refpolicy-targeted: remove duplicate type rules

Remove duplicate type rules from init_t to init_script_file_type, they have been included by systemd policies. This also fixes the errors while installing modules for refpolicy-targeted if systemd support is enabled: | Conflicting type rules | Binary policy creation failed at line 327 of \ .../tmp/work/qemux86-poky-linux/refpolicy-targeted/git-r0/image\ /var/lib/selinux/targeted/tmp/modules/100/init/cil | Failed to generate binary | semodule: Failed! Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
author: Wenzong Fan <wenzong.fan@windriver.com> 2016-08-02 06:32:40 -0400
committer: Joe MacDonald <joe_macdonald@mentor.com> 2016-08-08 13:03:58 -0400
commit: bb478a426a0bb8679e8d7945b31c5690bcf6c6b1 (patch)
tree: e1d23087af53bd9718cf14c0947527b1b0fa4372
parent: d0f889259b610c3365962775c6e96a7cba407177 (diff)
download: meta-selinux-bb478a426a0bb8679e8d7945b31c5690bcf6c6b1.tar.gz
3 files changed, 48 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy-targeted/refpolicy-remove-duplicate-type_transition.patch b/recipes-security/refpolicy/refpolicy-targeted/refpolicy-remove-duplicate-type_transition.patch
new file mode 100644
index 0000000..b6c64c6
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy-targeted/refpolicy-remove-duplicate-type_transition.patch
@@ -0,0 +1,46 @@
+From e1693b640f889818091c976a90041ea6a843fafd Mon Sep 17 00:00:00 2001
+From: Wenzong Fan <wenzong.fan@windriver.com>
+Date: Wed, 17 Feb 2016 08:35:51 -0500
+Subject: [PATCH] remove duplicate type_transition
+Remove duplicate type rules from init_t to init_script_file_type,
+they have been included by systemd policies. This also fixes the
+errors while installing modules for refpolicy-targeted if systemd
+support is enabled:
+| Conflicting type rules
+| Binary policy creation failed at line 327 of \
+  .../tmp/work/qemux86-poky-linux/refpolicy-targeted/git-r0/image\
+  /var/lib/selinux/targeted/tmp/modules/100/init/cil
+| Failed to generate binary
+| semodule:  Failed!
+Upstream-Status: Inappropriate
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+---
+ policy/modules/system/init.if | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
+index f50c6e1..b445886 100644
+--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
+@@ -1307,12 +1307,12 @@ interface(`init_spec_domtrans_script',`
+ #
+ interface(`init_domtrans_script',`
+        gen_require(`
+-               type initrc_t;
+               type initrc_t, initrc_exec_t;
+                attribute init_script_file_type;
+        ')
+ 
+        files_list_etc($1)
+-       domtrans_pattern($1, init_script_file_type, initrc_t)
+       domtrans_pattern($1, initrc_exec_t, initrc_t)
+ 
+        ifdef(`enable_mcs',`
+                range_transition $1 init_script_file_type:process s0;
+-- 
+1.9.1
diff --git a/recipes-security/refpolicy/refpolicy-targeted_2.20151208.bb b/recipes-security/refpolicy/refpolicy-targeted_2.20151208.bb
index b169604..f795bf7 100644
--- a/recipes-security/refpolicy/refpolicy-targeted_2.20151208.bb
+++ b/recipes-security/refpolicy/refpolicy-targeted_2.20151208.bb
@@ -17,4 +17,5 @@ include refpolicy_${PV}.inc
 SRC_URI += " \
            file://refpolicy-fix-optional-issue-on-sysadm-module.patch \
            file://refpolicy-unconfined_u-default-user.patch \
+            ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'file://refpolicy-remove-duplicate-type_transition.patch', '', d)} \
           "
diff --git a/recipes-security/refpolicy/refpolicy-targeted_git.bb b/recipes-security/refpolicy/refpolicy-targeted_git.bb
index b169604..f795bf7 100644
--- a/recipes-security/refpolicy/refpolicy-targeted_git.bb
+++ b/recipes-security/refpolicy/refpolicy-targeted_git.bb
@@ -17,4 +17,5 @@ include refpolicy_${PV}.inc
 SRC_URI += " \
            file://refpolicy-fix-optional-issue-on-sysadm-module.patch \
            file://refpolicy-unconfined_u-default-user.patch \
+            ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'file://refpolicy-remove-duplicate-type_transition.patch', '', d)} \
           "
author	Wenzong Fan <wenzong.fan@windriver.com>	2016-08-02 06:32:40 -0400
committer	Joe MacDonald <joe_macdonald@mentor.com>	2016-08-08 13:03:58 -0400
commit	bb478a426a0bb8679e8d7945b31c5690bcf6c6b1 (patch)
tree	e1d23087af53bd9718cf14c0947527b1b0fa4372
parent	d0f889259b610c3365962775c6e96a7cba407177 (diff)
download	meta-selinux-bb478a426a0bb8679e8d7945b31c5690bcf6c6b1.tar.gz

