summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorXin Ouyang <Xin.Ouyang@windriver.com>2013-09-23 21:18:02 +0800
committerJoe MacDonald <joe@deserted.net>2013-10-02 13:24:44 -0400
commitc1dc2858007322d99e3f2d646fbe0b1c6d7699b5 (patch)
treee2e57e098f8cec2031d27dff52f3069dcced3d10
parent1f548372c5d8d5ada2ccfa7ac8c922257e25c24e (diff)
downloadmeta-selinux-c1dc2858007322d99e3f2d646fbe0b1c6d7699b5.tar.gz
always force to restore file contexts in initscripts
In policycoreutils-2.13+, restorecon changes its default behaviour, and does not restore context if the file' type is correct, even its mcs/mls level is incorrect. We should force it always to restore file contexts in initscripts to avoid issues. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
-rw-r--r--recipes-connectivity/bind/bind_9.8.1.bbappend4
-rw-r--r--recipes-core/initscripts/initscripts_1.0.bbappend4
-rw-r--r--recipes-core/udev/udev/init2
-rw-r--r--recipes-core/udev/udev_182.bbappend2
-rwxr-xr-xrecipes-extended/sysklogd/files/sysklogd4
-rw-r--r--recipes-extended/sysklogd/sysklogd_1.5.bbappend2
-rwxr-xr-xrecipes-security/audit/audit-2.2.1/auditd2
-rw-r--r--recipes-security/audit/audit_2.2.1.bb2
-rw-r--r--recipes-security/selinux/selinux-config/selinux-init.sh6
-rw-r--r--recipes-security/selinux/selinux-config_0.1.bb2
10 files changed, 15 insertions, 15 deletions
diff --git a/recipes-connectivity/bind/bind_9.8.1.bbappend b/recipes-connectivity/bind/bind_9.8.1.bbappend
index 069aa84..a15e045 100644
--- a/recipes-connectivity/bind/bind_9.8.1.bbappend
+++ b/recipes-connectivity/bind/bind_9.8.1.bbappend
@@ -1,4 +1,4 @@
1PR .= ".2" 1PR .= ".3"
2 2
3FILESEXTRAPATHS_prepend := "${THISDIR}/files:" 3FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
4 4
@@ -9,5 +9,5 @@ do_install_append() {
9 install -m 0644 ${WORKDIR}/volatiles.04_bind ${D}${sysconfdir}/default/volatiles/volatiles.04_bind 9 install -m 0644 ${WORKDIR}/volatiles.04_bind ${D}${sysconfdir}/default/volatiles/volatiles.04_bind
10 10
11 sed -i '/^\s*\/usr\/sbin\/rndc-confgen/a\ 11 sed -i '/^\s*\/usr\/sbin\/rndc-confgen/a\
12 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/bind/rndc.key' ${D}${sysconfdir}/init.d/bind 12 [ -x /sbin/restorecon ] && /sbin/restorecon -F /etc/bind/rndc.key' ${D}${sysconfdir}/init.d/bind
13} 13}
diff --git a/recipes-core/initscripts/initscripts_1.0.bbappend b/recipes-core/initscripts/initscripts_1.0.bbappend
index 630b951..b8172c0 100644
--- a/recipes-core/initscripts/initscripts_1.0.bbappend
+++ b/recipes-core/initscripts/initscripts_1.0.bbappend
@@ -1,8 +1,8 @@
1PR .= ".2" 1PR .= ".3"
2 2
3do_install_append () { 3do_install_append () {
4 cat <<-EOF >> ${D}${sysconfdir}/init.d/populate-volatile.sh 4 cat <<-EOF >> ${D}${sysconfdir}/init.d/populate-volatile.sh
5touch /var/log/lastlog 5touch /var/log/lastlog
6test ! -x /sbin/restorecon || /sbin/restorecon -R /var/volatile/ 6test ! -x /sbin/restorecon || /sbin/restorecon -RF /var/volatile/ /run
7EOF 7EOF
8} 8}
diff --git a/recipes-core/udev/udev/init b/recipes-core/udev/udev/init
index 44a192a..5fd1011 100644
--- a/recipes-core/udev/udev/init
+++ b/recipes-core/udev/udev/init
@@ -81,6 +81,6 @@ else
81 /sbin/udevadm settle 81 /sbin/udevadm settle
82fi 82fi
83 83
84test ! -x /sbin/restorecon || /sbin/restorecon /dev 84test ! -x /sbin/restorecon || /sbin/restorecon -F /dev
85 85
86exit 0 86exit 0
diff --git a/recipes-core/udev/udev_182.bbappend b/recipes-core/udev/udev_182.bbappend
index f42ad45..6f8f049 100644
--- a/recipes-core/udev/udev_182.bbappend
+++ b/recipes-core/udev/udev_182.bbappend
@@ -1,4 +1,4 @@
1PR .= ".3" 1PR .= ".4"
2 2
3FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" 3FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
4 4
diff --git a/recipes-extended/sysklogd/files/sysklogd b/recipes-extended/sysklogd/files/sysklogd
index 18a6154..8c6eeb5 100755
--- a/recipes-extended/sysklogd/files/sysklogd
+++ b/recipes-extended/sysklogd/files/sysklogd
@@ -37,7 +37,7 @@ create_xconsole()
37 chmod 0640 /dev/xconsole 37 chmod 0640 /dev/xconsole
38 fi 38 fi
39 chown root:adm /dev/xconsole 39 chown root:adm /dev/xconsole
40 test ! -x /sbin/restorecon || /sbin/restorecon /dev/xconsole 40 test ! -x /sbin/restorecon || /sbin/restorecon -F /dev/xconsole
41} 41}
42 42
43log_begin_msg () { 43log_begin_msg () {
@@ -92,7 +92,7 @@ case "$1" in
92 log_begin_msg "Starting system log daemon..." 92 log_begin_msg "Starting system log daemon..."
