Commit Graph

5966 Commits

Author SHA1 Message Date
Tianling Shen
56e17e1fbc
r8168: bump to 8.050.03
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit f3002993d2)
2022-06-18 01:04:20 +08:00
Etan Kissling
516798ace3
nf-conntrack: allow querying conntrack info in nfqueue
This allows libnetfilter_queue to access connection tracking information
by requesting NFQA_CFG_F_CONNTRACK. Connection tracking information is
provided in the NFQA_CT attribute.
CONFIG_NETFILTER_NETLINK_GLUE_CT enables the interaction between
nf_queue and nf_conntrack_netlink. Without this option, trying to access
connection tracking information results in "Operation not supported".

Signed-off-by: Etan Kissling <etan_kissling@apple.com>
[Backport to kernel 4.9, 4.14 and 4.19]
Signed-off-by: AmadeusGhost <amadeus@openjmu.xyz>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-06-15 20:54:23 +08:00
Eneas U de Queiroz
602d81c1da
wolfssl: make WOLFSSL_HAS_OPENVPN default to y
Openvpn forces CONFIG_WOLFSSL_HAS_OPENVPN=y.  When the phase1 bots build
the now non-shared package, openvpn will not be selected, and WolfSSL
will be built without it.  Then phase2 bots have CONFIG_ALL=y, which
will select openvpn and force CONFIG_WOLFSSL_HAS_OPENVPN=y.  This
changes the version hash, causing dependency failures, as shared
packages expect the phase2 hash.

Fixes: #9738

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit d55f12cc79)
2022-06-14 03:16:21 +08:00
Eneas U de Queiroz
2ea2702e5e
wolfssl: enable CPU crypto instructions
This enables AES & SHA CPU instructions for compatible armv8, and x86_64
architectures.  Add this to the hardware acceleration choice, since they
can't be enabled at the same time.

The package was marked non-shared, since the arm CPUs may or may not
have crypto extensions enabled based on licensing; bcm27xx does not
enable them.  There is no run-time detection of this for arm.

NOTE:
Should this be backported to a release branch, it must be done shortly
before a new minor release, because the change to nonshared will remove
libwolfssl from the shared packages, but the nonshared are only built in
a subsequent release!

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 0a2edc2714)
2022-06-14 02:22:39 +08:00
Eneas U de Queiroz
ff489166f0
wolfssl: add benchmark utility
This packages the wolfssl benchmark utility.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 18fd12edb8)
2022-06-14 02:22:18 +08:00
Eneas U de Queiroz
bd0ccd37b9
wolfssl: don't change ABI because of hw crypto
Enabling different hardware crypto acceleration should not change the
library ABI.  Add them to PKG_CONFIG_DEPENDS after the ABI version hash
has been computed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 677774d445)
2022-06-14 02:21:50 +08:00
Tianling Shen
2aa9fdb63f
exfat: Update to 5.19.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit e72122a460)
[Removed upstreamed patch]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-06-11 05:45:12 +08:00
Tianling Shen
ad602514cc
mbedtls: mark as nonshared
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 48383c2847)
2022-06-11 00:26:19 +08:00
Xu Wang
caac023d9a
kernel: crypto: add kmod-crypto-chacha20poly1305
Needed by strongSwan IPsec VPN for strongswan-mod-chapoly. Not to be confused with
kmod-crypto-LIB-chacha20poly1305, which is an 8-byte nonce version used
by wireguard.

