diff options
| author | Yi Zhao <yi.zhao@windriver.com> | 2023-07-27 14:07:48 -0400 |
|---|---|---|
| committer | Joe MacDonald <joe@deserted.net> | 2023-07-31 15:05:30 -0400 |
| commit | 1924d975283210f0c36bc3c0e8ce516ccc06961f (patch) | |
| tree | 494be7575b6219b816613ddefb6072973d8e78d4 /recipes-security/refpolicy/refpolicy-git/0020-policy-module-logging-add-domain-rules-for-the-subdi.patch | |
| parent | 4f3ec6e10f13aaf19fbca9a18547f9e72ba1ec0a (diff) | |
| download | meta-selinux-dunfell.tar.gz | |
refpolicy: update to 20200229+gitdunfell
* Drop obsolete and unused patches.
* Rebase patches.
* Add patches to make systemd and sysvinit can work with all policy types.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
(cherry picked from commit 15fed8756aa4828fa12a3d813754b4ca65a7607d)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
Diffstat (limited to 'recipes-security/refpolicy/refpolicy-git/0020-policy-module-logging-add-domain-rules-for-the-subdi.patch')
| -rw-r--r-- | recipes-security/refpolicy/refpolicy-git/0020-policy-module-logging-add-domain-rules-for-the-subdi.patch | 36 |
1 files changed, 0 insertions, 36 deletions
diff --git a/recipes-security/refpolicy/refpolicy-git/0020-policy-module-logging-add-domain-rules-for-the-subdi.patch b/recipes-security/refpolicy/refpolicy-git/0020-policy-module-logging-add-domain-rules-for-the-subdi.patch deleted file mode 100644 index a494671..0000000 --- a/recipes-security/refpolicy/refpolicy-git/0020-policy-module-logging-add-domain-rules-for-the-subdi.patch +++ /dev/null | |||
| @@ -1,36 +0,0 @@ | |||
| 1 | From 07456143d9478b345dbe480e1b418b744de96751 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Xin Ouyang <Xin.Ouyang@windriver.com> | ||
| 3 | Date: Fri, 23 Aug 2013 11:20:00 +0800 | ||
| 4 | Subject: [PATCH 20/34] policy/module/logging: add domain rules for the subdir | ||
| 5 | symlinks in /var/ | ||
| 6 | |||
| 7 | Except /var/log,/var/run,/var/lock, there still other subdir symlinks in | ||
| 8 | /var for poky, so we need allow rules for all domains to read these | ||
| 9 | symlinks. Domains still need their practical allow rules to read the | ||
| 10 | contents, so this is still a secure relax. | ||
| 11 | |||
| 12 | Upstream-Status: Inappropriate [only for Poky] | ||
| 13 | |||
| 14 | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com> | ||
| 15 | Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> | ||
| 16 | --- | ||
| 17 | policy/modules/kernel/domain.te | 3 +++ | ||
| 18 | 1 file changed, 3 insertions(+) | ||
| 19 | |||
| 20 | diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te | ||
| 21 | index 1a55e3d2..babb794f 100644 | ||
| 22 | --- a/policy/modules/kernel/domain.te | ||
| 23 | +++ b/policy/modules/kernel/domain.te | ||
| 24 | @@ -110,6 +110,9 @@ term_use_controlling_term(domain) | ||
| 25 | # list the root directory | ||
| 26 | files_list_root(domain) | ||
| 27 | |||
| 28 | +# Yocto/oe-core use some var volatile links | ||
| 29 | +files_read_var_symlinks(domain) | ||
| 30 | + | ||
| 31 | ifdef(`hide_broken_symptoms',` | ||
| 32 | # This check is in the general socket | ||
| 33 | # listen code, before protocol-specific | ||
| 34 | -- | ||
| 35 | 2.19.1 | ||
| 36 | |||