93 create_xconsole 93 create_xconsole
94 start-stop-daemon --start --quiet --pidfile $pidfile_syslogd --name syslogd --startas $binpath_syslogd -- $SYSLOGD 94 start-stop-daemon --start --quiet --pidfile $pidfile_syslogd --name syslogd --startas $binpath_syslogd -- $SYSLOGD
95 test ! -x /sbin/restorecon || /sbin/restorecon -R /dev/log /var/log/ 95 test ! -x /sbin/restorecon || /sbin/restorecon -RF /dev/log /var/log/
96 log_end_msg $? 96 log_end_msg $?
97 log_begin_msg "Starting kernel log daemon..." 97 log_begin_msg "Starting kernel log daemon..."
98 start-stop-daemon --start --quiet --pidfile $pidfile_klogd --name klogd --startas $binpath_klogd -- $KLOGD 98 start-stop-daemon --start --quiet --pidfile $pidfile_klogd --name klogd --startas $binpath_klogd -- $KLOGD
diff --git a/recipes-extended/sysklogd/sysklogd_1.5.bbappend b/recipes-extended/sysklogd/sysklogd_1.5.bbappend
index fd0bc32..0581083 100644
--- a/recipes-extended/sysklogd/sysklogd_1.5.bbappend
+++ b/recipes-extended/sysklogd/sysklogd_1.5.bbappend
@@ -1,3 +1,3 @@
1PR .= ".1" 1PR .= ".2"
2 2
3FILESEXTRAPATHS_prepend := "${THISDIR}/files:" 3FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
diff --git a/recipes-security/audit/audit-2.2.1/auditd b/recipes-security/audit/audit-2.2.1/auditd
index 48b6990..fcd96c9 100755
--- a/recipes-security/audit/audit-2.2.1/auditd
+++ b/recipes-security/audit/audit-2.2.1/auditd
@@ -86,7 +86,7 @@ do_reload() {
86 86
87if [ ! -e /var/log/audit ]; then 87if [ ! -e /var/log/audit ]; then
88 mkdir -p /var/log/audit 88 mkdir -p /var/log/audit
89 [ -x /sbin/restorecon ] && /sbin/restorecon /var/log/audit 89 [ -x /sbin/restorecon ] && /sbin/restorecon -F /var/log/audit
90fi 90fi
91 91
92case "$1" in 92case "$1" in
diff --git a/recipes-security/audit/audit_2.2.1.bb b/recipes-security/audit/audit_2.2.1.bb
index e0b86e2..0bce60b 100644
--- a/recipes-security/audit/audit_2.2.1.bb
+++ b/recipes-security/audit/audit_2.2.1.bb
@@ -4,7 +4,7 @@ storing and searching the audit records generated by the audit subsystem \
4in the Linux kernel." 4in the Linux kernel."
5HOMEPAGE = "http://people.redhat.com/sgrubb/audit/" 5HOMEPAGE = "http://people.redhat.com/sgrubb/audit/"
6SECTION = "base" 6SECTION = "base"
7PR = "r7" 7PR = "r8"
8LICENSE = "GPLv2+ & LGPLv2+" 8LICENSE = "GPLv2+ & LGPLv2+"
9LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" 9LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
10 10
diff --git a/recipes-security/selinux/selinux-config/selinux-init.sh b/recipes-security/selinux/selinux-config/selinux-init.sh
index 8f3efac..9aaf454 100644
--- a/recipes-security/selinux/selinux-config/selinux-init.sh
+++ b/recipes-security/selinux/selinux-config/selinux-init.sh
@@ -59,13 +59,13 @@ if [ "`${SECON} -t --pid 1`" = "kernel_t" ]; then
59 echo " * First booting, filesystem will be relabeled..." 59 echo " * First booting, filesystem will be relabeled..."
60 test -x /etc/init.d/auditd && /etc/init.d/auditd start 60 test -x /etc/init.d/auditd && /etc/init.d/auditd start
61 ${SETENFORCE} 0 61 ${SETENFORCE} 0
62 ${RESTORECON} -R / 62 ${RESTORECON} -RF /
63 ${RESTORECON} / 63 ${RESTORECON} -F /
64 echo " * Relabel done, rebooting the system." 64 echo " * Relabel done, rebooting the system."
65 /sbin/reboot -f 65 /sbin/reboot -f
66fi 66fi
67 67
68# Now, we should relabel /dev for most services. 68# Now, we should relabel /dev for most services.
69${RESTORECON} -R /dev 69${RESTORECON} -RF /dev
70 70
71exit 0 71exit 0
diff --git a/recipes-security/selinux/selinux-config_0.1.bb b/recipes-security/selinux/selinux-config_0.1.bb
index ad0d647..6af9c54 100644
--- a/recipes-security/selinux/selinux-config_0.1.bb
+++ b/recipes-security/selinux/selinux-config_0.1.bb
@@ -8,7 +8,7 @@ This is the configuration files for SELinux on WRLinux system. \
8SECTION = "base" 8SECTION = "base"
9LICENSE = "MIT" 9LICENSE = "MIT"
10LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" 10LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
11PR = "r2" 11PR = "r3"
12 12
13SRC_URI = "file://selinux-init.sh" 13SRC_URI = "file://selinux-init.sh"
14 14