1 files changed, 3 insertions, 14 deletions
diff --git a/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_sysklogd.patch b/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_sysklogd.patch
index e9a0464..aa928c6 100644
--- a/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_sysklogd.patch
+++ b/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_sysklogd.patch
@@ -17,8 +17,7 @@ Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 --- a/policy/modules/system/logging.fc
 +++ b/policy/modules/system/logging.fc
-@@ -1,9 +1,10 @@
+@@ -2,6 +2,7 @@
- /dev/log               -s      gen_context(system_u:object_r:devlog_t,mls_systemhigh)
 
 /etc/rsyslog.conf              gen_context(system_u:object_r:syslog_conf_t,s0)
 /etc/syslog.conf               gen_context(system_u:object_r:syslog_conf_t,s0)
@@ -26,11 +25,7 @@ Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 /etc/audit(/.*)?               gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh)
 /etc/rc\.d/init\.d/auditd --   gen_context(system_u:object_r:auditd_initrc_exec_t,s0)
 /etc/rc\.d/init\.d/rsyslog --  gen_context(system_u:object_r:syslogd_initrc_exec_t,s0)
- 
+@@ -27,10 +28,12 @@
- /usr/bin/audispd       --      gen_context(system_u:object_r:audisp_exec_t,s0)
-@@ -27,14 +28,16 @@
- /usr/sbin/audispd      --      gen_context(system_u:object_r:audisp_exec_t,s0)
- /usr/sbin/audisp-remote        --      gen_context(system_u:object_r:audisp_remote_exec_t,s0)
 /usr/sbin/auditctl     --      gen_context(system_u:object_r:auditctl_exec_t,s0)
 /usr/sbin/auditd       --      gen_context(system_u:object_r:auditd_exec_t,s0)
 /usr/sbin/klogd                --      gen_context(system_u:object_r:klogd_exec_t,s0)
@@ -43,13 +38,9 @@ Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 /usr/sbin/syslog-ng    --      gen_context(system_u:object_r:syslogd_exec_t,s0)
 /usr/sbin/syslogd      --      gen_context(system_u:object_r:syslogd_exec_t,s0)
 
- /var/lib/misc/syslog-ng.persist-? -- gen_context(system_u:object_r:syslogd_var_lib_t,s0)
- /var/lib/syslog-ng(/.*)?       gen_context(system_u:object_r:syslogd_var_lib_t,s0)
 --- a/policy/modules/system/logging.te
 +++ b/policy/modules/system/logging.te
-@@ -390,10 +390,12 @@ allow syslogd_t self:unix_dgram_socket s
+@@ -390,6 +390,8 @@ allow syslogd_t self:udp_socket create_s
- allow syslogd_t self:fifo_file rw_fifo_file_perms;
- allow syslogd_t self:udp_socket create_socket_perms;
 allow syslogd_t self:tcp_socket create_stream_socket_perms;
 
 allow syslogd_t syslog_conf_t:file read_file_perms;
@@ -58,5 +49,3 @@ Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 
 # Create and bind to /dev/log or /var/run/log.
 allow syslogd_t devlog_t:sock_file manage_sock_file_perms;
- files_pid_filetrans(syslogd_t, devlog_t, sock_file)
- init_pid_filetrans(syslogd_t, devlog_t, sock_file, "dev-log")

