1 files changed, 0 insertions, 88 deletions
diff --git a/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink.patch b/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink.patch
deleted file mode 100644
index 4a05a2a..0000000
--- a/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-From 03cb6534f75812f3a33ac768fe83861e0805b0e0 Mon Sep 17 00:00:00 2001
-From: Xin Ouyang <Xin.Ouyang@windriver.com>
-Date: Thu, 22 Aug 2013 13:37:23 +0800
-Subject: [PATCH 2/6] add rules for the symlink of /var/log
-/var/log is a symlink in poky, so we need allow rules for files to read
-lnk_file while doing search/list/delete/rw.. in /var/log/ directory.
-Upstream-Status: Inappropriate [only for Poky]
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
---
- policy/modules/system/logging.fc |    1 +
- policy/modules/system/logging.if |   14 +++++++++++++-
- policy/modules/system/logging.te |    1 +
- 3 files changed, 15 insertions(+), 1 deletion(-)
-Index: refpolicy/policy/modules/system/logging.fc
-===================================================================
--- refpolicy.orig/policy/modules/system/logging.fc
-+++ refpolicy/policy/modules/system/logging.fc
-@@ -53,6 +53,7 @@ ifdef(`distro_suse', `
- /var/dnscache/log/main(/.*)?   gen_context(system_u:object_r:var_log_t,s0)
- 
- /var/log               -d      gen_context(system_u:object_r:var_log_t,s0-mls_systemhigh)
-+/var/log               -l      gen_context(system_u:object_r:var_log_t,s0-mls_systemhigh)
- /var/log/.*                    gen_context(system_u:object_r:var_log_t,s0)
- /var/log/boot\.log     --      gen_context(system_u:object_r:var_log_t,mls_systemhigh)
- /var/log/messages[^/]*         gen_context(system_u:object_r:var_log_t,mls_systemhigh)
-Index: refpolicy/policy/modules/system/logging.if
-===================================================================
--- refpolicy.orig/policy/modules/system/logging.if
-+++ refpolicy/policy/modules/system/logging.if
-@@ -945,10 +945,12 @@ interface(`logging_append_all_inherited_
- interface(`logging_read_all_logs',`
-        gen_require(`
-                attribute logfile;
-+               type var_log_t;
-        ')
- 
-        files_search_var($1)
-        allow $1 logfile:dir list_dir_perms;
-+       allow $1 var_log_t:lnk_file read_lnk_file_perms;
-        read_files_pattern($1, logfile, logfile)
- ')
- 
-@@ -967,10 +969,12 @@ interface(`logging_read_all_logs',`
- interface(`logging_exec_all_logs',`
-        gen_require(`
-                attribute logfile;
-+               type var_log_t;
-        ')
- 
-        files_search_var($1)
-        allow $1 logfile:dir list_dir_perms;
-+       allow $1 var_log_t:lnk_file read_lnk_file_perms;
-        can_exec($1, logfile)
- ')
- 
-@@ -1072,6 +1076,7 @@ interface(`logging_read_generic_logs',`
- 
-        files_search_var($1)
-        allow $1 var_log_t:dir list_dir_perms;
-+       allow $1 var_log_t:lnk_file read_lnk_file_perms;
-        read_files_pattern($1, var_log_t, var_log_t)
- ')
- 
-@@ -1173,6 +1178,7 @@ interface(`logging_manage_generic_logs',
- 
-        files_search_var($1)
-        manage_files_pattern($1, var_log_t, var_log_t)
-+       allow $1 var_log_t:lnk_file read_lnk_file_perms;
- ')
- 
- ########################################
-Index: refpolicy/policy/modules/system/logging.te
-===================================================================
--- refpolicy.orig/policy/modules/system/logging.te
-+++ refpolicy/policy/modules/system/logging.te
-@@ -159,6 +159,7 @@ manage_files_pattern(auditd_t, auditd_lo
- allow auditd_t auditd_log_t:dir setattr;
- manage_lnk_files_pattern(auditd_t, auditd_log_t, auditd_log_t)
- allow auditd_t var_log_t:dir search_dir_perms;
-+allow auditd_t var_log_t:lnk_file read_lnk_file_perms;
- 
- manage_files_pattern(auditd_t, auditd_var_run_t, auditd_var_run_t)
- manage_sock_files_pattern(auditd_t, auditd_var_run_t, auditd_var_run_t)

diff --git a/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink.patch b/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink.patch deleted file mode 100644 index 4a05a2a..0000000 --- a/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-log-symlink.patch +++ /dev/null
@@ -1,88 +0,0 @@
1	From 03cb6534f75812f3a33ac768fe83861e0805b0e0 Mon Sep 17 00:00:00 2001
2	From: Xin Ouyang <Xin.Ouyang@windriver.com>
3	Date: Thu, 22 Aug 2013 13:37:23 +0800
4	Subject: [PATCH 2/6] add rules for the symlink of /var/log
5
6	/var/log is a symlink in poky, so we need allow rules for files to read
7	lnk_file while doing search/list/delete/rw.. in /var/log/ directory.
