[Buildroot] [PATCH 00/10] Enable SELinux Support in Existing Packages

[Buildroot] [PATCH 00/10] Enable SELinux Support in Existing Packages

[Ryan Barnett]

This is the second set (of three) of patches to add SELinux support in 
buildroot. This patch set adds support for SELinux to existing packages
in buildroot. This patch set is meant to be a follow-up to Clayton 
Shotwell's submission of "SELinux Buildroot Additions".

In order to be able to test build existing packages with SELinux support, 
Clayton Shotwell's SELinux Buildroot Additions must first be applied.

Ryan Barnett (10):
  sysvinit: add support for SELinux
  sysvinit: install new cmds and fix inittab
  sysvinit: add patch for libcrypt
  util-linux: add suport for SELinux
  linux-pam: add support for SELinux
  openssh: add support for SELinux
  logrotate: add support for SELinux
  coreutils: add support for SELinux
  dbus: add support for SELinux
  busybox: add support for SELinux

 .../busybox/1.21.1/busybox-1.21.1-pkg-config.patch |   13 ++++++++++++
 package/coreutils/coreutils.mk                     |    8 +++++++
 package/dbus/dbus.mk                               |   10 ++++++++-
 ...t_log_acct_message_return_value_check_fix.patch |   16 +++++++++++++++
 ...inux-pam-sepermit-install-path-correction.patch |   11 ++++++++++
 package/linux-pam/linux-pam.mk                     |   14 +++++++++++++
 package/logrotate/logrotate.mk                     |   11 +++++++++-
 package/openssh/openssh.mk                         |   12 +++++++++++
 package/sysvinit/inittab                           |    1 +
 .../sysvinit-0001-libcrypt_check_fix.patch         |   13 ++++++++++++
 .../sysvinit-0002-selinux_flag_addition_fix.patch  |   15 ++++++++++++++
 package/sysvinit/sysvinit.mk                       |   12 ++++++++++-
 ...-linux-002-program-invocation-short-name.patch} |    0
 .../util-linux-003-libmount-libselinux-fix.patch   |   21 ++++++++++++++++++++
 package/util-linux/util-linux.mk                   |   21 ++++++++++++++++++++
 15 files changed, 175 insertions(+), 3 deletions(-)
 create mode 100644 package/busybox/1.21.1/busybox-1.21.1-pkg-config.patch
 create mode 100644 package/linux-pam/linux-pam-audit_log_acct_message_return_value_check_fix.patch
 create mode 100644 package/linux-pam/linux-pam-sepermit-install-path-correction.patch
 create mode 100644 package/sysvinit/sysvinit-0001-libcrypt_check_fix.patch
 create mode 100644 package/sysvinit/sysvinit-0002-selinux_flag_addition_fix.patch
 rename package/util-linux/{util-linux-003-program-invocation-short-name.patch => util-linux-002-program-invocation-short-name.patch} (100%)
 create mode 100644 package/util-linux/util-linux-003-libmount-libselinux-fix.patch

[Buildroot] [PATCH 01/10] sysvinit: add support for SELinux

[Ryan Barnett]

Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
---
 .../sysvinit-0002-selinux_flag_addition_fix.patch  |   15 +++++++++++++++
 package/sysvinit/sysvinit.mk                       |    6 ++++++
 2 files changed, 21 insertions(+), 0 deletions(-)
 create mode 100644 package/sysvinit/sysvinit-0002-selinux_flag_addition_fix.patch

diff --git a/package/sysvinit/sysvinit-0002-selinux_flag_addition_fix.patch b/package/sysvinit/sysvinit-0002-selinux_flag_addition_fix.patch
new file mode 100644
index 0000000..978f59b
--- /dev/null
+++ b/package/sysvinit/sysvinit-0002-selinux_flag_addition_fix.patch
@@ -0,0 +1,15 @@
+--- a/src/Makefile	2013-08-30 16:12:41.272916677 -0500
++++ b/src/Makefile	2013-08-30 16:12:29.082986810 -0500
+@@ -114,10 +114,10 @@
+ bootlogd:	LDLIBS += -lutil
+ bootlogd:	bootlogd.o
+ 
+-sulogin.o:	CPPFLAGS += $(SELINUX_DEF)
++sulogin.o:	CFLAGS += $(SELINUX_DEF)
+ sulogin.o:	sulogin.c 
+ 
+-init.o:		CPPFLAGS += $(SELINUX_DEF)
++init.o:		CFLAGS += $(SELINUX_DEF)
+ init.o:		init.c init.h set.h reboot.h initreq.h
+ 
+ utmp.o:		utmp.c init.h
diff --git a/package/sysvinit/sysvinit.mk b/package/sysvinit/sysvinit.mk
index bf05d73..65cbf17 100644
--- a/package/sysvinit/sysvinit.mk
+++ b/package/sysvinit/sysvinit.mk
@@ -14,6 +14,12 @@ ifeq ($(BR2_PACKAGE_BUSYBOX),y)
 SYSVINIT_DEPENDENCIES = busybox
 endif
 
+# Add SELinux support to sysvinit
+ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
+SYSVINIT_DEPENDENCIES += libselinux
+TARGET_CONFIGURE_OPTS += WITH_SELINUX="yes" ROOT="$(TARGET_DIR)"
+endif
+
 define SYSVINIT_DEBIAN_PATCHES
 	if [ -d $(@D)/debian/patches ]; then \
 		support/scripts/apply-patches.sh $(@D) $(@D)/debian/patches \*.patch; \
-- 
1.7.1

[Buildroot] [PATCH 01/10] sysvinit: add support for SELinux

[Thomas Petazzoni]

Dear Ryan Barnett,

On Thu, 5 Sep 2013 20:04:15 -0500, Ryan Barnett wrote:
> 
> Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
> ---
>  .../sysvinit-0002-selinux_flag_addition_fix.patch  |   15 +++++++++++++++
>  package/sysvinit/sysvinit.mk                       |    6 ++++++
>  2 files changed, 21 insertions(+), 0 deletions(-)
>  create mode 100644 package/sysvinit/sysvinit-0002-selinux_flag_addition_fix.patch
> 
> diff --git a/package/sysvinit/sysvinit-0002-selinux_flag_addition_fix.patch b/package/sysvinit/sysvinit-0002-selinux_flag_addition_fix.patch
> new file mode 100644
> index 0000000..978f59b
> --- /dev/null
> +++ b/package/sysvinit/sysvinit-0002-selinux_flag_addition_fix.patch
> @@ -0,0 +1,15 @@

This patch lacks a description + Signed-off-by line. See
http://buildroot.org/downloads/manual/manual.html#_format_and_licensing_of_the_package_patches.

