diff options
author | Xin Ouyang <Xin.Ouyang@windriver.com> | 2013-09-23 21:18:02 +0800 |
---|---|---|
committer | Joe MacDonald <joe@deserted.net> | 2013-10-02 13:24:44 -0400 |
commit | c1dc2858007322d99e3f2d646fbe0b1c6d7699b5 (patch) | |
tree | e2e57e098f8cec2031d27dff52f3069dcced3d10 | |
parent | 1f548372c5d8d5ada2ccfa7ac8c922257e25c24e (diff) | |
download | meta-selinux-c1dc2858007322d99e3f2d646fbe0b1c6d7699b5.tar.gz |
always force to restore file contexts in initscripts
In policycoreutils-2.13+, restorecon changes its default behaviour,
and does not restore context if the file' type is correct, even its
mcs/mls level is incorrect.
We should force it always to restore file contexts in initscripts to
avoid issues.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
-rw-r--r-- | recipes-connectivity/bind/bind_9.8.1.bbappend | 4 | ||||
-rw-r--r-- | recipes-core/initscripts/initscripts_1.0.bbappend | 4 | ||||
-rw-r--r-- | recipes-core/udev/udev/init | 2 | ||||
-rw-r--r-- | recipes-core/udev/udev_182.bbappend | 2 | ||||
-rwxr-xr-x | recipes-extended/sysklogd/files/sysklogd | 4 | ||||
-rw-r--r-- | recipes-extended/sysklogd/sysklogd_1.5.bbappend | 2 | ||||
-rwxr-xr-x | recipes-security/audit/audit-2.2.1/auditd | 2 | ||||
-rw-r--r-- | recipes-security/audit/audit_2.2.1.bb | 2 | ||||
-rw-r--r-- | recipes-security/selinux/selinux-config/selinux-init.sh | 6 | ||||
-rw-r--r-- | recipes-security/selinux/selinux-config_0.1.bb | 2 |
10 files changed, 15 insertions, 15 deletions
diff --git a/recipes-connectivity/bind/bind_9.8.1.bbappend b/recipes-connectivity/bind/bind_9.8.1.bbappend index 069aa84..a15e045 100644 --- a/recipes-connectivity/bind/bind_9.8.1.bbappend +++ b/recipes-connectivity/bind/bind_9.8.1.bbappend | |||
@@ -1,4 +1,4 @@ | |||
1 | PR .= ".2" | 1 | PR .= ".3" |
2 | 2 | ||
3 | FILESEXTRAPATHS_prepend := "${THISDIR}/files:" | 3 | FILESEXTRAPATHS_prepend := "${THISDIR}/files:" |
4 | 4 | ||
@@ -9,5 +9,5 @@ do_install_append() { | |||
9 | install -m 0644 ${WORKDIR}/volatiles.04_bind ${D}${sysconfdir}/default/volatiles/volatiles.04_bind | 9 | install -m 0644 ${WORKDIR}/volatiles.04_bind ${D}${sysconfdir}/default/volatiles/volatiles.04_bind |
10 | 10 | ||
11 | sed -i '/^\s*\/usr\/sbin\/rndc-confgen/a\ | 11 | sed -i '/^\s*\/usr\/sbin\/rndc-confgen/a\ |
12 | [ -x /sbin/restorecon ] && /sbin/restorecon /etc/bind/rndc.key' ${D}${sysconfdir}/init.d/bind | 12 | [ -x /sbin/restorecon ] && /sbin/restorecon -F /etc/bind/rndc.key' ${D}${sysconfdir}/init.d/bind |
13 | } | 13 | } |
diff --git a/recipes-core/initscripts/initscripts_1.0.bbappend b/recipes-core/initscripts/initscripts_1.0.bbappend index 630b951..b8172c0 100644 --- a/recipes-core/initscripts/initscripts_1.0.bbappend +++ b/recipes-core/initscripts/initscripts_1.0.bbappend | |||
@@ -1,8 +1,8 @@ | |||
1 | PR .= ".2" | 1 | PR .= ".3" |
2 | 2 | ||
3 | do_install_append () { | 3 | do_install_append () { |
4 | cat <<-EOF >> ${D}${sysconfdir}/init.d/populate-volatile.sh | 4 | cat <<-EOF >> ${D}${sysconfdir}/init.d/populate-volatile.sh |
5 | touch /var/log/lastlog | 5 | touch /var/log/lastlog |
