.2.bb
>   delete mode 100644 recipes-security/selinux/policycoreutils/policycoreutils-fix-strict-prototypes.patch
>   rename recipes-security/selinux/{policycoreutils_2.1.14.bb => policycoreutils_2.2.5.bb} (55%)
>   delete mode 100644 recipes-security/selinux/selinux_20130423.inc
>   create mode 100644 recipes-security/selinux/selinux_20131030.inc
>   delete mode 100644 recipes-security/selinux/sepolgen_1.1.9.bb
>   create mode 100644 recipes-security/selinux/sepolgen_1.2.1.bb
>