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH 02/10] sysvinit: install new cmds and fix inittab

[Ryan Barnett]

Adding support for sysvinit to install reboot and poweroff commands
available in /sbin.

There is an error with sysvinit that will prevent the system from booting
if "dshm::sysinit:/bin/mkdir -p /dev/shm" is not present in the inittab.

Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
---
 package/sysvinit/inittab     |    1 +
 package/sysvinit/sysvinit.mk |    4 ++++
 2 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/package/sysvinit/inittab b/package/sysvinit/inittab
index afa0dc3..c85e75a 100644
--- a/package/sysvinit/inittab
+++ b/package/sysvinit/inittab
@@ -7,6 +7,7 @@ id:1:initdefault:
 proc::sysinit:/bin/mount -t proc proc /proc
 rwmo::sysinit:/bin/mount -o remount,rw / # REMOUNT_ROOTFS_RW
 dpts::sysinit:/bin/mkdir -p /dev/pts
+dshm::sysinit:/bin/mkdir -p /dev/shm
 moun::sysinit:/bin/mount -a
 host::sysinit:/bin/hostname -F /etc/hostname
 init::sysinit:/etc/init.d/rcS
diff --git a/package/sysvinit/sysvinit.mk b/package/sysvinit/sysvinit.mk
index 65cbf17..c6b75a0 100644
--- a/package/sysvinit/sysvinit.mk
+++ b/package/sysvinit/sysvinit.mk
@@ -41,12 +41,16 @@ define SYSVINIT_INSTALL_TARGET_CMDS
 	# Override Busybox's inittab with an inittab compatible with
 	# sysvinit
 	install -D -m 0644 package/sysvinit/inittab $(TARGET_DIR)/etc/inittab
+	ln -sf /sbin/halt $(TARGET_DIR)/sbin/reboot
+	ln -sf /sbin/halt $(TARGET_DIR)/sbin/poweroff
 endef
 
 define SYSVINIT_UNINSTALL_TARGET_CMDS
 	for x in halt init shutdown; do \
 		rm -f $(TARGET_DIR)/sbin/$$x || exit 1; \
 	done
+	rm -f $(TARGET_DIR)/sbin/reboot || exit 1
+	rm -f $(TARGET_DIR)/sbin/poweroff || exit 1
 endef
 
 define SYSVINIT_CLEAN_CMDS
-- 
1.7.1

[Buildroot] [PATCH 02/10] sysvinit: install new cmds and fix inittab

[Thomas Petazzoni]

Dear Ryan Barnett,

On Thu, 5 Sep 2013 20:04:16 -0500, Ryan Barnett wrote:

> diff --git a/package/sysvinit/sysvinit.mk b/package/sysvinit/sysvinit.mk
> index 65cbf17..c6b75a0 100644
> --- a/package/sysvinit/sysvinit.mk
> +++ b/package/sysvinit/sysvinit.mk
> @@ -41,12 +41,16 @@ define SYSVINIT_INSTALL_TARGET_CMDS
>  	# Override Busybox's inittab with an inittab compatible with
>  	# sysvinit
>  	install -D -m 0644 package/sysvinit/inittab $(TARGET_DIR)/etc/inittab
> +	ln -sf /sbin/halt $(TARGET_DIR)/sbin/reboot
> +	ln -sf /sbin/halt $(TARGET_DIR)/sbin/poweroff
>  endef
>  
>  define SYSVINIT_UNINSTALL_TARGET_CMDS
>  	for x in halt init shutdown; do \
>  		rm -f $(TARGET_DIR)/sbin/$$x || exit 1; \
>  	done
> +	rm -f $(TARGET_DIR)/sbin/reboot || exit 1
> +	rm -f $(TARGET_DIR)/sbin/poweroff || exit 1

Why aren't you adding these to the previous loop?

(Not a big deal, as we don't care much about uninstall commands, but
still.)

Best regards,

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH 03/10] sysvinit: add patch for libcrypt

[Ryan Barnett]

Adding a patch to sysvinit to correcctly add libcrypt as a build
dependancy of sysvinit.

Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
---
 .../sysvinit-0001-libcrypt_check_fix.patch         |   13 +++++++++++++
 package/sysvinit/sysvinit.mk                       |    2 +-
 2 files changed, 14 insertions(+), 1 deletions(-)
 create mode 100644 package/sysvinit/sysvinit-0001-libcrypt_check_fix.patch