Signed-off-by: Xu Wang <xwang1498@gmx.com>
(cherry picked from commit 197b672c40)
2022-06-06 18:02:11 +08:00
Tianling Shen
9b481b6bb6
dnsmasq: enable cache by default
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 3272539aaa)
2022-06-05 20:37:06 +08:00
Dominick Grift
816b83e4ef
selinux-policy: update to version 1.2.3
86ca9c6 devstatus: prints to terminal
95de949 deal with /rom/dev/console label inconsistencies
ab6b6ee uci: hack to deal with potentially mislabeled char files
acf9172 dnsmasq this can't be right
021db5b luci-app-tinyproxy
cf3a9c4 support/secmark: removes duplicate loopback rules
eeb2610 dhcp servers: recv dhcp client packets
d5a5fc3 more support/secmark "fixes"
35d8604 update support secmark
4c155c0 packets these were caused by labeling issues with loopback
fad35a5 nftables reads routing table
f9c5a04 umurmur: kill an mumur instance that does not run as root
10a10c6 mmc stordev make this consistent
ab3ec5b Makefile: sort with LC_ALL=C
b34eaa5 fwenv rules
8c2960f adds rfkill nodedev and some mmc partitions to stordev
5a9ffe9 rcboot runs fwenv with a transition
9954bf6 dnsmasq in case of tcp
ab66468 dnsmasq try this
5bfcb88 dnsmasq stubby not sure why this is happening
863f549 luci not sure why it recv and send server packets
d5cddb0 uhttpd sends sigkill luci cgi
44cc04d stubby: it does not maintain anything in there
db730b4 Adds stubby
ccbcf0e tor simplify network access
a308065 tor basic
a9c0163 znc loose ends
327a9af acme: allow acme_cleanup.sh to restart znc
4015614 basic znc
7ef14a2 support/secmark: clarify some things
3107afe README: todo qrencode
943035a README and secmark doc
4c90937 ttyd: fix that socket leak again
3239adf dnsmasq icmp packets and fix a tty leak issue
b41d38f Makefile: optimize
95d05b1 sandbox dontaudit ttyd leak
0b7d670 rpcd: reads mtu
e754bf1 opkg-lists try this
35fb530 opkg-lists: custom
4328754 opkg try to address mislabeled /tmp/opkg-lists
3e2385c rcnftqos
95eae2d ucode
c86d366 luci diagnostics
e10b443 rpcd packets and wireguard/luci
a25e020 igmpproxt packets
0106f00 luci
dcef79c nftqos related
3c9bc90 related to nft-qos and luci
f8502d4 dnsmasq more related to /usr/lib/dnsmasq/dhcp-script.sh
29a4271 dnsmasq: related to /usr/lib/dnsmasq/dhcp-script.sh
0c5805a some nft-qos
1100b41 adds a label for /tmp/.ujailnoafile
e141a83 initscript: i labeled ujail procd.execfile
a3b0302 Makefile: adds a default target + packets target
6a3f8ef label usign as opkg and label fwtool and sysupgrade
04d1cc7 sysupgrade: i meant don't do the fc spec
763bec0 sysupgrade: dont do /tmp/sysupgrade.img
af2306f adds a failsafe.tmpfile and labels validate_firmware_image
5b15760 fwenv: comment doesnt make sense
370ac3b fwenv: executes shell
67e3fcb fwenv: adds fw_setsys
544d211 adds procd execfile module to label procd related exec files
99d5f13 rclocalconffile: treat /etc/rc.button like /etc/rc.local
4dfd662 label uclient-fetch the same as wget
75d8212 osreleasemiscfile: adds /etc/device_info
0c1f116 adds a rcbuttonconffile for /etc/rc.button (base-files)
ccd23f8 adds a syslog.conffile for /etc/syslog.conf (busybox)
f790600 adds a libattr.conffile for /etc/xattr.conf
fcc028e fwenv: adds fwsys
1255470 xtables: various iptables alternatives
a7c4035 Revert "sqm: runs xtables, so also allow nftables"
0d331c3 sqm: runs xtables, so also allow nftables
f34076b acme: will run nftables in the near future
6217046 allow ssl.read types to read /tmp/etc/ssl/engines.cnf
d0deea3 fixes dns packets
8399efc Revert "sandbox: see if dontauditing this affects things"
73d716a sandbox: see if dontauditing this affects things
b5ee097 sandbox: also allow readinherited dropbear pipes
12ee46b iwinfo traverses /tmp/run/wpa_supplicant
4a4d724 agent.cil: also reads inherited dropbear pipes
d48013f support/secmark: i tightened my dns packet policy
645ad9e dns packets redone
4790b25 dnsnetpacket: fix obj macro template
d9fafff redo dns packets
0a68498 ttyd: leaks a netlink route socket
1d2e6be .gitattributes: remove todo
e1bb954 usbutil: reads bus sysfile symlinks
d275a32 support/secmark: clean it up a little
af5ce12 Makefile: exclude packet types in default make target
3caacdf support/secmark: document tunable/boolean
e3dd3e6 invalidpacketselinuxbool: make it build-time again
54f0ccf odhcpd packet fix
4a864ba contrib/secmark: add a big FAT warning
bead937 contrib/secmark: adds note about secmark support
146ae16 netpacket remove test
2ce9899 dns packets, odhcp6c raw packet, 4123 ntpnts for netnod
070a45f chrony and unbound packets
eba894f rawip socket packets cannot be labeled
656ae0b adds isakmp (500), ipsec-nat-t (4500) and rawip packet types
35325db adds igmp packet type
5cf444c adds icmp packet type
2e41304 sandbox some more packet access for sandbox net
12caad6 packet accesses
b8eb9a8 adds a trunkload of packet types
a42a336 move rules related to invalid netpeers and ipsec associations
a9e40e0 xtables/nftables allow relabelto all packet types
aa5a52c README: adds item to wish list
3a96eec experiment: simple label based packet filtering
26d6f95 nftables reads/writes fw pipes

