diff options
| author | Xin Ouyang <Xin.Ouyang@windriver.com> | 2013-01-17 20:50:42 +0800 |
|---|---|---|
| committer | Xin Ouyang <Xin.Ouyang@windriver.com> | 2013-01-22 15:39:57 +0800 |
| commit | b0f4055b7029bf5181f699c16c52fb88b50f51ec (patch) | |
| tree | 7d20bfc08eec0b489763663f3d03df57d5a17bc3 | |
| parent | 6079c073b691e514186a43dfe50c6cf874d94dd7 (diff) | |
| download | meta-selinux-b0f4055b7029bf5181f699c16c52fb88b50f51ec.tar.gz | |
refpolicy: file contexts for alternatives of shadow
CQID: WIND00399962
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
3 files changed, 36 insertions, 1 deletions
diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-real-path_shadow.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-real-path_shadow.patch new file mode 100644 index 0000000..29ac2c3 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-real-path_shadow.patch | |||
| @@ -0,0 +1,34 @@ | |||
| 1 | Subject: [PATCH] fix real path for shadow commands. | ||
| 2 | |||
| 3 | Upstream-Status: Inappropriate [only for Poky] | ||
| 4 | |||
| 5 | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com> | ||
| 6 | --- | ||
| 7 | policy/modules/admin/usermanage.fc | 6 ++++++ | ||
| 8 | 1 file changed, 6 insertions(+) | ||
| 9 | |||
| 10 | diff --git a/policy/modules/admin/usermanage.fc b/policy/modules/admin/usermanage.fc | ||
| 11 | index f82f0ce..841ba9b 100644 | ||
| 12 | --- a/policy/modules/admin/usermanage.fc | ||
| 13 | +++ b/policy/modules/admin/usermanage.fc | ||
| 14 | @@ -4,11 +4,17 @@ ifdef(`distro_gentoo',` | ||
| 15 | |||
| 16 | /usr/bin/chage -- gen_context(system_u:object_r:passwd_exec_t,s0) | ||
| 17 | /usr/bin/chfn -- gen_context(system_u:object_r:chfn_exec_t,s0) | ||
| 18 | +/usr/bin/chfn\.shadow -- gen_context(system_u:object_r:chfn_exec_t,s0) | ||
| 19 | /usr/bin/chsh -- gen_context(system_u:object_r:chfn_exec_t,s0) | ||
| 20 | +/usr/bin/chsh\.shadow -- gen_context(system_u:object_r:chfn_exec_t,s0) | ||
| 21 | /usr/bin/gpasswd -- gen_context(system_u:object_r:groupadd_exec_t,s0) | ||
| 22 | /usr/bin/passwd -- gen_context(system_u:object_r:passwd_exec_t,s0) | ||
| 23 | +/usr/bin/passwd\.shadow -- gen_context(system_u:object_r:passwd_exec_t,s0) | ||
| 24 | +/usr/bin/passwd\.tinylogin -- gen_context(system_u:object_r:passwd_exec_t,s0) | ||
| 25 | /usr/bin/vigr -- gen_context(system_u:object_r:admin_passwd_exec_t,s0) | ||
| 26 | +/sbin/vigr\.shadow -- gen_context(system_u:object_r:admin_passwd_exec_t,s0) | ||
| 27 | /usr/bin/vipw -- gen_context(system_u:object_r:admin_passwd_exec_t,s0) | ||
| 28 | +/sbin/vipw\.shadow -- gen_context(system_u:object_r:admin_passwd_exec_t,s0) | ||
| 29 | |||
| 30 | /usr/lib/cracklib_dict.* -- gen_context(system_u:object_r:crack_db_t,s0) | ||
| 31 | |||
| 32 | -- | ||
| 33 | 1.7.9.5 | ||
| 34 | |||
diff --git a/recipes-security/refpolicy/refpolicy_2.20120725.inc b/recipes-security/refpolicy/refpolicy_2.20120725.inc index 57f2046..ec8b5bf 100644 --- a/recipes-security/refpolicy/refpolicy_2.20120725.inc +++ b/recipes-security/refpolicy/refpolicy_2.20120725.inc | |||
| @@ -13,6 +13,7 @@ SRC_URI += "file://poky-fc-subs_dist.patch \ | |||
| 13 | file://poky-fc-fix-prefix-path_rpc.patch \ | 13 | file://poky-fc-fix-prefix-path_rpc.patch \ |
| 14 | file://poky-fc-fix-real-path_resolv.conf.patch \ | 14 | file://poky-fc-fix-real-path_resolv.conf.patch \ |
| 15 | file://poky-fc-fix-real-path_login.patch \ | 15 | file://poky-fc-fix-real-path_login.patch \ |
| 16 | file://poky-fc-fix-real-path_shadow.patch \ | ||
| 16 | " | 17 | " |
| 17 | 18 | ||
| 18 | # Specific policy for Poky | 19 | # Specific policy for Poky |
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc index cb72b21..7441cd1 100644 --- a/recipes-security/refpolicy/refpolicy_common.inc +++ b/recipes-security/refpolicy/refpolicy_common.inc | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | PRINC = "1" | 1 | PRINC = "2" |
| 2 | 2 | ||
| 3 | SECTION = "base" | 3 | SECTION = "base" |
| 4 | LICENSE = "GPLv2" | 4 | LICENSE = "GPLv2" |