diff --git a/package/sysvinit/sysvinit-0001-libcrypt_check_fix.patch b/package/sysvinit/sysvinit-0001-libcrypt_check_fix.patch
new file mode 100644
index 0000000..f6f54e5
--- /dev/null
+++ b/package/sysvinit/sysvinit-0001-libcrypt_check_fix.patch
@@ -0,0 +1,13 @@
+--- a/src/Makefile	2010-04-11 04:30:27.000000000 -0500
++++ b/src/Makefile	2012-09-05 12:44:45.000000000 -0500
+@@ -78,8 +78,8 @@
+ endif
+ 
+ # Additional libs for GNU libc.
+-ifneq ($(wildcard /usr/lib*/libcrypt.a),)
+-  SULOGINLIBS	+= -lcrypt
++ifneq ($(LCRYPT),)
++  SULOGINLIBS	+= $(LCRYPT)
+ endif
+ 
+ all:		$(BIN) $(SBIN) $(USRBIN)
diff --git a/package/sysvinit/sysvinit.mk b/package/sysvinit/sysvinit.mk
index c6b75a0..7678bce 100644
--- a/package/sysvinit/sysvinit.mk
+++ b/package/sysvinit/sysvinit.mk
@@ -31,7 +31,7 @@ SYSVINIT_POST_PATCH_HOOKS = SYSVINIT_DEBIAN_PATCHES
 define SYSVINIT_BUILD_CMDS
 	# Force sysvinit to link against libcrypt as it otherwise
 	# use an incorrect test to see if it's available
-	$(MAKE) $(TARGET_CONFIGURE_OPTS) SULOGINLIBS="-lcrypt" -C $(@D)/src
+	$(MAKE) $(TARGET_CONFIGURE_OPTS) LCRYPT="-lcrypt" -C $(@D)/src
 endef
 
 define SYSVINIT_INSTALL_TARGET_CMDS
-- 
1.7.1

[Buildroot] [PATCH 03/10] sysvinit: add patch for libcrypt

[Thomas Petazzoni]

Dear Ryan Barnett,

On Thu, 5 Sep 2013 20:04:17 -0500, Ryan Barnett wrote:
> Adding a patch to sysvinit to correcctly add libcrypt as a build
> dependancy of sysvinit.

I believe this commit log should carry a bit more details as to what it
is fixing compared to what commit
f5e3178197ff17b9f4a4c2ecb6d32b72a38a1246 did.



> 
> Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
> ---
>  .../sysvinit-0001-libcrypt_check_fix.patch         |   13 +++++++++++++
>  package/sysvinit/sysvinit.mk                       |    2 +-
>  2 files changed, 14 insertions(+), 1 deletions(-)
>  create mode 100644 package/sysvinit/sysvinit-0001-libcrypt_check_fix.patch
> 
> diff --git a/package/sysvinit/sysvinit-0001-libcrypt_check_fix.patch b/package/sysvinit/sysvinit-0001-libcrypt_check_fix.patch
> new file mode 100644
> index 0000000..f6f54e5
> --- /dev/null
> +++ b/package/sysvinit/sysvinit-0001-libcrypt_check_fix.patch

All patches should have a description + Signed-off-by. See
http://buildroot.org/downloads/manual/manual.html#_format_and_licensing_of_the_package_patches.

> @@ -0,0 +1,13 @@
> +--- a/src/Makefile	2010-04-11 04:30:27.000000000 -0500
> ++++ b/src/Makefile	2012-09-05 12:44:45.000000000 -0500
> +@@ -78,8 +78,8 @@
> + endif
> + 
> + # Additional libs for GNU libc.
> +-ifneq ($(wildcard /usr/lib*/libcrypt.a),)
> +-  SULOGINLIBS	+= -lcrypt
> ++ifneq ($(LCRYPT),)
> ++  SULOGINLIBS	+= $(LCRYPT)
> + endif
> + 
> + all:		$(BIN) $(SBIN) $(USRBIN)
> diff --git a/package/sysvinit/sysvinit.mk b/package/sysvinit/sysvinit.mk
> index c6b75a0..7678bce 100644
> --- a/package/sysvinit/sysvinit.mk
> +++ b/package/sysvinit/sysvinit.mk
> @@ -31,7 +31,7 @@ SYSVINIT_POST_PATCH_HOOKS = SYSVINIT_DEBIAN_PATCHES
>  define SYSVINIT_BUILD_CMDS
>  	# Force sysvinit to link against libcrypt as it otherwise
>  	# use an incorrect test to see if it's available
> -	$(MAKE) $(TARGET_CONFIGURE_OPTS) SULOGINLIBS="-lcrypt" -C $(@D)/src
> +	$(MAKE) $(TARGET_CONFIGURE_OPTS) LCRYPT="-lcrypt" -C $(@D)/src
>  endef
>  
>  define SYSVINIT_INSTALL_TARGET_CMDS

Thanks,

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH 04/10] util-linux: add suport for SELinux

[Ryan Barnett]

Added patch to fix the LDFLAGS for libmount to support SELinux.

Cleaning up the naming of the util-linux patches.

Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
---
 ...-linux-002-program-invocation-short-name.patch} |    0
 .../util-linux-003-libmount-libselinux-fix.patch   |   21 ++++++++++++++++++++
 package/util-linux/util-linux.mk                   |   21 ++++++++++++++++++++
 3 files changed, 42 insertions(+), 0 deletions(-)
 rename package/util-linux/{util-linux-003-program-invocation-short-name.patch => util-linux-002-program-invocation-short-name.patch} (100%)
 create mode 100644 package/util-linux/util-linux-003-libmount-libselinux-fix.patch