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit e01b1c22df)
2022-05-31 01:37:28 +08:00
Tianling Shen
5f06907f91
qos-gargoyle: fix missing ldflags
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-05-31 01:31:11 +08:00
Christian Lamparter
c0f630a98f
linux-firmware: take linux-firmware.git's qca99x0 boardfile
Kalle Valo managed to add the qca9980's boardfile in the
upstream repository. Sourcing the file from his repository
is no longer needed.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 4ba7f6d9cb)
2022-05-29 20:19:12 +08:00
Tianling Shen
6ae2a8bbd8
firewall: dos2unix
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit dccc926e32)
2022-05-29 17:55:41 +08:00
Tianling Shen
e717229d7f
rtl88x2bu: fix build on kernel 4.9
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-05-27 16:58:57 +08:00
Tianling Shen
bd501b42e7
rtl8821cu: fix build on kernel 4.9
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-05-27 16:55:46 +08:00
Tianling Shen
d73dca503c
rtl8812au-ac: fix build on kernel 4.9
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-05-27 16:52:00 +08:00
Tianling Shen
afe6cd3254
rtl8192eu: fix build on kernel 4.9
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-05-27 16:44:01 +08:00
Tianling Shen
00cd325b19
rtl8189es: fix build on kernel 4.9
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-05-27 16:39:57 +08:00
Tianling Shen
ce30363cd9
rtl8188eu: fix build on kernel 4.9
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-05-27 16:33:15 +08:00
Tianling Shen
78ed4933c6
mac80211: brcm: fix build for kernel < 4.13
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-05-26 19:16:03 +08:00
Tianling Shen
b3fd8d4f03
util-linux: update to 2.37.4
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-05-26 17:26:47 +08:00
Tianling Shen
0d1dfcb555
Revert "util-linux: update to 2.38"
This breaks build on kernel 4.9

This reverts commit dd7e948e00.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-05-26 17:25:42 +08:00
Tianling Shen
206ad7b6a7
Revert "util-linux: use meson to build"
util-linux 2.37 doesn't support meson yet.

