1 files changed, 0 insertions, 100 deletions
diff --git a/recipes-security/refpolicy/refpolicy-git/0018-policy-module-logging-add-rules-for-the-symlink-of-v.patch b/recipes-security/refpolicy/refpolicy-git/0018-policy-module-logging-add-rules-for-the-symlink-of-v.patch
deleted file mode 100644
index 6dca744..0000000
--- a/recipes-security/refpolicy/refpolicy-git/0018-policy-module-logging-add-rules-for-the-symlink-of-v.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From ccb0b3884513829a2ab344f1682df6ea6ff4e7de Mon Sep 17 00:00:00 2001
-From: Xin Ouyang <Xin.Ouyang@windriver.com>
-Date: Thu, 22 Aug 2013 13:37:23 +0800
-Subject: [PATCH 18/34] policy/module/logging: add rules for the symlink of
- /var/log
-/var/log is a symlink in poky, so we need allow rules for files to read
-lnk_file while doing search/list/delete/rw... in /var/log/ directory.
-Upstream-Status: Inappropriate [only for Poky]
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
---
- policy/modules/system/logging.fc | 1 +
- policy/modules/system/logging.if | 6 ++++++
- policy/modules/system/logging.te | 2 ++
- 3 files changed, 9 insertions(+)
-diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc
-index 0cf108e0..5bec7e99 100644
--- a/policy/modules/system/logging.fc
-+++ b/policy/modules/system/logging.fc
-@@ -55,6 +55,7 @@ ifdef(`distro_suse', `
- /var/dnscache/log/main(/.*)?   gen_context(system_u:object_r:var_log_t,s0)
- 
- /var/log               -d      gen_context(system_u:object_r:var_log_t,s0-mls_systemhigh)
-+/var/log               -l      gen_context(system_u:object_r:var_log_t,s0-mls_systemhigh)
- /var/log/.*                    gen_context(system_u:object_r:var_log_t,s0)
- /var/log/dmesg         --      gen_context(system_u:object_r:var_log_t,s0)
- /var/log/syslog                --      gen_context(system_u:object_r:var_log_t,s0)
-diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
-index 7b7644f7..0c7268ff 100644
--- a/policy/modules/system/logging.if
-+++ b/policy/modules/system/logging.if
-@@ -972,10 +972,12 @@ interface(`logging_append_all_inherited_logs',`
- interface(`logging_read_all_logs',`
-        gen_require(`
-                attribute logfile;
-+               type var_log_t;
-        ')
- 
-        files_search_var($1)
-        allow $1 logfile:dir list_dir_perms;
-+       allow $1 var_log_t:lnk_file read_lnk_file_perms;
-        read_files_pattern($1, logfile, logfile)
- ')
- 
-@@ -994,10 +996,12 @@ interface(`logging_read_all_logs',`
- interface(`logging_exec_all_logs',`
-        gen_require(`
-                attribute logfile;
-+               type var_log_t;
-        ')
- 
-        files_search_var($1)
-        allow $1 logfile:dir list_dir_perms;
-+       allow $1 var_log_t:lnk_file read_lnk_file_perms;
-        can_exec($1, logfile)
- ')
- 
-@@ -1099,6 +1103,7 @@ interface(`logging_read_generic_logs',`
- 
-        files_search_var($1)
-        allow $1 var_log_t:dir list_dir_perms;
-+       allow $1 var_log_t:lnk_file read_lnk_file_perms;
-        read_files_pattern($1, var_log_t, var_log_t)
- ')
- 
-@@ -1200,6 +1205,7 @@ interface(`logging_manage_generic_logs',`
- 
-        files_search_var($1)
-        manage_files_pattern($1, var_log_t, var_log_t)
-+       allow $1 var_log_t:lnk_file read_lnk_file_perms;
- ')
- 
- ########################################
-diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
-index c892f547..499a4552 100644
--- a/policy/modules/system/logging.te
-+++ b/policy/modules/system/logging.te
-@@ -161,6 +161,7 @@ manage_files_pattern(auditd_t, auditd_log_t, auditd_log_t)
- allow auditd_t auditd_log_t:dir setattr;
- manage_lnk_files_pattern(auditd_t, auditd_log_t, auditd_log_t)
- allow auditd_t var_log_t:dir search_dir_perms;
-+allow auditd_t var_log_t:lnk_file read_lnk_file_perms;
- 
- manage_files_pattern(auditd_t, auditd_var_run_t, auditd_var_run_t)
- manage_sock_files_pattern(auditd_t, auditd_var_run_t, auditd_var_run_t)
-@@ -288,6 +289,7 @@ allow audisp_remote_t self:capability { setpcap setuid };
- allow audisp_remote_t self:process { getcap setcap };
- allow audisp_remote_t self:tcp_socket create_socket_perms;
- allow audisp_remote_t var_log_t:dir search_dir_perms;
-+allow audisp_remote_t var_log_t:lnk_file read_lnk_file_perms;
- 
- manage_dirs_pattern(audisp_remote_t, audit_spool_t, audit_spool_t)
- manage_files_pattern(audisp_remote_t, audit_spool_t, audit_spool_t)
-- 
-2.19.1

diff --git a/recipes-security/refpolicy/refpolicy-git/0018-policy-module-logging-add-rules-for-the-symlink-of-v.patch b/recipes-security/refpolicy/refpolicy-git/0018-policy-module-logging-add-rules-for-the-symlink-of-v.patch deleted file mode 100644 index 6dca744..0000000 --- a/recipes-security/refpolicy/refpolicy-git/0018-policy-module-logging-add-rules-for-the-symlink-of-v.patch +++ /dev/null
@@ -1,100 +0,0 @@
1	From ccb0b3884513829a2ab344f1682df6ea6ff4e7de Mon Sep 17 00:00:00 2001
2	From: Xin Ouyang <Xin.Ouyang@windriver.com>
3	Date: Thu, 22 Aug 2013 13:37:23 +0800
4	Subject: [PATCH 18/34] policy/module/logging: add rules for the symlink of
5	/var/log
6
7	/var/log is a symlink in poky, so we need allow rules for files to read
8	lnk_file while doing search/list/delete/rw... in /var/log/ directory.