diff --git a/package/util-linux/util-linux-003-program-invocation-short-name.patch b/package/util-linux/util-linux-002-program-invocation-short-name.patch
similarity index 100%
rename from package/util-linux/util-linux-003-program-invocation-short-name.patch
rename to package/util-linux/util-linux-002-program-invocation-short-name.patch
diff --git a/package/util-linux/util-linux-003-libmount-libselinux-fix.patch b/package/util-linux/util-linux-003-libmount-libselinux-fix.patch
new file mode 100644
index 0000000..2c925bf
--- /dev/null
+++ b/package/util-linux/util-linux-003-libmount-libselinux-fix.patch
@@ -0,0 +1,21 @@
+diff -urN a/libmount/src/Makemodule.am b/libmount/src/Makemodule.am
+--- a/libmount/src/Makemodule.am	2012-10-15 05:09:42.390129040 -0500
++++ b/libmount/src/Makemodule.am	2013-07-12 09:25:11.000000000 -0500
+@@ -30,7 +30,7 @@
+ 
+ nodist_libmount_la_SOURCES = libmount/src/mountP.h
+ 
+-libmount_la_LIBADD = libcommon.la libblkid.la $(SELINUX_LIBS)
++libmount_la_LIBADD = libcommon.la libblkid.la
+ 
+ libmount_la_CFLAGS = \
+ 	-I$(ul_libblkid_incdir) \
+@@ -44,7 +44,7 @@
+ 
+ libmount_la_LDFLAGS = \
+ 	-Wl,--version-script=$(top_srcdir)/libmount/src/libmount.sym \
+-	-version-info $(LIBMOUNT_VERSION_INFO)
++	-version-info $(LIBMOUNT_VERSION_INFO) $(SELINUX_LIBS)
+ 
+ EXTRA_DIST += \
+ 	libmount/src/libmount.sym \
diff --git a/package/util-linux/util-linux.mk b/package/util-linux/util-linux.mk
index 6f79e74..b1ff992 100644
--- a/package/util-linux/util-linux.mk
+++ b/package/util-linux/util-linux.mk
@@ -40,6 +40,27 @@ UTIL_LINUX_DEPENDENCIES += gettext
 UTIL_LINUX_MAKE_OPT += LIBS=-lintl
 endif
 
+ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
+UTIL_LINUX_DEPENDENCIES += libselinux
+UTIL_LINUX_CONF_OPT += --with-selinux
+else
+UTIL_LINUX_CONF_OPT += --without-selinux
+endif
+
+ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
+UTIL_LINUX_DEPENDENCIES += linux-pam
+UTIL_LINUX_CONF_OPT += --with-pam
+else
+UTIL_LINUX_CONF_OPT += --without-pam
+endif
+
+ifeq ($(BR2_PACKAGE_AUDIT),y)
+UTIL_LINUX_DEPENDENCIES += audit
+UTIL_LINUX_CONF_OPT += --with-audit
+else
+UTIL_LINUX_CONF_OPT += --without-audit
+endif
+
 # Used by cramfs utils
 UTIL_LINUX_DEPENDENCIES += $(if $(BR2_PACKAGE_ZLIB),zlib)
 
-- 
1.7.1

[Buildroot] [PATCH 04/10] util-linux: add suport for SELinux

[Thomas Petazzoni]

Dear Ryan Barnett,

On Thu, 5 Sep 2013 20:04:18 -0500, Ryan Barnett wrote:
> Added patch to fix the LDFLAGS for libmount to support SELinux.
> 
> Cleaning up the naming of the util-linux patches.
> 
> Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
> ---
>  ...-linux-002-program-invocation-short-name.patch} |    0
>  .../util-linux-003-libmount-libselinux-fix.patch   |   21 ++++++++++++++++++++
>  package/util-linux/util-linux.mk                   |   21 ++++++++++++++++++++
>  3 files changed, 42 insertions(+), 0 deletions(-)
>  rename package/util-linux/{util-linux-003-program-invocation-short-name.patch => util-linux-002-program-invocation-short-name.patch} (100%)
>  create mode 100644 package/util-linux/util-linux-003-libmount-libselinux-fix.patch
> 
> diff --git a/package/util-linux/util-linux-003-program-invocation-short-name.patch b/package/util-linux/util-linux-002-program-invocation-short-name.patch
> similarity index 100%
> rename from package/util-linux/util-linux-003-program-invocation-short-name.patch
> rename to package/util-linux/util-linux-002-program-invocation-short-name.patch
> diff --git a/package/util-linux/util-linux-003-libmount-libselinux-fix.patch b/package/util-linux/util-linux-003-libmount-libselinux-fix.patch
> new file mode 100644
> index 0000000..2c925bf
> --- /dev/null
> +++ b/package/util-linux/util-linux-003-libmount-libselinux-fix.patch
> @@ -0,0 +1,21 @@

Description of the patch + Signed-off-by, see
http://buildroot.org/downloads/manual/manual.html#_format_and_licensing_of_the_package_patches.

Also, it would be nice if you could submit those patches upstream, so
that hopefully in a later release of util-linux, they are integrated
and we can get rid of them at the Buildroot level.

Thanks!

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH 05/10] linux-pam: add support for SELinux

[Ryan Barnett]

Added patches to fix issues with linux-pam's audit support and to
correctly install pam_sepermit.

Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
---
 ...t_log_acct_message_return_value_check_fix.patch |   16 ++++++++++++++++
 ...inux-pam-sepermit-install-path-correction.patch |   11 +++++++++++
 package/linux-pam/linux-pam.mk                     |   14 ++++++++++++++
 3 files changed, 41 insertions(+), 0 deletions(-)
 create mode 100644 package/linux-pam/linux-pam-audit_log_acct_message_return_value_check_fix.patch
 create mode 100644 package/linux-pam/linux-pam-sepermit-install-path-correction.patch