This reverts commit eab60d315f.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-05-26 17:24:32 +08:00
Oskari Rauta
70185ee7b5
util-linux: add lsns
lsns lists system namespaces

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit ef4bf8b403)
2022-05-26 17:24:15 +08:00
Stijn Tintel
42f500ac35
util-linux: package ipcs command
Add a package for util-linux' ipcs command, to show information about
System V inter-process communication facilities.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 2c929f8105)
2022-05-26 17:23:31 +08:00
Roman Azarenko
c1ba87f706
util-linux: add lslocks
This change adds the "lslocks" utility from util-linux.

Signed-off-by: Roman Azarenko <roman.azarenko@iopsys.eu>
(cherry picked from commit 5bd926efa9)
2022-05-26 17:23:19 +08:00
Hauke Mehrtens
31c660335c
util-linux: Add taskset
This adds the taskset application from util Linux.
It is already built, but not packaged yet.

Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
(cherry picked from commit 6ae657e459)
2022-05-26 17:23:00 +08:00
Tiago Gaspar
d6f9dd7fa9
firewall: config: remove restictions on DHCPv6 allow rule
Remove restrictions on source and destination addresses, which aren't
specified on RFC8415, and for some reason in openwrt are configured
to allow both link-local and ULA addresses.
As cleared out in issue #5066 there are some ISPs that use Gloabal
Unicast addresses, so fix this rule to allow them.

Fixes: #5066

Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
[rebase onto firewall3, clarify subject, bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 65258f5d60)
2022-05-26 16:56:44 +08:00
ZiMing Mo
52388e379f
firewall3: fix locking issue
(cherry picked from commit c7a557861a)
2022-05-26 16:55:01 +08:00
Tianling Shen
18300e0e47
firewall4: remove
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-05-23 14:35:34 +08:00
Tianling Shen
015985f0c3
ucode: remove
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-05-23 14:34:49 +08:00
Tianling Shen
f068cecb0b
r8125: bump to 9.009.00
Switched to GitHub codeload.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 5c11bf7327)
2022-05-17 15:51:14 +08:00
Tianling Shen
82059c592b
ath10k-ct: fix select dependency
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-05-17 15:33:43 +08:00
Eneas U de Queiroz
b67326b9bf
wolfssl: bump to v5.3.0-stable
This is mostly a bug fix release, including two that were already
patched here:
- 300-fix-SSL_get_verify_result-regression.patch
- 400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 73c1fe2890)
2022-05-17 15:25:36 +08:00
Eneas U de Queiroz
c1470478fb openssl: bump to 1.1.1o
This release comes with a security fix related to c_rehash.  OpenWrt
does not ship or use it, so it was not affected by the bug.

There is a fix for a possible crash in ERR_load_strings() when
configured with no-err, which OpenWrt does by default.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-05-17 00:18:28 +08:00
Rosen Penev
eab60d315f util-linux: use meson to build
Compiles faster, is PIC by default, and does not have pkgconfig files
with wrong paths.

Add various fixes to it as it seems cross compilation was never tested.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-05-17 00:18:16 +08:00
Rosen Penev
dd7e948e00 util-linux: update to 2.38
Various fixes.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-05-17 00:18:02 +08:00
Christian Lamparter
de12c57c88 linux-firmware: Update to version 20220509
git log --pretty=oneline --abbrev-commit 20220411..20220509 (sorted)

amdgpu:
480d6c2 amdgpu: update dcn_3_1_6_dmcub firmware
b4994be amdgpu: update gc_10_3_7_rlc firmware
61eb408 amdgpu: update psp_13_0_8 firmware
fcf9d8c amdgpu: update yellow carp DMCUB firmware

ath10k:
73743b8 ath10k: QCA4019 hw1.0: update board-2.bin
6ad0930 ath10k: QCA6174 hw3.0: update board-2.bin
729bd7f ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00288-QCARMSWPZ-1
9fce09f ath10k: QCA9888 hw2.0: update board-2.bin
b155d85 ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00156
44b8aee ath10k: QCA9984 hw1.0: update board-2.bin
4ad3bd3 ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00156
1962cba ath10k: QCA99X0 hw2.0: add board-2.bin