diff --git a/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_sysklogd.patch b/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_sysklogd.patch index e9a0464..aa928c6 100644 --- a/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_sysklogd.patch +++ b/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_sysklogd.patch
@@ -17,8 +17,7 @@ Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
17		17
18	--- a/policy/modules/system/logging.fc	18	--- a/policy/modules/system/logging.fc
19	+++ b/policy/modules/system/logging.fc	19	+++ b/policy/modules/system/logging.fc
20	@@ -1,9 +1,10 @@	20	@@ -2,6 +2,7 @@
21	/dev/log -s gen_context(system_u:object_r:devlog_t,mls_systemhigh)
22		21
23	/etc/rsyslog.conf gen_context(system_u:object_r:syslog_conf_t,s0)	22	/etc/rsyslog.conf gen_context(system_u:object_r:syslog_conf_t,s0)
24	/etc/syslog.conf gen_context(system_u:object_r:syslog_conf_t,s0)	23	/etc/syslog.conf gen_context(system_u:object_r:syslog_conf_t,s0)
@@ -26,11 +25,7 @@ Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
26	/etc/audit(/.*)? gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh)	25	/etc/audit(/.*)? gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh)
27	/etc/rc\.d/init\.d/auditd -- gen_context(system_u:object_r:auditd_initrc_exec_t,s0)	26	/etc/rc\.d/init\.d/auditd -- gen_context(system_u:object_r:auditd_initrc_exec_t,s0)
28	/etc/rc\.d/init\.d/rsyslog -- gen_context(system_u:object_r:syslogd_initrc_exec_t,s0)	27	/etc/rc\.d/init\.d/rsyslog -- gen_context(system_u:object_r:syslogd_initrc_exec_t,s0)
29		28	@@ -27,10 +28,12 @@
30	/usr/bin/audispd -- gen_context(system_u:object_r:audisp_exec_t,s0)
31	@@ -27,14 +28,16 @@
32	/usr/sbin/audispd -- gen_context(system_u:object_r:audisp_exec_t,s0)
33	/usr/sbin/audisp-remote -- gen_context(system_u:object_r:audisp_remote_exec_t,s0)
34	/usr/sbin/auditctl -- gen_context(system_u:object_r:auditctl_exec_t,s0)	29	/usr/sbin/auditctl -- gen_context(system_u:object_r:auditctl_exec_t,s0)
35	/usr/sbin/auditd -- gen_context(system_u:object_r:auditd_exec_t,s0)	30	/usr/sbin/auditd -- gen_context(system_u:object_r:auditd_exec_t,s0)
36	/usr/sbin/klogd -- gen_context(system_u:object_r:klogd_exec_t,s0)	31	/usr/sbin/klogd -- gen_context(system_u:object_r:klogd_exec_t,s0)
@@ -43,13 +38,9 @@ Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
43	/usr/sbin/syslog-ng -- gen_context(system_u:object_r:syslogd_exec_t,s0)	38	/usr/sbin/syslog-ng -- gen_context(system_u:object_r:syslogd_exec_t,s0)
44	/usr/sbin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0)	39	/usr/sbin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0)
45		40
46	/var/lib/misc/syslog-ng.persist-? -- gen_context(system_u:object_r:syslogd_var_lib_t,s0)
47	/var/lib/syslog-ng(/.*)? gen_context(system_u:object_r:syslogd_var_lib_t,s0)
48	--- a/policy/modules/system/logging.te	41	--- a/policy/modules/system/logging.te
49	+++ b/policy/modules/system/logging.te	42	+++ b/policy/modules/system/logging.te
50	@@ -390,10 +390,12 @@ allow syslogd_t self:unix_dgram_socket s	43	@@ -390,6 +390,8 @@ allow syslogd_t self:udp_socket create_s
51	allow syslogd_t self:fifo_file rw_fifo_file_perms;
52	allow syslogd_t self:udp_socket create_socket_perms;
53	allow syslogd_t self:tcp_socket create_stream_socket_perms;	44	allow syslogd_t self:tcp_socket create_stream_socket_perms;
54		45
55	allow syslogd_t syslog_conf_t:file read_file_perms;	46	allow syslogd_t syslog_conf_t:file read_file_perms;
@@ -58,5 +49,3 @@ Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
58		49
59	# Create and bind to /dev/log or /var/run/log.	50	# Create and bind to /dev/log or /var/run/log.
60	allow syslogd_t devlog_t:sock_file manage_sock_file_perms;	51	allow syslogd_t devlog_t:sock_file manage_sock_file_perms;
61	files_pid_filetrans(syslogd_t, devlog_t, sock_file)
62	init_pid_filetrans(syslogd_t, devlog_t, sock_file, "dev-log")