Upgrade buildroot to 2023.05 (from 2021.08.2), kernel is upgraded to 6.3 (from 5.13.19).

package/selinux-python/0001-python-sepolgen-fix-ausearch-path.patch

@@ -0,0 +1,63 @@
+From 8610efc1610a4e9d4cbfa19ed4a519a6425aee70 Mon Sep 17 00:00:00 2001
+From: "Yann E. MORIN" <yann.morin.1998@free.fr>
+Date: Tue, 9 May 2023 22:28:36 +0200
+Subject: [PATCH] python?sepolgen: fix ausearch path
+
+ausearch is not always isntalled in /sbin; some systems install it in
+/usr/sbin, or it can also be locally installed in /usr/local/sbin.
+
+The python doc [0] suggests using shutil.which() to find the path where
+a command is. which() returns None if the command is not found. If
+ausearch is not found, that would result in an exception being raised by
+Popen():
+    TypeError: expected str, bytes or os.PathLike object, not NoneType
+
+This is not very informative of what actually failed...
+
+However, the doc suggests so for portability. In our case, the python
+tools are only ever going to run on a Linux host (by their virtue of
+dealing with SELinux), so the search will be reliably done by looking in
+PATH, so we can let Popen() bubble the resolving of an unqualified
+command, down to execvpe() (or the similar actual syscall of the exec*()
+familly). If ausearch is then not found, Popen() raises an exception
+that is wy more informative then:
+    FileNotFoundError: [Errno 2] No such file or directory: 'ausearch'
+
+[0] https://docs.python.org/3/library/subprocess.html#subprocess.Popen
+
+Signed-off-by: Adam Duskett <aduskett@gmail.com>
+[yann.morin.1998@free.fr:
+  - let Popen() resolve from PATH
+  - rewrite commit log
+]
+Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
+Upstream: not submitted
+---
+ python/sepolgen/src/sepolgen/audit.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/python/sepolgen/src/sepolgen/audit.py b/python/sepolgen/src/sepolgen/audit.py
+index 4adb851f..5eafa587 100644
+--- a/sepolgen/src/sepolgen/audit.py
++++ b/sepolgen/src/sepolgen/audit.py
+@@ -41,7 +41,7 @@ def get_audit_boot_msgs():
+     s = time.localtime(time.time() - off)
+     bootdate = time.strftime("%x", s)
+     boottime = time.strftime("%X", s)
+-    output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
++    output = subprocess.Popen(["ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
+                               stdout=subprocess.PIPE).communicate()[0]
+     if util.PY3:
+         output = util.decode_input(output)
+@@ -56,7 +56,7 @@ def get_audit_msgs():
+        string contain all of the audit messages returned by ausearch.
+     """
+     import subprocess
+-    output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"],
++    output = subprocess.Popen(["ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"],
+                               stdout=subprocess.PIPE).communicate()[0]
+     if util.PY3:
+         output = util.decode_input(output)
+-- 
+2.25.1
+

package/selinux-python/Config.in

@@ -1,6 +1,5 @@
 config BR2_PACKAGE_SELINUX_PYTHON
 	bool "selinux-python"
-	depends on !BR2_PACKAGE_PYTHON
 	depends on BR2_USE_MMU
 	depends on BR2_USE_WCHAR
 	depends on BR2_TOOLCHAIN_HAS_THREADS
@@ -17,6 +16,7 @@ if BR2_PACKAGE_SELINUX_PYTHON
 
 config BR2_PACKAGE_SELINUX_PYTHON_AUDIT2ALLOW
 	bool "audit2allow"
+	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_5 # semodule-utils -> libsepol
 	select BR2_PACKAGE_CHECKPOLICY
 	select BR2_PACKAGE_SELINUX_PYTHON_SEPOLGEN
 	select BR2_PACKAGE_SEMODULE_UTILS
@@ -29,18 +29,21 @@ config BR2_PACKAGE_SELINUX_PYTHON_AUDIT2ALLOW
 	  audit2why - translates SELinux audit messages into a
 	  description of why the access was denied (audit2allow -w)
 
+comment "audit2allow needs a toolchain w/ gcc 5"
+	depends on !BR2_TOOLCHAIN_GCC_AT_LEAST_5
+
 config BR2_PACKAGE_SELINUX_PYTHON_SEPOLGEN
 	bool "sepolgen"
+	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_5 # semodule-utils -> libsepol
 	select BR2_PACKAGE_SEMODULE_UTILS
 	help
 	  This package contains a Python module that allows you to
 	  generate an initial SELinux policy module template.
 
-endif
+comment "sepolgen needs a toolchain w/ gcc 5"
+	depends on !BR2_TOOLCHAIN_GCC_AT_LEAST_5
 
-comment "selinux-python needs python3"
-	depends on BR2_USE_MMU
-	depends on BR2_PACKAGE_PYTHON
+endif
 
 comment "selinux-python packages needs a toolchain w/ wchar, threads, dynamic library"
 	depends on BR2_USE_MMU

package/selinux-python/selinux-python.hash

@@ -1,5 +1,5 @@
 # https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 770855ea8120ef23007fdb9db94b1ed6e8cd77917b584ed8877bbee9c16e74fb selinux-python-3.2.tar.gz
+sha256  8245bb4dae59333461f19ca0c79a829081f07972fa5e3ad4c2b2b917dd71d96b  selinux-python-3.5.tar.gz
 
 # Hash for license file
-sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 COPYING
+sha256  204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994  LICENSE

package/selinux-python/selinux-python.mk

@@ -4,10 +4,10 @@
 #
 ################################################################################
 
-SELINUX_PYTHON_VERSION = 3.2
+SELINUX_PYTHON_VERSION = 3.5
 SELINUX_PYTHON_SITE = https://github.com/SELinuxProject/selinux/releases/download/$(SELINUX_PYTHON_VERSION)
 SELINUX_PYTHON_LICENSE = GPL-2.0
-SELINUX_PYTHON_LICENSE_FILES = COPYING
+SELINUX_PYTHON_LICENSE_FILES = LICENSE
 SELINUX_PYTHON_DEPENDENCIES = python3
 
 SELINUX_PYTHON_MAKE_OPTS += \