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-05-17 00:16:29 +08:00
Tianling Shen
fc96ffcc67
kernel/modules: sound: add Gateworks Avila SoC sound support for ipx4xx
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-05-13 19:53:04 +08:00
Stijn Tintel
1c3e741e29
kernel: add missing symbol to kmod-qlcnic
When the kmod-qlcnic package is built on targets that have
CONFIG_PCI_IOV enabled, the CONFIG_QLCNIC_SRIOV symbol is exposed.
Enable this symbol in the kmod package to fix its build.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 3cb22b277a)
2022-05-13 19:07:01 +08:00
Hauke Mehrtens
788154eb44
kernel: qlcnic: add dependency to kmod-hwmon-core
QLCNIC_HWMON was activated when hwmon was set, but the dependency was
missing. This broke the build bot builds. Fix this by explicitly
activating HWMON support and adding a dependency.

Fixes: f88c64d28c ("kernel: netdev: add qlcnic")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 95b210e513)
2022-05-13 19:06:06 +08:00
Tianling Shen
4bf7a78d8b
kernel/netdevices: i40e: depends on x86
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-05-13 17:58:02 +08:00
Hauke Mehrtens
8c4f8311b1
kernel: Make kmod-usb-net-lan78xx depend on kmod-of-mdio
kmod-usb-net-lan78xx depends on kmod-of-mdio when this package is
activated.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6cab21bd6d)
2022-05-13 17:50:18 +08:00
Christian Lamparter
3aa44f2e96
mvebu: fix build regression due to neon-asm ghash module
This patch fixes the regression caused by adding the NEON
variant of the ghash as the default ghash package package:

> ERROR: module '[...]/arch/arm/crypto/ghash-arm-ce.ko' is missing.
> modules/crypto.mk:286: recipe for target
>  '[...]/kmod-crypto-ghash_4.19.106-1_aarch64_cortex-a53.ipk' failed

This patch limits the scope to the ARM32/cortexa9 target of mvebu.

Fixes: 285df63efc ("kernel: build neon-asm version of ghash module")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 632a7b2997)
2022-05-13 17:46:07 +08:00
Nick Hainke
9753e37e23 libmnl: update to 1.0.5
Changes:

Duncan Roe (5):
      nlmsg: Fix a missing doxygen section trailer
      build: doc: "make" builds & installs a full set of man pages
      build: doc: get rid of the need for manual updating of Makefile
      build: If doxygen is not available, be sure to report "doxygen: no" to ./configure
      src: doc: Fix messed-up Netlink message batch diagram

Fernando Fernandez Mancera (1):
      src: fix doxygen function documentation

Florian Westphal (1):
      libmnl: zero attribute padding

Guillaume Nault (1):
      callback: mark cb_ctl_array 'const' in mnl_cb_run2()

Kylie McClain (1):
      examples: nfct-daemon: Fix test building on musl libc

Laura Garcia Liebana (4):
      examples: add arp cache dump example
      examples: fix neigh max attributes
      examples: fix print line format
      examples: reduce LOCs during neigh attributes validation

Pablo Neira Ayuso (3):
      doxygen: remove EXPORT_SYMBOL from the output
      include: add MNL_SOCKET_DUMP_SIZE definition
      build: libmnl 1.0.5 release

Petr Vorel (1):
      examples: Add rtnl-addr-add.c

Stephen Hemminger (1):
      examples: rtnl-addr-dump: fix typo

igo95862 (1):
      doxygen: Fixed link to the git source tree on the website.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-05-10 14:27:06 +08:00
Nick Hainke
dfe1cb5d4c libnfnetlink: update to 1.0.2
Changes:

c63f193 bump version to 1.0.2
3cffa84 libnfnetlink: Check getsockname() return code
90ba679 include: Silence gcc warning in linux_list.h
bb4f6c8 Make it clear that this library is deprecated
e46569c Minimally resurrect doxygen documentation
5087de4 libnfnetlink: hide private symbols
62ca426 autogen: don't convert __u16 to u_int16_t
efa1d8e src: Use stdint types everywhere
7a1a07c include: Sync with kernel headers
7633f0c libnfnetlink: initialize attribute padding to resolve valgrind warnings
94b68f3 configure: uclinux is also linux
617fe82 src: get source code license header in sync with current licensing terms
97a3960 build: resolve automake-1.12 warnings