9
10	Upstream-Status: Inappropriate [only for Poky]
11
12	Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
13	Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
14	---
15	policy/modules/system/logging.fc \| 1 +
16	policy/modules/system/logging.if \| 6 ++++++
17	policy/modules/system/logging.te \| 2 ++
18	3 files changed, 9 insertions(+)
19
20	diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc
21	index 0cf108e0..5bec7e99 100644
22	--- a/policy/modules/system/logging.fc
23	+++ b/policy/modules/system/logging.fc
24	@@ -55,6 +55,7 @@ ifdef(`distro_suse', `
25	/var/dnscache/log/main(/.*)? gen_context(system_u:object_r:var_log_t,s0)
26
27	/var/log -d gen_context(system_u:object_r:var_log_t,s0-mls_systemhigh)
28	+/var/log -l gen_context(system_u:object_r:var_log_t,s0-mls_systemhigh)
29	/var/log/.* gen_context(system_u:object_r:var_log_t,s0)
30	/var/log/dmesg -- gen_context(system_u:object_r:var_log_t,s0)
31	/var/log/syslog -- gen_context(system_u:object_r:var_log_t,s0)
32	diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
33	index 7b7644f7..0c7268ff 100644
34	--- a/policy/modules/system/logging.if
35	+++ b/policy/modules/system/logging.if
36	@@ -972,10 +972,12 @@ interface(`logging_append_all_inherited_logs',`
37	interface(`logging_read_all_logs',`
38	gen_require(`
39	attribute logfile;
40	+ type var_log_t;
41	')
42
43	files_search_var($1)
44	allow $1 logfile:dir list_dir_perms;
45	+ allow $1 var_log_t:lnk_file read_lnk_file_perms;
46	read_files_pattern($1, logfile, logfile)
47	')
48
49	@@ -994,10 +996,12 @@ interface(`logging_read_all_logs',`
50	interface(`logging_exec_all_logs',`
51	gen_require(`
52	attribute logfile;
53	+ type var_log_t;
54	')
55
56	files_search_var($1)
57	allow $1 logfile:dir list_dir_perms;
58	+ allow $1 var_log_t:lnk_file read_lnk_file_perms;
59	can_exec($1, logfile)
60	')
61
62	@@ -1099,6 +1103,7 @@ interface(`logging_read_generic_logs',`
63
64	files_search_var($1)
65	allow $1 var_log_t:dir list_dir_perms;
66	+ allow $1 var_log_t:lnk_file read_lnk_file_perms;
67	read_files_pattern($1, var_log_t, var_log_t)
68	')
69
70	@@ -1200,6 +1205,7 @@ interface(`logging_manage_generic_logs',`
71
72	files_search_var($1)
73	manage_files_pattern($1, var_log_t, var_log_t)
74	+ allow $1 var_log_t:lnk_file read_lnk_file_perms;
75	')
76
77	########################################
78	diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
79	index c892f547..499a4552 100644
80	--- a/policy/modules/system/logging.te
81	+++ b/policy/modules/system/logging.te
82	@@ -161,6 +161,7 @@ manage_files_pattern(auditd_t, auditd_log_t, auditd_log_t)
83	allow auditd_t auditd_log_t:dir setattr;
84	manage_lnk_files_pattern(auditd_t, auditd_log_t, auditd_log_t)
85	allow auditd_t var_log_t:dir search_dir_perms;
86	+allow auditd_t var_log_t:lnk_file read_lnk_file_perms;
87
88	manage_files_pattern(auditd_t, auditd_var_run_t, auditd_var_run_t)
89	manage_sock_files_pattern(auditd_t, auditd_var_run_t, auditd_var_run_t)
90	@@ -288,6 +289,7 @@ allow audisp_remote_t self:capability { setpcap setuid };
91	allow audisp_remote_t self:process { getcap setcap };
92	allow audisp_remote_t self:tcp_socket create_socket_perms;
93	allow audisp_remote_t var_log_t:dir search_dir_perms;
94	+allow audisp_remote_t var_log_t:lnk_file read_lnk_file_perms;
95
96	manage_dirs_pattern(audisp_remote_t, audit_spool_t, audit_spool_t)
97	manage_files_pattern(audisp_remote_t, audit_spool_t, audit_spool_t)
98	--
99	2.19.1
100