diff --git a/package/linux-pam/linux-pam-audit_log_acct_message_return_value_check_fix.patch b/package/linux-pam/linux-pam-audit_log_acct_message_return_value_check_fix.patch
new file mode 100644
index 0000000..d819f08
--- /dev/null
+++ b/package/linux-pam/linux-pam-audit_log_acct_message_return_value_check_fix.patch
@@ -0,0 +1,16 @@
+--- a/libpam/pam_audit.c	2011-06-21 04:04:56.000000000 -0500
++++ b/libpam/pam_audit.c	2012-09-12 08:55:26.000000000 -0500
+@@ -41,11 +41,11 @@
+      an official errno number, but must not. It can also be a audit
+      internal error code. Which makes errno useless :-((. Try the
+      best to fix it. */
+-  errno = -rc;
++  errno = rc;
+ 
+   pamh->audit_state |= PAMAUDIT_LOGGED;
+ 
+-  if (rc < 0) {
++  if (rc <= 0) {
+       if (rc == -EPERM && getuid() != 0)
+           return 0;
+       if (errno != old_errno) {
diff --git a/package/linux-pam/linux-pam-sepermit-install-path-correction.patch b/package/linux-pam/linux-pam-sepermit-install-path-correction.patch
new file mode 100644
index 0000000..23b6ff8
--- /dev/null
+++ b/package/linux-pam/linux-pam-sepermit-install-path-correction.patch
@@ -0,0 +1,11 @@
+--- a/modules/pam_sepermit/Makefile.am	2012-08-15 06:08:43.000000000 -0500
++++ b/modules/pam_sepermit/Makefile.am	2013-08-22 15:53:22.792515096 -0500
+@@ -35,7 +35,7 @@
+   securelib_LTLIBRARIES = pam_sepermit.la
+ 
+ install-data-local:
+-	mkdir -p $(sepermitlockdir)
++	mkdir -p $(DESTDIR)/$(sepermitlockdir)
+ endif
+ if ENABLE_REGENERATE_MAN
+ noinst_DATA = README pam_sepermit.8 sepermit.conf.5
diff --git a/package/linux-pam/linux-pam.mk b/package/linux-pam/linux-pam.mk
index 4472cd4..022031b 100644
--- a/package/linux-pam/linux-pam.mk
+++ b/package/linux-pam/linux-pam.mk
@@ -26,4 +26,18 @@ ifeq ($(BR2_NEEDS_GETTEXT_IF_LOCALE),y)
 	LINUX_PAM_MAKE_OPT += LIBS=-lintl
 endif
 
+ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
+	PAM_CONF_OPT += --enable-selinux
+	PAM_DEPENDENCIES += libselinux
+else
+	PAM_CONF_OPT += --disable-selinux
+endif
+
+ifeq ($(BR2_PACKAGE_AUDIT),y)
+	PAM_DEPENDENCIES += audit
+	PAM_CONF_OPT += --enable-audit
+else
+	PAM_CONF_OPT += --disable-audit
+endif
+
 $(eval $(autotools-package))
-- 
1.7.1

[Buildroot] [PATCH 05/10] linux-pam: add support for SELinux

[Thomas Petazzoni]

Dear Ryan Barnett,

On Thu, 5 Sep 2013 20:04:19 -0500, Ryan Barnett wrote:
> Added patches to fix issues with linux-pam's audit support and to
> correctly install pam_sepermit.
> 
> Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
> ---
>  ...t_log_acct_message_return_value_check_fix.patch |   16 ++++++++++++++++
>  ...inux-pam-sepermit-install-path-correction.patch |   11 +++++++++++

Same comment about patches: add a description + Signed-off-by, see
http://buildroot.org/downloads/manual/manual.html#_format_and_licensing_of_the_package_patches.

What about the upstream status of those patches?

Thanks!

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH 06/10] openssh: add support for SELinux

[Ryan Barnett]

Adding configuration options for SELinux along with install
configuration of Linux-PAM for SSHd when the linux-pam packages is
selected

Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
---
 package/openssh/openssh.mk |   12 ++++++++++++
 1 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk
index 4a5b125..6324ef8 100644
--- a/package/openssh/openssh.mk
+++ b/package/openssh/openssh.mk
@@ -12,9 +12,21 @@ OPENSSH_CONF_OPT = --disable-lastlog --disable-utmp \
 
 OPENSSH_DEPENDENCIES = zlib openssl
 
+define OPENSSH_INSTALL_PAM_CONF
+	$(INSTALL) -D -m 644 $(@D)/contrib/sshd.pam.generic $(TARGET_DIR)/etc/pam.d/sshd
+	sed -i '/password   required     \/lib\/security\/pam_cracklib.so/d' $(TARGET_DIR)/etc/pam.d/sshd
+	sed -i -e 's/\#UsePAM no/UsePAM yes/' $(TARGET_DIR)/etc/sshd_config
+endef
+
 ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
 OPENSSH_DEPENDENCIES += linux-pam
 OPENSSH_CONF_OPT += --with-pam
+OPENSSH_POST_INSTALL_TARGET_HOOKS += OPENSSH_INSTALL_PAM_CONF
+endif
+
+ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
+OPENSSH_DEPENDENCIES += libselinux
+OPENSSH_CONF_OPT += --with-selinux
 endif
 
 define OPENSSH_INSTALL_INITSCRIPT
-- 
1.7.1

[Buildroot] [PATCH 06/10] openssh: add support for SELinux

[Thomas Petazzoni]

Dear Ryan Barnett,

On Thu, 5 Sep 2013 20:04:20 -0500, Ryan Barnett wrote:
> Adding configuration options for SELinux along with install
> configuration of Linux-PAM for SSHd when the linux-pam packages is
> selected
> 
> Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
> ---
>  package/openssh/openssh.mk |   12 ++++++++++++
>  1 files changed, 12 insertions(+), 0 deletions(-)
> 
> diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk
> index 4a5b125..6324ef8 100644
> --- a/package/openssh/openssh.mk
> +++ b/package/openssh/openssh.mk
> @@ -12,9 +12,21 @@ OPENSSH_CONF_OPT = --disable-lastlog --disable-utmp \
>  
>  OPENSSH_DEPENDENCIES = zlib openssl
>  
> +define OPENSSH_INSTALL_PAM_CONF
> +	$(INSTALL) -D -m 644 $(@D)/contrib/sshd.pam.generic $(TARGET_DIR)/etc/pam.d/sshd
> +	sed -i '/password   required     \/lib\/security\/pam_cracklib.so/d' $(TARGET_DIR)/etc/pam.d/sshd

What about using a different separator than / in order to avoid having
to escape it? I.e:

	'%password   required  /lib/security/pam_cracklib.so%d'

> +	sed -i -e 's/\#UsePAM no/UsePAM yes/' $(TARGET_DIR)/etc/sshd_config

Also, use $(SED) instead of sed -i -e.

