1 files changed, 0 insertions, 62 deletions
diff --git a/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_sysklogd.patch b/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_sysklogd.patch
deleted file mode 100644
index e9a0464..0000000
--- a/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_sysklogd.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 4964fa5593349916d8f5c69edb0b16f611586098 Mon Sep 17 00:00:00 2001
-From: Xin Ouyang <Xin.Ouyang@windriver.com>
-Date: Thu, 22 Aug 2013 13:39:41 +0800
-Subject: [PATCH 2/4] fix update-alternatives for sysklogd
-/etc/syslog.conf is a symlink to /etc/syslog.conf.sysklogd, so a allow rule
-for syslogd_t to read syslog_conf_t lnk_file is needed.
-Upstream-Status: Inappropriate [only for Poky]
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
---
- policy/modules/system/logging.fc |    3 +++
- policy/modules/system/logging.te |    2 ++
- 2 files changed, 5 insertions(+)
--- a/policy/modules/system/logging.fc
-+++ b/policy/modules/system/logging.fc
-@@ -1,9 +1,10 @@
- /dev/log               -s      gen_context(system_u:object_r:devlog_t,mls_systemhigh)
- 
- /etc/rsyslog.conf              gen_context(system_u:object_r:syslog_conf_t,s0)
- /etc/syslog.conf               gen_context(system_u:object_r:syslog_conf_t,s0)
-+/etc/syslog.conf\.sysklogd     gen_context(system_u:object_r:syslog_conf_t,s0)
- /etc/audit(/.*)?               gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh)
- /etc/rc\.d/init\.d/auditd --   gen_context(system_u:object_r:auditd_initrc_exec_t,s0)
- /etc/rc\.d/init\.d/rsyslog --  gen_context(system_u:object_r:syslogd_initrc_exec_t,s0)
- 
- /usr/bin/audispd       --      gen_context(system_u:object_r:audisp_exec_t,s0)
-@@ -27,14 +28,16 @@
- /usr/sbin/audispd      --      gen_context(system_u:object_r:audisp_exec_t,s0)
- /usr/sbin/audisp-remote        --      gen_context(system_u:object_r:audisp_remote_exec_t,s0)
- /usr/sbin/auditctl     --      gen_context(system_u:object_r:auditctl_exec_t,s0)
- /usr/sbin/auditd       --      gen_context(system_u:object_r:auditd_exec_t,s0)
- /usr/sbin/klogd                --      gen_context(system_u:object_r:klogd_exec_t,s0)
-+/usr/sbin/klogd\.sysklogd      --      gen_context(system_u:object_r:klogd_exec_t,s0)
- /usr/sbin/metalog      --      gen_context(system_u:object_r:syslogd_exec_t,s0)
- /usr/sbin/minilogd     --      gen_context(system_u:object_r:syslogd_exec_t,s0)
- /usr/sbin/rklogd       --      gen_context(system_u:object_r:klogd_exec_t,s0)
- /usr/sbin/rsyslogd     --      gen_context(system_u:object_r:syslogd_exec_t,s0)
-+/usr/sbin/syslogd\.sysklogd    --      gen_context(system_u:object_r:syslogd_exec_t,s0)
- /usr/sbin/syslog-ng    --      gen_context(system_u:object_r:syslogd_exec_t,s0)
- /usr/sbin/syslogd      --      gen_context(system_u:object_r:syslogd_exec_t,s0)
- 
- /var/lib/misc/syslog-ng.persist-? -- gen_context(system_u:object_r:syslogd_var_lib_t,s0)
- /var/lib/syslog-ng(/.*)?       gen_context(system_u:object_r:syslogd_var_lib_t,s0)
--- a/policy/modules/system/logging.te
-+++ b/policy/modules/system/logging.te
-@@ -390,10 +390,12 @@ allow syslogd_t self:unix_dgram_socket s
- allow syslogd_t self:fifo_file rw_fifo_file_perms;
- allow syslogd_t self:udp_socket create_socket_perms;
- allow syslogd_t self:tcp_socket create_stream_socket_perms;
- 
- allow syslogd_t syslog_conf_t:file read_file_perms;
-+allow syslogd_t syslog_conf_t:lnk_file read_file_perms;
-+allow syslogd_t syslog_conf_t:dir list_dir_perms;
- 
- # Create and bind to /dev/log or /var/run/log.
