summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--recipes-security/refpolicy/refpolicy/0014-fc-init-fix-update-alternatives-for-sysvinit.patch9
-rw-r--r--recipes-security/refpolicy/refpolicy/0039-policy-modules-system-authlogin-fix-login-errors-aft.patch12
-rw-r--r--recipes-security/refpolicy/refpolicy_git.inc2
3 files changed, 12 insertions, 11 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0014-fc-init-fix-update-alternatives-for-sysvinit.patch b/recipes-security/refpolicy/refpolicy/0014-fc-init-fix-update-alternatives-for-sysvinit.patch
index 73a0d8a..01b7cca 100644
--- a/recipes-security/refpolicy/refpolicy/0014-fc-init-fix-update-alternatives-for-sysvinit.patch
+++ b/recipes-security/refpolicy/refpolicy/0014-fc-init-fix-update-alternatives-for-sysvinit.patch
@@ -1,4 +1,4 @@
1From 8eefd8242e8b08fee6886d6bba12c4af202890d0 Mon Sep 17 00:00:00 2001 1From a733674bb530f070ce5363c0b50848d3cb4e113b Mon Sep 17 00:00:00 2001
2From: Xin Ouyang <Xin.Ouyang@windriver.com> 2From: Xin Ouyang <Xin.Ouyang@windriver.com>
3Date: Thu, 22 Aug 2013 13:37:23 +0800 3Date: Thu, 22 Aug 2013 13:37:23 +0800
4Subject: [PATCH] fc/init: fix update-alternatives for sysvinit 4Subject: [PATCH] fc/init: fix update-alternatives for sysvinit
@@ -15,16 +15,17 @@ Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
15 3 files changed, 4 insertions(+) 15 3 files changed, 4 insertions(+)
16 16
17diff --git a/policy/modules/admin/shutdown.fc b/policy/modules/admin/shutdown.fc 17diff --git a/policy/modules/admin/shutdown.fc b/policy/modules/admin/shutdown.fc
18index 89d682d36..354f4d1d9 100644 18index 2e47783c2..e359539be 100644
19--- a/policy/modules/admin/shutdown.fc 19--- a/policy/modules/admin/shutdown.fc
20+++ b/policy/modules/admin/shutdown.fc 20+++ b/policy/modules/admin/shutdown.fc
21@@ -7,5 +7,6 @@ 21@@ -7,6 +7,7 @@
22 22
23 /usr/sbin/halt -- gen_context(system_u:object_r:shutdown_exec_t,s0) 23 /usr/sbin/halt -- gen_context(system_u:object_r:shutdown_exec_t,s0)
24 /usr/sbin/shutdown -- gen_context(system_u:object_r:shutdown_exec_t,s0) 24 /usr/sbin/shutdown -- gen_context(system_u:object_r:shutdown_exec_t,s0)
25+/usr/sbin/shutdown\.sysvinit -- gen_context(system_u:object_r:shutdown_exec_t,s0) 25+/usr/sbin/shutdown\.sysvinit -- gen_context(system_u:object_r:shutdown_exec_t,s0)
26 26
27 /run/shutdown\.pid -- gen_context(system_u:object_r:shutdown_runtime_t,s0) 27 /run/shutdown\.pid -- gen_context(system_u:object_r:shutdown_runtime_t,s0)
28
28diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc 29diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
29index 7d2efef0a..9a5711a83 100644 30index 7d2efef0a..9a5711a83 100644
30--- a/policy/modules/kernel/corecommands.fc 31--- a/policy/modules/kernel/corecommands.fc
@@ -39,7 +40,7 @@ index 7d2efef0a..9a5711a83 100644
39 /usr/bin/sash -- gen_context(system_u:object_r:shell_exec_t,s0) 40 /usr/bin/sash -- gen_context(system_u:object_r:shell_exec_t,s0)
40 /usr/bin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0) 41 /usr/bin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
41diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc 42diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
42index 07b12de2e..d99767ce8 100644 43index 75c75e7d1..962f18099 100644
43--- a/policy/modules/system/init.fc 44--- a/policy/modules/system/init.fc
44+++ b/policy/modules/system/init.fc 45+++ b/policy/modules/system/init.fc
45@@ -49,6 +49,7 @@ ifdef(`distro_gentoo',` 46@@ -49,6 +49,7 @@ ifdef(`distro_gentoo',`
diff --git a/recipes-security/refpolicy/refpolicy/0039-policy-modules-system-authlogin-fix-login-errors-aft.patch b/recipes-security/refpolicy/refpolicy/0039-policy-modules-system-authlogin-fix-login-errors-aft.patch
index ab5b967..060b01b 100644
--- a/recipes-security/refpolicy/refpolicy/0039-policy-modules-system-authlogin-fix-login-errors-aft.patch