6 | test ! -x /sbin/restorecon || /sbin/restorecon -R /var/volatile/ | 6 | test ! -x /sbin/restorecon || /sbin/restorecon -RF /var/volatile/ /run |
7 | EOF | 7 | EOF |
8 | } | 8 | } |
diff --git a/recipes-core/udev/udev/init b/recipes-core/udev/udev/init index 44a192a..5fd1011 100644 --- a/recipes-core/udev/udev/init +++ b/recipes-core/udev/udev/init | |||
@@ -81,6 +81,6 @@ else | |||
81 | /sbin/udevadm settle | 81 | /sbin/udevadm settle |
82 | fi | 82 | fi |
83 | 83 | ||
84 | test ! -x /sbin/restorecon || /sbin/restorecon /dev | 84 | test ! -x /sbin/restorecon || /sbin/restorecon -F /dev |
85 | 85 | ||
86 | exit 0 | 86 | exit 0 |
diff --git a/recipes-core/udev/udev_182.bbappend b/recipes-core/udev/udev_182.bbappend index f42ad45..6f8f049 100644 --- a/recipes-core/udev/udev_182.bbappend +++ b/recipes-core/udev/udev_182.bbappend | |||
@@ -1,4 +1,4 @@ | |||
1 | PR .= ".3" | 1 | PR .= ".4" |
2 | 2 | ||
3 | FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" | 3 | FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" |
4 | 4 | ||
diff --git a/recipes-extended/sysklogd/files/sysklogd b/recipes-extended/sysklogd/files/sysklogd index 18a6154..8c6eeb5 100755 --- a/recipes-extended/sysklogd/files/sysklogd +++ b/recipes-extended/sysklogd/files/sysklogd | |||
@@ -37,7 +37,7 @@ create_xconsole() | |||
37 | chmod 0640 /dev/xconsole | 37 | chmod 0640 /dev/xconsole |
38 | fi | 38 | fi |
39 | chown root:adm /dev/xconsole | 39 | chown root:adm /dev/xconsole |
40 | test ! -x /sbin/restorecon || /sbin/restorecon /dev/xconsole | 40 | test ! -x /sbin/restorecon || /sbin/restorecon -F /dev/xconsole |
41 | } | 41 | } |
42 | 42 | ||
43 | log_begin_msg () { | 43 | log_begin_msg () { |
@@ -92,7 +92,7 @@ case "$1" in | |||
92 | log_begin_msg "Starting system log daemon..." | 92 | log_begin_msg "Starting system log daemon..." |
93 | create_xconsole | 93 | create_xconsole |
94 | start-stop-daemon --start --quiet --pidfile $pidfile_syslogd --name syslogd --startas $binpath_syslogd -- $SYSLOGD | 94 | start-stop-daemon --start --quiet --pidfile $pidfile_syslogd --name syslogd --startas $binpath_syslogd -- $SYSLOGD |
95 | test ! -x /sbin/restorecon || /sbin/restorecon -R /dev/log /var/log/ | 95 | test ! -x /sbin/restorecon || /sbin/restorecon -RF /dev/log /var/log/ |
96 | log_end_msg $? | 96 | log_end_msg $? |
97 | log_begin_msg "Starting kernel log daemon..." | 97 | log_begin_msg "Starting kernel log daemon..." |
98 | start-stop-daemon --start --quiet --pidfile $pidfile_klogd --name klogd --startas $binpath_klogd -- $KLOGD | 98 | start-stop-daemon --start --quiet --pidfile $pidfile_klogd --name klogd --startas $binpath_klogd -- $KLOGD |
diff --git a/recipes-extended/sysklogd/sysklogd_1.5.bbappend b/recipes-extended/sysklogd/sysklogd_1.5.bbappend index fd0bc32..0581083 100644 --- a/recipes-extended/sysklogd/sysklogd_1.5.bbappend +++ b/recipes-extended/sysklogd/sysklogd_1.5.bbappend | |||
@@ -1,3 +1,3 @@ | |||
1 | PR .= ".1" | 1 | PR .= ".2" |
2 | 2 | ||
3 | FILESEXTRAPATHS_prepend := "${THISDIR}/files:" | 3 | FILESEXTRAPATHS_prepend := "${THISDIR}/files:" |