Finally, while the first and third commands purpose is obvious, the
purpose of the second command is less obvious. Adding a comment about
OPENSSH_INSTALL_PAM_CONF would be great.

Thanks!

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH 07/10] logrotate: add support for SELinux

[Ryan Barnett]

Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
---
 package/logrotate/logrotate.mk |   11 ++++++++++-
 1 files changed, 10 insertions(+), 1 deletions(-)

diff --git a/package/logrotate/logrotate.mk b/package/logrotate/logrotate.mk
index f5ef0b9..6db81d1 100644
--- a/package/logrotate/logrotate.mk
+++ b/package/logrotate/logrotate.mk
@@ -12,8 +12,17 @@ LOGROTATE_LICENSE_FILES = COPYING
 
 LOGROTATE_DEPENDENCIES = popt
 
+LOGROTATE_CFLAGS = $(TARGET_CFLAGS)
+LOGROTATE_LDFLAGS = $(TARGET_LDFLAGS)
+
+ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
+	LOGROTATE_DEPENDENCIES += libselinux
+	LOGROTATE_CFLAGS += -DWITH_SELINUX=yes
+	LOGROTATE_LDFLAGS += -lselinux
+endif
+
 define LOGROTATE_BUILD_CMDS
-	$(MAKE) CC="$(TARGET_CC) $(TARGET_CFLAGS)" LDFLAGS="$(LDFLAGS)" -C $(@D)
+	$(MAKE) CC="$(TARGET_CC) $(LOGROTATE_CFLAGS)" LDFLAGS="$(LOGROTATE_LDFLAGS)" -C $(@D)
 endef
 
 define LOGROTATE_INSTALL_TARGET_CMDS
-- 
1.7.1

[Buildroot] [PATCH 07/10] logrotate: add support for SELinux

[Thomas Petazzoni]

Dear Ryan Barnett,

On Thu, 5 Sep 2013 20:04:21 -0500, Ryan Barnett wrote:
> 
> Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
> ---
>  package/logrotate/logrotate.mk |   11 ++++++++++-
>  1 files changed, 10 insertions(+), 1 deletions(-)

Looks good.

Reviewed-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH 08/10] coreutils: add support for SELinux

[Ryan Barnett]

Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
---
 package/coreutils/coreutils.mk |    8 ++++++++
 1 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/package/coreutils/coreutils.mk b/package/coreutils/coreutils.mk
index 17c81f7..9c18d85 100644
--- a/package/coreutils/coreutils.mk
+++ b/package/coreutils/coreutils.mk
@@ -16,6 +16,13 @@ ifeq ($(BR2_PACKAGE_BUSYBOX),y)
 COREUTILS_DEPENDENCIES = busybox
 endif
 
+ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
+COREUTILS_DEPENDENCIES += libselinux
+COREUTILS_CONF_OPT += --with-selinux
+else
+COREUTILS_CONF_OPT += --without-selinux
+endif
+
 COREUTILS_BIN_PROGS = cat chgrp chmod chown cp date dd df dir echo false hostname \
 	ln ls mkdir mknod mv pwd rm rmdir vdir sleep stty sync touch true \
 	uname join
@@ -59,6 +66,7 @@ COREUTILS_CONF_OPT = --disable-rpath \
 		--disable-dependency-tracking \
 		--enable-install-program=hostname
 
+
 define COREUTILS_TOUCH_UNAME_C
 	# ensure uname.c file's timestamp does not change,
 	# so help2man does not run
-- 
1.7.1

[Buildroot] [PATCH 08/10] coreutils: add support for SELinux

[Thomas Petazzoni]

Dear Ryan Barnett,

On Thu, 5 Sep 2013 20:04:22 -0500, Ryan Barnett wrote:
> 
> Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
> ---
>  package/coreutils/coreutils.mk |    8 ++++++++
>  1 files changed, 8 insertions(+), 0 deletions(-)
> 
> diff --git a/package/coreutils/coreutils.mk b/package/coreutils/coreutils.mk
> index 17c81f7..9c18d85 100644
> --- a/package/coreutils/coreutils.mk
> +++ b/package/coreutils/coreutils.mk
> @@ -16,6 +16,13 @@ ifeq ($(BR2_PACKAGE_BUSYBOX),y)
>  COREUTILS_DEPENDENCIES = busybox
>  endif
>  
> +ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
> +COREUTILS_DEPENDENCIES += libselinux
> +COREUTILS_CONF_OPT += --with-selinux
> +else
> +COREUTILS_CONF_OPT += --without-selinux
> +endif
> +
>  COREUTILS_BIN_PROGS = cat chgrp chmod chown cp date dd df dir echo false hostname \
>  	ln ls mkdir mknod mv pwd rm rmdir vdir sleep stty sync touch true \
>  	uname join
> @@ -59,6 +66,7 @@ COREUTILS_CONF_OPT = --disable-rpath \
>  		--disable-dependency-tracking \
>  		--enable-install-program=hostname
>  
> +

Nitpick: unneeded change.

Other than that, looks good.

