summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMark Hatle <mark.hatle@windriver.com>2014-04-04 18:09:32 -0500
committerJoe MacDonald <joe@deserted.net>2014-04-07 09:55:49 -0400
commit0362287928bc0a58b755488ebd74441c28eeeee2 (patch)
tree51514838789c79e3e80829eeb8206bfe13ea397d
parent251003831f87ac4081a3e6671e7b96d2266fa9df (diff)
downloadmeta-selinux-0362287928bc0a58b755488ebd74441c28eeeee2.tar.gz
audit: Fix lack of a default audit.rules
Various components were failing, and upon investigation it was noted that the audit.rules file referenced by the initscript wasn't available. There was however a copy under the rules.d directory. Investigating the audit.spec file (which in the upstream source) showed that it was expected that the version in the rules.d should be copied into /etc/audit. Do this and correct the systemd services file to use the same file. Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
Diffstat
-rw-r--r--recipes-security/audit/audit/auditd.service2
-rw-r--r--recipes-security/audit/audit_2.3.2.bb5
2 files changed, 6 insertions, 1 deletions
diff --git a/recipes-security/audit/audit/auditd.service b/recipes-security/audit/audit/auditd.service
index 6daa056..adf4d3b 100644
--- a/recipes-security/audit/audit/auditd.service
+++ b/recipes-security/audit/audit/auditd.service
@@ -14,7 +14,7 @@ ExecStart=/sbin/auditd -n
14## Then copy existing rules to /etc/audit/rules.d/ 14## Then copy existing rules to /etc/audit/rules.d/
15## Not doing this last step can cause loss of existing rules 15## Not doing this last step can cause loss of existing rules
16#ExecStartPost=-/sbin/augenrules --load 16#ExecStartPost=-/sbin/augenrules --load
17ExecStartPost=-/sbin/auditctl -R /etc/audit/rules.d/audit.rules 17ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
18ExecReload=/bin/kill -HUP $MAINPID 18ExecReload=/bin/kill -HUP $MAINPID
19 19
20[Install] 20[Install]
diff --git a/recipes-security/audit/audit_2.3.2.bb b/recipes-security/audit/audit_2.3.2.bb
index 4a9c954..ae6556f 100644
--- a/recipes-security/audit/audit_2.3.2.bb
+++ b/recipes-security/audit/audit_2.3.2.bb
@@ -67,6 +67,8 @@ FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug"
67FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" 67FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
68FILES_${PN}-dev += "${base_libdir}/*.so ${base_libdir}/*.la" 68FILES_${PN}-dev += "${base_libdir}/*.so ${base_libdir}/*.la"
69 69
70CONFFILES_auditd += "${sysconfdir}/audit/audit.rules"
71
70do_install_append() { 72do_install_append() {
71 rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a 73 rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a
72 rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la 74 rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la
@@ -91,4 +93,7 @@ do_install_append() {
91 93
92 chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d 94 chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d
93 chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules 95 chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules
96
97 # Based on the audit.spec "Copy default rules into place on new installation"
98 cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules
94} 99}
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-26 00:31:01 +0000