- allow syslogd_t devlog_t:sock_file manage_sock_file_perms;
- files_pid_filetrans(syslogd_t, devlog_t, sock_file)
- init_pid_filetrans(syslogd_t, devlog_t, sock_file, "dev-log")

diff --git a/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_sysklogd.patch b/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_sysklogd.patch deleted file mode 100644 index e9a0464..0000000 --- a/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_sysklogd.patch +++ /dev/null
@@ -1,62 +0,0 @@
1	From 4964fa5593349916d8f5c69edb0b16f611586098 Mon Sep 17 00:00:00 2001
2	From: Xin Ouyang <Xin.Ouyang@windriver.com>
3	Date: Thu, 22 Aug 2013 13:39:41 +0800
4	Subject: [PATCH 2/4] fix update-alternatives for sysklogd
5
6	/etc/syslog.conf is a symlink to /etc/syslog.conf.sysklogd, so a allow rule
7	for syslogd_t to read syslog_conf_t lnk_file is needed.
8
9	Upstream-Status: Inappropriate [only for Poky]
10
11	Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
12	Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
13	---
14	policy/modules/system/logging.fc \| 3 +++
15	policy/modules/system/logging.te \| 2 ++
16	2 files changed, 5 insertions(+)
17
18	--- a/policy/modules/system/logging.fc
19	+++ b/policy/modules/system/logging.fc
20	@@ -1,9 +1,10 @@
21	/dev/log -s gen_context(system_u:object_r:devlog_t,mls_systemhigh)
22
23	/etc/rsyslog.conf gen_context(system_u:object_r:syslog_conf_t,s0)
24	/etc/syslog.conf gen_context(system_u:object_r:syslog_conf_t,s0)
25	+/etc/syslog.conf\.sysklogd gen_context(system_u:object_r:syslog_conf_t,s0)
26	/etc/audit(/.*)? gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh)
27	/etc/rc\.d/init\.d/auditd -- gen_context(system_u:object_r:auditd_initrc_exec_t,s0)
28	/etc/rc\.d/init\.d/rsyslog -- gen_context(system_u:object_r:syslogd_initrc_exec_t,s0)
29
30	/usr/bin/audispd -- gen_context(system_u:object_r:audisp_exec_t,s0)
31	@@ -27,14 +28,16 @@
32	/usr/sbin/audispd -- gen_context(system_u:object_r:audisp_exec_t,s0)
33	/usr/sbin/audisp-remote -- gen_context(system_u:object_r:audisp_remote_exec_t,s0)
34	/usr/sbin/auditctl -- gen_context(system_u:object_r:auditctl_exec_t,s0)
35	/usr/sbin/auditd -- gen_context(system_u:object_r:auditd_exec_t,s0)
36	/usr/sbin/klogd -- gen_context(system_u:object_r:klogd_exec_t,s0)
37	+/usr/sbin/klogd\.sysklogd -- gen_context(system_u:object_r:klogd_exec_t,s0)
38	/usr/sbin/metalog -- gen_context(system_u:object_r:syslogd_exec_t,s0)
39	/usr/sbin/minilogd -- gen_context(system_u:object_r:syslogd_exec_t,s0)
40	/usr/sbin/rklogd -- gen_context(system_u:object_r:klogd_exec_t,s0)
41	/usr/sbin/rsyslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0)
42	+/usr/sbin/syslogd\.sysklogd -- gen_context(system_u:object_r:syslogd_exec_t,s0)
43	/usr/sbin/syslog-ng -- gen_context(system_u:object_r:syslogd_exec_t,s0)
44	/usr/sbin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0)
45
46	/var/lib/misc/syslog-ng.persist-? -- gen_context(system_u:object_r:syslogd_var_lib_t,s0)
47	/var/lib/syslog-ng(/.*)? gen_context(system_u:object_r:syslogd_var_lib_t,s0)
48	--- a/policy/modules/system/logging.te
49	+++ b/policy/modules/system/logging.te
50	@@ -390,10 +390,12 @@ allow syslogd_t self:unix_dgram_socket s
51	allow syslogd_t self:fifo_file rw_fifo_file_perms;
52	allow syslogd_t self:udp_socket create_socket_perms;
53	allow syslogd_t self:tcp_socket create_stream_socket_perms;
54
55	allow syslogd_t syslog_conf_t:file read_file_perms;
56	+allow syslogd_t syslog_conf_t:lnk_file read_file_perms;
57	+allow syslogd_t syslog_conf_t:dir list_dir_perms;
58
59	# Create and bind to /dev/log or /var/run/log.
60	allow syslogd_t devlog_t:sock_file manage_sock_file_perms;
61	files_pid_filetrans(syslogd_t, devlog_t, sock_file)
62	init_pid_filetrans(syslogd_t, devlog_t, sock_file, "dev-log")