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH 09/10] dbus: add support for SELinux

[Ryan Barnett]

Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
---
 package/dbus/dbus.mk |   10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/package/dbus/dbus.mk b/package/dbus/dbus.mk
index d50f630..228b98e 100644
--- a/package/dbus/dbus.mk
+++ b/package/dbus/dbus.mk
@@ -21,7 +21,6 @@ DBUS_CONF_OPT = --with-dbus-user=dbus \
 		--disable-tests \
 		--disable-asserts \
 		--enable-abstract-sockets \
-		--disable-selinux \
 		--disable-xml-docs \
 		--disable-doxygen-docs \
 		--disable-static \
@@ -54,6 +53,15 @@ ifeq ($(BR2_PACKAGE_SYSTEMD),y)
 DBUS_CONF_OPT += --with-systemdsystemunitdir=/lib/systemd/system
 endif
 
+# SELinux support relies on audit support so enable both 
+# of them if libselinux has been selected.
+ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
+DBUS_CONF_OPT += --enable-selinux --enable-libaudit
+DBUS_DEPENDENCIES += libselinux audit
+else
+DBUS_CONF_OPT += --disable-selinux --disable-libaudit
+endif
+
 # fix rebuild (dbus makefile errors out if /var/lib/dbus is a symlink)
 define DBUS_REMOVE_VAR_LIB_DBUS
 	rm -rf $(TARGET_DIR)/var/lib/dbus
-- 
1.7.1

[Buildroot] [PATCH 09/10] dbus: add support for SELinux

[Thomas Petazzoni]

Dear Ryan Barnett,

On Thu, 5 Sep 2013 20:04:23 -0500, Ryan Barnett wrote:

> +# SELinux support relies on audit support so enable both 
> +# of them if libselinux has been selected.
> +ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
> +DBUS_CONF_OPT += --enable-selinux --enable-libaudit
> +DBUS_DEPENDENCIES += libselinux audit

This doesn't look good: it's not because libselinux is enabled in the
configuration that audit is also enabled.

So your options are:

 * Only enable SELinux support in DBus when both libselinux and audit
   are enabled:

ifeq ($(BR2_PACKAGE_LIBSELINUX)$(BR2_PACKAGE_AUDIT),y)
DBUS_CONF_OPT += --enable-selinux --enable-libaudit
DBUS_DEPENDENCIES += libselinux audit
else
...

   This is the easiest, but it kind of "diverges" from the other
   packages, where enabling the 'libselinux' package was sufficient to
   get SELinux support.

 * Ensure audit is selected when libselinux is available. This could be
   done by adding the following line to dbus/Config.in:

select BR2_PACKAGE_AUDIT if BR2_PACKAGE_LIBSELINUX

   if you add this, then you can keep your dbus.mk change as it is,
   since having BR2_PACKAGE_LIBSELINUX enabled guarantees us that
   BR2_PACKAGE_AUDIT is also enabled.

Best regards,

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH 10/10] busybox: add support for SELinux

[Ryan Barnett]

Adding support to build libselinux before busybox if libselinux is selected.
Busybox needs the headers to compile correctly if SELinux support is enabled
in the busybox configuration.

Adding patch to fix issue with busybox not properly pulling in libraries.

Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
---
 .../busybox/1.21.1/busybox-1.21.1-pkg-config.patch |   13 +++++++++++++
 package/busybox/busybox.mk                         |    6 ++++++
 2 files changed, 19 insertions(+), 0 deletions(-)
 create mode 100644 package/busybox/1.21.1/busybox-1.21.1-pkg-config.patch

diff --git a/package/busybox/1.21.1/busybox-1.21.1-pkg-config.patch b/package/busybox/1.21.1/busybox-1.21.1-pkg-config.patch
new file mode 100644
index 0000000..79b8681
--- /dev/null
+++ b/package/busybox/1.21.1/busybox-1.21.1-pkg-config.patch
@@ -0,0 +1,13 @@
+# Need to have the pkg-config only spit out the libs and not the lib path
+# also when checking for the SELinux libraries.
+--- a/Makefile.flags	2013-05-11 18:30:43.000000000 -0500
++++ b/Makefile.flags	2013-08-27 09:40:05.082917005 -0500
+@@ -81,7 +81,7 @@
+ # Usage: $(eval $(call pkg_check_modules,VARIABLE-PREFIX,MODULES))
+ define pkg_check_modules
+ $(1)_CFLAGS := $(shell $(PKG_CONFIG) $(PKG_CONFIG_FLAGS) --cflags $(2))
+-$(1)_LIBS := $(shell $(PKG_CONFIG) $(PKG_CONFIG_FLAGS) --libs $(2))
++$(1)_LIBS := $(shell $(PKG_CONFIG) $(PKG_CONFIG_FLAGS) --libs-only-l $(2))
+ endef
+ 
+ ifeq ($(CONFIG_BUILD_LIBBUSYBOX),y)
diff --git a/package/busybox/busybox.mk b/package/busybox/busybox.mk
index ad8bdaf..fd24ffd 100644
--- a/package/busybox/busybox.mk
+++ b/package/busybox/busybox.mk
@@ -31,6 +31,12 @@ BUSYBOX_CFLAGS += -I$(STAGING_DIR)/usr/include/tirpc/
 BUSYBOX_CFLAGS_busybox += -ltirpc
 endif
 
+# For SELinux, enable the SELinux flag CONFIG_SELINUX
+# in the busybox config
+ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
+BUSYBOX_DEPENDENCIES += libselinux
+endif
+
 BUSYBOX_BUILD_CONFIG = $(BUSYBOX_DIR)/.config
 # Allows the build system to tweak CFLAGS
 BUSYBOX_MAKE_ENV = \
-- 
1.7.1

[Buildroot] [PATCH 10/10] busybox: add support for SELinux

[Thomas Petazzoni]

Dear Ryan Barnett,

On Thu, 5 Sep 2013 20:04:24 -0500, Ryan Barnett wrote:

> diff --git a/package/busybox/1.21.1/busybox-1.21.1-pkg-config.patch b/package/busybox/1.21.1/busybox-1.21.1-pkg-config.patch
> new file mode 100644
> index 0000000..79b8681
> --- /dev/null
> +++ b/package/busybox/1.21.1/busybox-1.21.1-pkg-config.patch
> @@ -0,0 +1,13 @@
> +# Need to have the pkg-config only spit out the libs and not the lib path
> +# also when checking for the SELinux libraries.

