refpolicy: fix up all refpolicy 20170224 builds for sumosumo

Signed-off-by: Joe MacDonald <joe@deserted.net>
author: Joe MacDonald <joe@deserted.net> 2018-10-25 09:57:23 +0100
committer: Joe MacDonald <joe@deserted.net> 2018-10-30 08:03:09 -0400
commit: 67208898cd9e3203528e1e7399f49da9c598eb54 (patch)
tree: 576ac99d71f455112151ff972bcb343999e9e5e8 /recipes-security/refpolicy/refpolicy-git
parent: 0da25d103bf305ed26ac6f7a1705e161d9724283 (diff)
download: meta-selinux-sumo.tar.gz
1 files changed, 23 insertions, 4 deletions
diff --git a/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch b/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch
index 5bd5b2e..8d22c21 100644
--- a/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch
+++ b/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch
@@ -1,12 +1,31 @@
-diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te
+From ed2b0a00e2fb78056041b03c7e198e8f5adaf939 Mon Sep 17 00:00:00 2001
-index fcf795f..529057c 100644
+From: Xin Ouyang <Xin.Ouyang@windriver.com>
+Date: Thu, 22 Aug 2013 19:36:44 +0800
+Subject: [PATCH 3/6] add rules for the symlink of /var/log - apache2
+We have added rules for the symlink of /var/log in logging.if,
+while apache.te uses /var/log but does not use the interfaces in
+logging.if. So still need add a individual rule for apache.te.
+Upstream-Status: Inappropriate [only for Poky]
+Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
+Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
+---
+ policy/modules/contrib/apache.te |    1 +
+ 1 file changed, 1 insertion(+)
 --- a/policy/modules/contrib/apache.te
 +++ b/policy/modules/contrib/apache.te
-@@ -412,6 +412,7 @@ create_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
+@@ -409,10 +409,11 @@ allow httpd_t httpd_log_t:dir setattr_di
+ create_dirs_pattern(httpd_t, httpd_log_t, httpd_log_t)
+ create_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
+ append_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
 read_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
- setattr_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
 read_lnk_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
 +read_lnk_files_pattern(httpd_t, var_log_t, var_log_t)
 logging_log_filetrans(httpd_t, httpd_log_t, file)
 
 allow httpd_t httpd_modules_t:dir list_dir_perms;
+ mmap_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
+ read_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
author	Joe MacDonald <joe@deserted.net>	2018-10-25 09:57:23 +0100
committer	Joe MacDonald <joe@deserted.net>	2018-10-30 08:03:09 -0400
commit	67208898cd9e3203528e1e7399f49da9c598eb54 (patch)
tree	576ac99d71f455112151ff972bcb343999e9e5e8 /recipes-security/refpolicy/refpolicy-git
parent	0da25d103bf305ed26ac6f7a1705e161d9724283 (diff)
download	meta-selinux-sumo.tar.gz

diff --git a/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch b/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch index 5bd5b2e..8d22c21 100644 --- a/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch +++ b/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch
@@ -1,12 +1,31 @@
1	diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te	1	From ed2b0a00e2fb78056041b03c7e198e8f5adaf939 Mon Sep 17 00:00:00 2001
2	index fcf795f..529057c 100644	2	From: Xin Ouyang <Xin.Ouyang@windriver.com>
		3	Date: Thu, 22 Aug 2013 19:36:44 +0800
		4	Subject: [PATCH 3/6] add rules for the symlink of /var/log - apache2
		5
		6	We have added rules for the symlink of /var/log in logging.if,
		7	while apache.te uses /var/log but does not use the interfaces in
		8	logging.if. So still need add a individual rule for apache.te.
		9
		10	Upstream-Status: Inappropriate [only for Poky]
		11
		12	Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
		13	Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
		14	---
		15	policy/modules/contrib/apache.te \| 1 +
		16	1 file changed, 1 insertion(+)
		17
3	--- a/policy/modules/contrib/apache.te	18	--- a/policy/modules/contrib/apache.te
4	+++ b/policy/modules/contrib/apache.te	19	+++ b/policy/modules/contrib/apache.te
5	@@ -412,6 +412,7 @@ create_files_pattern(httpd_t, httpd_log_t, httpd_log_t)	20	@@ -409,10 +409,11 @@ allow httpd_t httpd_log_t:dir setattr_di
		21	create_dirs_pattern(httpd_t, httpd_log_t, httpd_log_t)
		22	create_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
		23	append_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
6	read_files_pattern(httpd_t, httpd_log_t, httpd_log_t)	24	read_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
7	setattr_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
8	read_lnk_files_pattern(httpd_t, httpd_log_t, httpd_log_t)	25	read_lnk_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
9	+read_lnk_files_pattern(httpd_t, var_log_t, var_log_t)	26	+read_lnk_files_pattern(httpd_t, var_log_t, var_log_t)
10	logging_log_filetrans(httpd_t, httpd_log_t, file)	27	logging_log_filetrans(httpd_t, httpd_log_t, file)
11		28
12	allow httpd_t httpd_modules_t:dir list_dir_perms;	29	allow httpd_t httpd_modules_t:dir list_dir_perms;
		30	mmap_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
		31	read_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)