summaryrefslogtreecommitdiffstats
path: root/recipes-security/refpolicy/refpolicy-git
diff options
context:
space:
mode:
authorSajjad Ahmed <sajjad_ahmed@mentor.com>2018-01-09 16:10:12 +0500
committerJoe MacDonald <joe_macdonald@mentor.com>2018-01-19 13:06:46 -0500
commite8d39ffb15b4d78f8b95711bbb509f9afbd46c05 (patch)
treea8b1a70441cbf3da129c83cf68eb298726f4155c /recipes-security/refpolicy/refpolicy-git
parentd855c624f32c5e599bf27e06cb8f5b25b3aae12d (diff)
downloadmeta-selinux-e8d39ffb15b4d78f8b95711bbb509f9afbd46c05.tar.gz
Fix URL, update refpolicy patches and dependencies
* audit_2.7.6.bb : fix error [gzip: stdin: not in gzip format] and checksum * refpolicy-minimum_git.bb : fix [Failed to resolve typeattributeset statement], dependency for "fsadm" in init.pp * refpolicy-targeted_2.20170204.bb : added version dependent patches * patches : separate patches for release 2.20170204 version and 2.20170805+git version Signed-off-by: Sajjad Ahmed <sajjad_ahmed@mentor.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Diffstat (limited to 'recipes-security/refpolicy/refpolicy-git')
-rw-r--r--recipes-security/refpolicy/refpolicy-git/poky-fc-update-alternatives_bash.patch36
-rw-r--r--recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch29
2 files changed, 17 insertions, 48 deletions
diff --git a/recipes-security/refpolicy/refpolicy-git/poky-fc-update-alternatives_bash.patch b/recipes-security/refpolicy/refpolicy-git/poky-fc-update-alternatives_bash.patch
index e0fdba1..49136e6 100644
--- a/recipes-security/refpolicy/refpolicy-git/poky-fc-update-alternatives_bash.patch
+++ b/recipes-security/refpolicy/refpolicy-git/poky-fc-update-alternatives_bash.patch
@@ -1,24 +1,12 @@
1From 845518a6f196e6e8c49ba38791c85e17276920e1 Mon Sep 17 00:00:00 2001 1diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
2From: Mark Hatle <mark.hatle@windriver.com> 2index f2e4f51..c39912d 100644
3Date: Thu, 14 Sep 2017 15:02:23 -0500 3--- a/policy/modules/kernel/corecommands.fc
4Subject: [PATCH 3/4] fix update-alternatives for hostname 4+++ b/policy/modules/kernel/corecommands.fc
5 5@@ -141,6 +141,7 @@ ifdef(`distro_gentoo',`
6Upstream-Status: Inappropriate [only for Poky] 6 /usr/bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0)
7 7 /usr/bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0)
8Signed-off-by: Mark Hatle <mark.hatle@windriver.com> 8 /usr/bin/bash2 -- gen_context(system_u:object_r:shell_exec_t,s0)
9--- 9+/usr/bin\.bash -- gen_context(system_u:object_r:shell_exec_t,s0)
10 policy/modules/system/corecommands.fc | 1 + 10 /usr/bin/fish -- gen_context(system_u:object_r:shell_exec_t,s0)
11 1 file changed, 1 insertion(+) 11 /usr/bin/git-shell -- gen_context(system_u:object_r:shell_exec_t,s0)
12 12 /usr/bin/insmod_ksymoops_clean -- gen_context(system_u:object_r:bin_t,s0)
13Index: refpolicy/policy/modules/kernel/corecommands.fc
14===================================================================
15--- refpolicy.orig/policy/modules/kernel/corecommands.fc
16+++ refpolicy/policy/modules/kernel/corecommands.fc
17@@ -6,6 +6,7 @@
18 /bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0)
19 /bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0)
20 /bin/bash2 -- gen_context(system_u:object_r:shell_exec_t,s0)
21+/bin/bash\.bash -- gen_context(system_u:object_r:shell_exec_t,s0)
22 /bin/fish -- gen_context(system_u:object_r:shell_exec_t,s0)
23 /bin/ksh.* -- gen_context(system_u:object_r:shell_exec_t,s0)
24 /bin/mksh -- gen_context(system_u:object_r:shell_exec_t,s0)
diff --git a/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch b/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch
index fb912b5..5bd5b2e 100644
--- a/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch
+++ b/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink-apache.patch
@@ -1,31 +1,12 @@
1From ed2b0a00e2fb78056041b03c7e198e8f5adaf939 Mon Sep 17 00:00:00 2001 1diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te
2From: Xin Ouyang <Xin.Ouyang@windriver.com> 2index fcf795f..529057c 100644
3Date: Thu, 22 Aug 2013 19:36:44 +0800
4Subject: [PATCH 3/6] add rules for the symlink of /var/log - apache2
5
6We have added rules for the symlink of /var/log in logging.if,
7while apache.te uses /var/log but does not use the interfaces in
8logging.if. So still need add a individual rule for apache.te.
9
10Upstream-Status: Inappropriate [only for Poky]
11
12Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
13Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
14---
15 policy/modules/contrib/apache.te | 1 +
16 1 file changed, 1 insertion(+)
17
18--- a/policy/modules/contrib/apache.te 3--- a/policy/modules/contrib/apache.te
19+++ b/policy/modules/contrib/apache.te 4+++ b/policy/modules/contrib/apache.te
20@@ -407,10 +407,11 @@ allow httpd_t httpd_lock_t:file manage_f 5@@ -412,6 +412,7 @@ create_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
21 files_lock_filetrans(httpd_t, httpd_lock_t, { file dir }) 6 read_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
22 7 setattr_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
23 manage_dirs_pattern(httpd_t, httpd_log_t, httpd_log_t)
24 manage_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
25 read_lnk_files_pattern(httpd_t, httpd_log_t, httpd_log_t) 8 read_lnk_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
26+read_lnk_files_pattern(httpd_t, var_log_t, var_log_t) 9+read_lnk_files_pattern(httpd_t, var_log_t, var_log_t)
27 logging_log_filetrans(httpd_t, httpd_log_t, file) 10 logging_log_filetrans(httpd_t, httpd_log_t, file)
28 11
29 allow httpd_t httpd_modules_t:dir list_dir_perms; 12 allow httpd_t httpd_modules_t:dir list_dir_perms;
30 mmap_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
31 read_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-26 09:39:33 +0000