Please follow the style at
http://buildroot.org/downloads/manual/manual.html#_format_and_licensing_of_the_package_patches
to format a patch description and Signed-off-by.

However, it is unclear to me why this change is needed. Which library
paths returned by pkg-config are causing problems?

Also, host-pkgconf is not part of the Busybox dependencies, so it looks
wrong for Busybox to use it without declaring it as a dependency. That
said, for the normal Busybox build, I don't think we want Busybox to
depend on host-pkgconf. After reading the Busybox source code, it is
apparently only used when SELinux support is requested, so just add
host-pkgconf to the busybox dependencies when SELinux support is
enabled.

> +# For SELinux, enable the SELinux flag CONFIG_SELINUX
> +# in the busybox config
> +ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
> +BUSYBOX_DEPENDENCIES += libselinux

i.e here.

> +endif

Also, shouldn't you be enabling SELinux support in Busybox here, i.e
setting CONFIG_SELINUX=y in the Busybox configuration? See the usage of
the KCONFIG_ENABLE_OPT and KCONFIG_DISABLE_OPT in busybox.mk.

Thanks,

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH 00/10] Enable SELinux Support in Existing Packages

[Thomas Petazzoni]

Dear Ryan Barnett,

On Thu, 5 Sep 2013 20:04:14 -0500, Ryan Barnett wrote:
> This is the second set (of three) of patches to add SELinux support in 
> buildroot. This patch set adds support for SELinux to existing packages
> in buildroot. This patch set is meant to be a follow-up to Clayton 
> Shotwell's submission of "SELinux Buildroot Additions".
> 
> In order to be able to test build existing packages with SELinux support, 
> Clayton Shotwell's SELinux Buildroot Additions must first be applied.

Thanks for those patches. I have some specific comments on some of
them, but I wanted to say that generally speaking, they look good. So
as soon as the previous patch series (which is a little bit more
complicated) gets merged, we will be able to merge those ones easily.

Thanks!

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH 00/10] Enable SELinux Support in Existing Packages

[rjbarnet at rockwellcollins.com]

Thomas Petazzoni <thomas.petazzoni@free-electrons.com> wrote on 09/08/2013 
11:26:41 AM:
 
> Dear Ryan Barnett,
> 
> On Thu, 5 Sep 2013 20:04:14 -0500, Ryan Barnett wrote:
> > This is the second set (of three) of patches to add SELinux support in 

> > buildroot. This patch set adds support for SELinux to existing 
packages
> > in buildroot. This patch set is meant to be a follow-up to Clayton 
> > Shotwell's submission of "SELinux Buildroot Additions".
> > 
> > In order to be able to test build existing packages with SELinux 
support, 
> > Clayton Shotwell's SELinux Buildroot Additions must first be applied.
> 
> Thanks for those patches. I have some specific comments on some of
> them, but I wanted to say that generally speaking, they look good. So
> as soon as the previous patch series (which is a little bit more
> complicated) gets merged, we will be able to merge those ones easily.

I'll fix the patches with your suggestions, however I'll wait to resubmit 
a "v2" of these patch when the first set of SE Linux patches get accepting
into mainline.

Thanks,
-Ryan



Ryan J Barnett / Software Engineer / Platform SW 
MS 137-157, 855 35th St NE, Cedar Rapids, IA, 52498-3161, US
Phone: 319-263-3880 / VPN: 263-3880 
rjbarnet at rockwellcollins.com
www.rockwellcollins.com 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20130909/f4f1e794/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 2004 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20130909/f4f1e794/attachment.gif>

[Buildroot] [PATCH 00/10] Enable SELinux Support in Existing Packages

[Thomas De Schampheleire]

Hi Ryan,


On Mon, Sep 9, 2013 at 3:40 PM, <rjbarnet@rockwellcollins.com> wrote:
>
> Thomas Petazzoni <thomas.petazzoni@free-electrons.com> wrote on 09/08/2013 11:26:41 AM:
>
>
> > Dear Ryan Barnett,
> >
> > On Thu, 5 Sep 2013 20:04:14 -0500, Ryan Barnett wrote:
> > > This is the second set (of three) of patches to add SELinux support in
> > > buildroot. This patch set adds support for SELinux to existing packages
> > > in buildroot. This patch set is meant to be a follow-up to Clayton
> > > Shotwell's submission of "SELinux Buildroot Additions".
> > >
> > > In order to be able to test build existing packages with SELinux support,
> > > Clayton Shotwell's SELinux Buildroot Additions must first be applied.
> >
> > Thanks for those patches. I have some specific comments on some of
> > them, but I wanted to say that generally speaking, they look good. So
> > as soon as the previous patch series (which is a little bit more
> > complicated) gets merged, we will be able to merge those ones easily.
>
> I'll fix the patches with your suggestions, however I'll wait to resubmit
> a "v2" of these patch when the first set of SE Linux patches get accepting
> into mainline.
>


Not specifically related to this thread, but: would it be possible for
you to send your mails to the list in plain text mode, rather than
html?

Thanks,
Thomas

[Buildroot] [PATCH 00/10] Enable SELinux Support in Existing Packages

[Ryan Barnett]

Thomas De Schampheleire,

Thomas De Schampheleire <patrickdepinguin@gmail.com> wrote on 09/11/2013 
06:48:12 AM:

> 
> Not specifically related to this thread, but: would it be possible for
> you to send your mails to the list in plain text mode, rather than
> html?

I'm currently trying to work our IT department on it but I'm stuck 
using Lotus Notes in which they have restricted access some settings for
my replies in which even if I try to do plain-text email they still it 
still
gets sent as MIME format since the setting to change this are locked down.

Thanks,
-Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20130911/bd40c677/attachment.html>