diff --git a/recipes-security/audit/audit-2.2.1/auditd b/recipes-security/audit/audit-2.2.1/auditd index 48b6990..fcd96c9 100755 --- a/recipes-security/audit/audit-2.2.1/auditd +++ b/recipes-security/audit/audit-2.2.1/auditd | |||
@@ -86,7 +86,7 @@ do_reload() { | |||
86 | 86 | ||
87 | if [ ! -e /var/log/audit ]; then | 87 | if [ ! -e /var/log/audit ]; then |
88 | mkdir -p /var/log/audit | 88 | mkdir -p /var/log/audit |
89 | [ -x /sbin/restorecon ] && /sbin/restorecon /var/log/audit | 89 | [ -x /sbin/restorecon ] && /sbin/restorecon -F /var/log/audit |
90 | fi | 90 | fi |
91 | 91 | ||
92 | case "$1" in | 92 | case "$1" in |
diff --git a/recipes-security/audit/audit_2.2.1.bb b/recipes-security/audit/audit_2.2.1.bb index e0b86e2..0bce60b 100644 --- a/recipes-security/audit/audit_2.2.1.bb +++ b/recipes-security/audit/audit_2.2.1.bb | |||
@@ -4,7 +4,7 @@ storing and searching the audit records generated by the audit subsystem \ | |||
4 | in the Linux kernel." | 4 | in the Linux kernel." |
5 | HOMEPAGE = "http://people.redhat.com/sgrubb/audit/" | 5 | HOMEPAGE = "http://people.redhat.com/sgrubb/audit/" |
6 | SECTION = "base" | 6 | SECTION = "base" |
7 | PR = "r7" | 7 | PR = "r8" |
8 | LICENSE = "GPLv2+ & LGPLv2+" | 8 | LICENSE = "GPLv2+ & LGPLv2+" |
9 | LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" | 9 | LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" |
10 | 10 | ||
diff --git a/recipes-security/selinux/selinux-config/selinux-init.sh b/recipes-security/selinux/selinux-config/selinux-init.sh index 8f3efac..9aaf454 100644 --- a/recipes-security/selinux/selinux-config/selinux-init.sh +++ b/recipes-security/selinux/selinux-config/selinux-init.sh | |||
@@ -59,13 +59,13 @@ if [ "`${SECON} -t --pid 1`" = "kernel_t" ]; then | |||
59 | echo " * First booting, filesystem will be relabeled..." | 59 | echo " * First booting, filesystem will be relabeled..." |
60 | test -x /etc/init.d/auditd && /etc/init.d/auditd start | 60 | test -x /etc/init.d/auditd && /etc/init.d/auditd start |
61 | ${SETENFORCE} 0 | 61 | ${SETENFORCE} 0 |
62 | ${RESTORECON} -R / | 62 | ${RESTORECON} -RF / |
63 | ${RESTORECON} / | 63 | ${RESTORECON} -F / |
64 | echo " * Relabel done, rebooting the system." | 64 | echo " * Relabel done, rebooting the system." |
65 | /sbin/reboot -f | 65 | /sbin/reboot -f |
66 | fi | 66 | fi |
67 | 67 | ||
68 | # Now, we should relabel /dev for most services. | 68 | # Now, we should relabel /dev for most services. |
69 | ${RESTORECON} -R /dev | 69 | ${RESTORECON} -RF /dev |
70 | 70 | ||
71 | exit 0 | 71 | exit 0 |
diff --git a/recipes-security/selinux/selinux-config_0.1.bb b/recipes-security/selinux/selinux-config_0.1.bb index ad0d647..6af9c54 100644 --- a/recipes-security/selinux/selinux-config_0.1.bb +++ b/recipes-security/selinux/selinux-config_0.1.bb | |||
@@ -8,7 +8,7 @@ This is the configuration files for SELinux on WRLinux system. \ | |||
8 | SECTION = "base" | 8 | SECTION = "base" |
9 | LICENSE = "MIT" | 9 | LICENSE = "MIT" |
10 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" | 10 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" |
11 | PR = "r2" | 11 | PR = "r3" |
12 | 12 | ||
13 | SRC_URI = "file://selinux-init.sh" | 13 | SRC_URI = "file://selinux-init.sh" |
14 | 14 | ||