Removed the patch 100-missing_include.patch, libnfnetlink compiles fine
with musl without this patch.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-05-10 14:26:52 +08:00
ZiMing Mo
e8f4cf7cff
r8168: bump to 8.050.00
Signed-off-by: ZiMing Mo <msylgj@immortalwrt.org>
(cherry picked from commit 662ff61b56)
2022-05-04 17:26:30 +08:00
Daniel Golle
bdabc092d3
base-files: simplify restorecon logic
Remove forgotten redundant selinuxenabled call and skip the whole
thing in case $IPKG_INSTROOT is set as labels are anyway applied only
later on in fakeroot when squashfs is created.

Fixes: 6d7272852e ("base-files: add missing $IPKG_INSTROOT to restorecon call")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 7b07c3cff5)
2022-05-04 15:55:31 +08:00
Dominick Grift
3d8aaec850
selinux-policy: update to version 1.1
try to clean up some labeling inconsistencies
iwinfo loose ends
ucode loose ends
Makefile: adjust mintesttgt (adds blockmount/blockd)
nftables: reads inherited netifd pipe
ucode: reads inherited netifd pipes
mountroot: fowner
sandbox: writes inherited dropbear pipes
unbound related to /tmp/etc/ssl
unbound loose ends
adds a sslconftmpfile for /tmp/etc/ssl
README: maintain a wish list in the README
iwinfo: netifd forgot write
gptfdisk loose ends
iwinfo: netifd wpad reads/writes inherited netifd fifo files
netifd (mac80211.sh) executes iwinfo
luci: executes wireguard
luci-cgi: audits xtables execute access
rcuhttpd: lists ssl certfile dirs
iwinfo, wifi,nftables usage of ttyd pty if available
urandomseed: seedrng needs cap_sys_admin
iwinfo iwinfo, nftables and some chronyd rules related to ntp nts server
nftables, wifi and adds iwinfo skel
nftables, rpcd, ucode
nftables, ucode and seedrng ucode, fw3/nftables, luci
adds ucode skel and some fw3/nftables related
urandomseed: some seedrng rules
fw3 adds some support for fw4
urandomseed: /etc/seedrng is for seed.credit
hotplugcal: runs ucode which is interpreter like
adds a nftables skeleton and makes xtables optional
agent: allow all agents to write inherited dropbear pipes
urandomseed: this seems to be replaced by seedrng
kmodloader: label /etc/modules.conf kmodloader.conffile
Revert "shelexecfile: remove auditallow rule"
Makefile: sort the modules to process by secilc
Moves back to git.defensec.nl
unbound odhcpd (ip) reads net proc
tcp dump
shelexecfile: remove auditallow rule
rrd.cil: fixes indent
Target rddtool from cgi-io instead of runnit it without transition
rrd.cil related
rrd, rpcd, cgiio clean ups related to luci-app-statistics
Rules for rrd files and luci-statistics
unboundcontrol ordering
Several missing permissions
blockmount, dnsmasq, hotplugcall, rpcd, unbound
adds mctp_socket (linux 5.15)
ip: forgot tc-tiny type transition to go along with the fc spec
ip: adds a fc spec for tc-tiny (called by sqm)
adds ttyACM fc spec and various assorted loose ends
.gitattributes: do not export the github workflows
workflow use selinux 3.3

project moved back to https://git.defensec.nl/selinux-policy.git

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 4379457098)
2022-05-04 15:55:08 +08:00