+++ b/recipes-security/refpolicy/refpolicy/0039-policy-modules-system-authlogin-fix-login-errors-aft.patch
@@ -1,4 +1,4 @@
1From b81fc26631ad56608eed244c3a07f6f9b0c7e8c7 Mon Sep 17 00:00:00 2001 1From b5dae809f2b46b82b75abcb562974212b370aa39 Mon Sep 17 00:00:00 2001
2From: Yi Zhao <yi.zhao@windriver.com> 2From: Yi Zhao <yi.zhao@windriver.com>
3Date: Fri, 8 Dec 2023 14:16:26 +0800 3Date: Fri, 8 Dec 2023 14:16:26 +0800
4Subject: [PATCH] policy/modules/system/authlogin: fix login errors after 4Subject: [PATCH] policy/modules/system/authlogin: fix login errors after
@@ -67,7 +67,7 @@ index dce1a0ea9..c55cdfc09 100644
67 auth_create_faillog_files($1_su_t) 67 auth_create_faillog_files($1_su_t)
68 auth_rw_faillog($1_su_t) 68 auth_rw_faillog($1_su_t)
69diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te 69diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
70index 3a5d1ac3e..f9d50a8d4 100644 70index 5d675bc15..2ca79e95d 100644
71--- a/policy/modules/system/authlogin.te 71--- a/policy/modules/system/authlogin.te
72+++ b/policy/modules/system/authlogin.te 72+++ b/policy/modules/system/authlogin.te
73@@ -10,7 +10,7 @@ policy_module(authlogin) 73@@ -10,7 +10,7 @@ policy_module(authlogin)
@@ -80,10 +80,10 @@ index 3a5d1ac3e..f9d50a8d4 100644
80 ## <desc> 80 ## <desc>
81 ## <p> 81 ## <p>
82diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te 82diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
83index 3eedf82c3..875f0a02f 100644 83index ebc1abc10..c6b2ec47a 100644
84--- a/policy/modules/system/selinuxutil.te 84--- a/policy/modules/system/selinuxutil.te
85+++ b/policy/modules/system/selinuxutil.te 85+++ b/policy/modules/system/selinuxutil.te
86@@ -247,6 +247,7 @@ allow newrole_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_re 86@@ -251,6 +251,7 @@ allow newrole_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_re
87 read_files_pattern(newrole_t, default_context_t, default_context_t) 87 read_files_pattern(newrole_t, default_context_t, default_context_t)
88 read_lnk_files_pattern(newrole_t, default_context_t, default_context_t) 88 read_lnk_files_pattern(newrole_t, default_context_t, default_context_t)
89 89
@@ -91,10 +91,10 @@ index 3eedf82c3..875f0a02f 100644
91 kernel_read_system_state(newrole_t) 91 kernel_read_system_state(newrole_t)
92 kernel_read_kernel_sysctls(newrole_t) 92 kernel_read_kernel_sysctls(newrole_t)
93 kernel_dontaudit_getattr_proc(newrole_t) 93 kernel_dontaudit_getattr_proc(newrole_t)
94@@ -290,6 +291,7 @@ auth_use_nsswitch(newrole_t) 94@@ -295,6 +296,7 @@ auth_run_chk_passwd(newrole_t, newrole_roles)
95 auth_run_chk_passwd(newrole_t, newrole_roles)
96 auth_run_upd_passwd(newrole_t, newrole_roles) 95 auth_run_upd_passwd(newrole_t, newrole_roles)
97 auth_rw_faillog(newrole_t) 96 auth_rw_faillog(newrole_t)
97 auth_search_faillog(newrole_t)
98+auth_read_shadow(newrole_t) 98+auth_read_shadow(newrole_t)
99 99
100 # Write to utmp. 100 # Write to utmp.
diff --git a/recipes-security/refpolicy/refpolicy_git.inc b/recipes-security/refpolicy/refpolicy_git.inc
index 322c277..ee69664 100644
--- a/recipes-security/refpolicy/refpolicy_git.inc
+++ b/recipes-security/refpolicy/refpolicy_git.inc
@@ -2,7 +2,7 @@ PV = "2.20240226+git"
2 2
3SRC_URI = "git://github.com/SELinuxProject/refpolicy.git;protocol=https;branch=main;name=refpolicy;destsuffix=refpolicy" 3SRC_URI = "git://github.com/SELinuxProject/refpolicy.git;protocol=https;branch=main;name=refpolicy;destsuffix=refpolicy"
4 4
5SRCREV_refpolicy ?= "6507eebc238b4495b1e0d3baa2bc0bb737f9819a" 5SRCREV_refpolicy ?= "c920fc5d9e626874b9af8693e5aa697200f76a12"
6 6
7UPSTREAM_CHECK_GITTAGREGEX = "RELEASE_(?P<pver>\d+_\d+)" 7UPSTREAM_CHECK_GITTAGREGEX = "RELEASE_(?P<pver>\d+_\d+)"
8 8
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-05-13 15:11:59 +0000