diff --git a/recipes-security/refpolicy/refpolicy-targeted/refpolicy-remove-duplicate-type_transition.patch b/recipes-security/refpolicy/refpolicy-targeted/refpolicy-remove-duplicate-type_transition.patch new file mode 100644 index 0000000..b6c64c6 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy-targeted/refpolicy-remove-duplicate-type_transition.patch
@@ -0,0 +1,46 @@
		1	From e1693b640f889818091c976a90041ea6a843fafd Mon Sep 17 00:00:00 2001
		2	From: Wenzong Fan <wenzong.fan@windriver.com>
		3	Date: Wed, 17 Feb 2016 08:35:51 -0500
		4	Subject: [PATCH] remove duplicate type_transition
		5
		6	Remove duplicate type rules from init_t to init_script_file_type,
		7	they have been included by systemd policies. This also fixes the
		8	errors while installing modules for refpolicy-targeted if systemd
		9	support is enabled:
		10
		11	\| Conflicting type rules
		12	\| Binary policy creation failed at line 327 of \
		13	.../tmp/work/qemux86-poky-linux/refpolicy-targeted/git-r0/image\
		14	/var/lib/selinux/targeted/tmp/modules/100/init/cil
		15	\| Failed to generate binary
		16	\| semodule: Failed!
		17
		18	Upstream-Status: Inappropriate
		19
		20	Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
		21	---
		22	policy/modules/system/init.if \| 4 ++--
		23	1 file changed, 2 insertions(+), 2 deletions(-)
		24
		25	diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
		26	index f50c6e1..b445886 100644
		27	--- a/policy/modules/system/init.if
		28	+++ b/policy/modules/system/init.if
		29	@@ -1307,12 +1307,12 @@ interface(`init_spec_domtrans_script',`
		30	#
		31	interface(`init_domtrans_script',`
		32	gen_require(`
		33	- type initrc_t;
		34	+ type initrc_t, initrc_exec_t;
		35	attribute init_script_file_type;
		36	')
		37
		38	files_list_etc($1)
		39	- domtrans_pattern($1, init_script_file_type, initrc_t)
		40	+ domtrans_pattern($1, initrc_exec_t, initrc_t)
		41
		42	ifdef(`enable_mcs',`
		43	range_transition $1 init_script_file_type:process s0;
		44	--
		45	1.9.1
		46


diff --git a/recipes-security/refpolicy/refpolicy-targeted_2.20151208.bb b/recipes-security/refpolicy/refpolicy-targeted_2.20151208.bb index b169604..f795bf7 100644 --- a/recipes-security/refpolicy/refpolicy-targeted_2.20151208.bb +++ b/recipes-security/refpolicy/refpolicy-targeted_2.20151208.bb
@@ -17,4 +17,5 @@ include refpolicy_${PV}.inc
17	SRC_URI += " \	17	SRC_URI += " \
18	file://refpolicy-fix-optional-issue-on-sysadm-module.patch \	18	file://refpolicy-fix-optional-issue-on-sysadm-module.patch \
19	file://refpolicy-unconfined_u-default-user.patch \	19	file://refpolicy-unconfined_u-default-user.patch \
		20	${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'file://refpolicy-remove-duplicate-type_transition.patch', '', d)} \
20	"	21	"


diff --git a/recipes-security/refpolicy/refpolicy-targeted_git.bb b/recipes-security/refpolicy/refpolicy-targeted_git.bb index b169604..f795bf7 100644 --- a/recipes-security/refpolicy/refpolicy-targeted_git.bb +++ b/recipes-security/refpolicy/refpolicy-targeted_git.bb
@@ -17,4 +17,5 @@ include refpolicy_${PV}.inc
17	SRC_URI += " \	17	SRC_URI += " \
18	file://refpolicy-fix-optional-issue-on-sysadm-module.patch \	18	file://refpolicy-fix-optional-issue-on-sysadm-module.patch \
19	file://refpolicy-unconfined_u-default-user.patch \	19	file://refpolicy-unconfined_u-default-user.patch \
		20	${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'file://refpolicy-remove-duplicate-type_transition.patch', '', d)} \
20	"	21	"