8
9	Upstream-Status: Inappropriate [only for Poky]
10
11	Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
12	Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
13	---
14	policy/modules/system/logging.fc \| 1 +
15	policy/modules/system/logging.if \| 14 +++++++++++++-
16	policy/modules/system/logging.te \| 1 +
17	3 files changed, 15 insertions(+), 1 deletion(-)
18
19	Index: refpolicy/policy/modules/system/logging.fc
20	===================================================================
21	--- refpolicy.orig/policy/modules/system/logging.fc
22	+++ refpolicy/policy/modules/system/logging.fc
23	@@ -53,6 +53,7 @@ ifdef(`distro_suse', `
24	/var/dnscache/log/main(/.*)? gen_context(system_u:object_r:var_log_t,s0)
25
26	/var/log -d gen_context(system_u:object_r:var_log_t,s0-mls_systemhigh)
27	+/var/log -l gen_context(system_u:object_r:var_log_t,s0-mls_systemhigh)
28	/var/log/.* gen_context(system_u:object_r:var_log_t,s0)
29	/var/log/boot\.log -- gen_context(system_u:object_r:var_log_t,mls_systemhigh)
30	/var/log/messages[^/]* gen_context(system_u:object_r:var_log_t,mls_systemhigh)
31	Index: refpolicy/policy/modules/system/logging.if
32	===================================================================
33	--- refpolicy.orig/policy/modules/system/logging.if
34	+++ refpolicy/policy/modules/system/logging.if
35	@@ -945,10 +945,12 @@ interface(`logging_append_all_inherited_
36	interface(`logging_read_all_logs',`
37	gen_require(`
38	attribute logfile;
39	+ type var_log_t;
40	')
41
42	files_search_var($1)
43	allow $1 logfile:dir list_dir_perms;
44	+ allow $1 var_log_t:lnk_file read_lnk_file_perms;
45	read_files_pattern($1, logfile, logfile)
46	')
47
48	@@ -967,10 +969,12 @@ interface(`logging_read_all_logs',`
49	interface(`logging_exec_all_logs',`
50	gen_require(`
51	attribute logfile;
52	+ type var_log_t;
53	')
54
55	files_search_var($1)
56	allow $1 logfile:dir list_dir_perms;
57	+ allow $1 var_log_t:lnk_file read_lnk_file_perms;
58	can_exec($1, logfile)
59	')
60
61	@@ -1072,6 +1076,7 @@ interface(`logging_read_generic_logs',`
62
63	files_search_var($1)
64	allow $1 var_log_t:dir list_dir_perms;
65	+ allow $1 var_log_t:lnk_file read_lnk_file_perms;
66	read_files_pattern($1, var_log_t, var_log_t)
67	')
68
69	@@ -1173,6 +1178,7 @@ interface(`logging_manage_generic_logs',
70
71	files_search_var($1)
72	manage_files_pattern($1, var_log_t, var_log_t)
73	+ allow $1 var_log_t:lnk_file read_lnk_file_perms;
74	')
75
76	########################################
77	Index: refpolicy/policy/modules/system/logging.te
78	===================================================================
79	--- refpolicy.orig/policy/modules/system/logging.te
80	+++ refpolicy/policy/modules/system/logging.te
81	@@ -159,6 +159,7 @@ manage_files_pattern(auditd_t, auditd_lo
82	allow auditd_t auditd_log_t:dir setattr;
83	manage_lnk_files_pattern(auditd_t, auditd_log_t, auditd_log_t)
84	allow auditd_t var_log_t:dir search_dir_perms;
85	+allow auditd_t var_log_t:lnk_file read_lnk_file_perms;
86
87	manage_files_pattern(auditd_t, auditd_var_run_t, auditd_var_run_t)
88	manage_sock_files_pattern(auditd_t, auditd_var_run_t, auditd_var_run_t)