1 files changed, 0 insertions, 81 deletions
diff --git a/recipes-security/refpolicy/refpolicy-git/poky-policy-allow-nfsd-to-exec-shell-commands.patch b/recipes-security/refpolicy/refpolicy-git/poky-policy-allow-nfsd-to-exec-shell-commands.patch
deleted file mode 100644
index a9a0a55..0000000
--- a/recipes-security/refpolicy/refpolicy-git/poky-policy-allow-nfsd-to-exec-shell-commands.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From 22cd030a8118faae37c0835eb7875e482efe5dc1 Mon Sep 17 00:00:00 2001
-From: Xin Ouyang <Xin.Ouyang@windriver.com>
-Date: Thu, 22 Aug 2013 13:37:23 +0800
-Subject: [PATCH] allow nfsd to exec shell commands.
-Upstream-Status: Inappropriate [only for Poky]
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
---
- policy/modules/contrib/rpc.te   |    2 +-
- policy/modules/kernel/kernel.if |   18 ++++++++++++++++++
- 2 files changed, 19 insertions(+), 1 deletion(-)
--- a/policy/modules/contrib/rpc.te
-+++ b/policy/modules/contrib/rpc.te
-@@ -224,11 +224,11 @@ allow nfsd_t { nfsd_rw_t nfsd_ro_t }:dir
- 
- kernel_read_network_state(nfsd_t)
- kernel_dontaudit_getattr_core_if(nfsd_t)
- kernel_setsched(nfsd_t)
- kernel_request_load_module(nfsd_t)
-# kernel_mounton_proc(nfsd_t)
-+kernel_mounton_proc(nfsd_t)
- 
- corenet_sendrecv_nfs_server_packets(nfsd_t)
- corenet_tcp_bind_nfs_port(nfsd_t)
- corenet_udp_bind_nfs_port(nfsd_t)
- 
--- a/policy/modules/kernel/kernel.if
-+++ b/policy/modules/kernel/kernel.if
-@@ -880,43 +880,42 @@ interface(`kernel_unmount_proc',`
-        allow $1 proc_t:filesystem unmount;
- ')
- 
- ########################################
- ## <summary>
-##     Get the attributes of the proc filesystem.
-+##     Mounton a proc filesystem.
- ## </summary>
- ## <param name="domain">
- ##     <summary>
- ##     Domain allowed access.
- ##     </summary>
- ## </param>
- #
-interface(`kernel_getattr_proc',`
-+interface(`kernel_mounton_proc',`
-        gen_require(`
-                type proc_t;
-        ')
- 
-       allow $1 proc_t:filesystem getattr;
-+       allow $1 proc_t:dir mounton;
- ')
- 
- ########################################
- ## <summary>
-##     Mount on proc directories.
-+##     Get the attributes of the proc filesystem.
- ## </summary>
- ## <param name="domain">
- ##     <summary>
- ##     Domain allowed access.
- ##     </summary>
- ## </param>
-## <rolecap/>
- #
-interface(`kernel_mounton_proc',`
-+interface(`kernel_getattr_proc',`
-        gen_require(`
-                type proc_t;
-        ')
- 
-       allow $1 proc_t:dir mounton;
-+       allow $1 proc_t:filesystem getattr;
- ')
- 
- ########################################
- ## <summary>
- ##     Do not audit attempts to set the

diff --git a/recipes-security/refpolicy/refpolicy-git/poky-policy-allow-nfsd-to-exec-shell-commands.patch b/recipes-security/refpolicy/refpolicy-git/poky-policy-allow-nfsd-to-exec-shell-commands.patch deleted file mode 100644 index a9a0a55..0000000 --- a/recipes-security/refpolicy/refpolicy-git/poky-policy-allow-nfsd-to-exec-shell-commands.patch +++ /dev/null
@@ -1,81 +0,0 @@
1	From 22cd030a8118faae37c0835eb7875e482efe5dc1 Mon Sep 17 00:00:00 2001
2	From: Xin Ouyang <Xin.Ouyang@windriver.com>
3	Date: Thu, 22 Aug 2013 13:37:23 +0800
4	Subject: [PATCH] allow nfsd to exec shell commands.
5
6	Upstream-Status: Inappropriate [only for Poky]
7
8	Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
9	Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
10	---
11	policy/modules/contrib/rpc.te \| 2 +-
12	policy/modules/kernel/kernel.if \| 18 ++++++++++++++++++
13	2 files changed, 19 insertions(+), 1 deletion(-)
14
15	--- a/policy/modules/contrib/rpc.te
16	+++ b/policy/modules/contrib/rpc.te
17	@@ -224,11 +224,11 @@ allow nfsd_t { nfsd_rw_t nfsd_ro_t }:dir
18
19	kernel_read_network_state(nfsd_t)
20	kernel_dontaudit_getattr_core_if(nfsd_t)
21	kernel_setsched(nfsd_t)
22	kernel_request_load_module(nfsd_t)
23	-# kernel_mounton_proc(nfsd_t)
24	+kernel_mounton_proc(nfsd_t)
25
26	corenet_sendrecv_nfs_server_packets(nfsd_t)
27	corenet_tcp_bind_nfs_port(nfsd_t)
28	corenet_udp_bind_nfs_port(nfsd_t)
29
30	--- a/policy/modules/kernel/kernel.if
31	+++ b/policy/modules/kernel/kernel.if
32	@@ -880,43 +880,42 @@ interface(`kernel_unmount_proc',`
33	allow $1 proc_t:filesystem unmount;
34	')
35
36	########################################
37	## <summary>
38	-## Get the attributes of the proc filesystem.
39	+## Mounton a proc filesystem.
40	## </summary>
41	## <param name="domain">
42	## <summary>
43	## Domain allowed access.
44	## </summary>
45	## </param>
46	#
47	-interface(`kernel_getattr_proc',`
48	+interface(`kernel_mounton_proc',`
49	gen_require(`
50	type proc_t;
51	')
52
53	- allow $1 proc_t:filesystem getattr;
54	+ allow $1 proc_t:dir mounton;
55	')
56
57	########################################
58	## <summary>
59	-## Mount on proc directories.
60	+## Get the attributes of the proc filesystem.
61	## </summary>
62	## <param name="domain">
63	## <summary>
64	## Domain allowed access.
65	## </summary>
66	## </param>
67	-## <rolecap/>
68	#
69	-interface(`kernel_mounton_proc',`
70	+interface(`kernel_getattr_proc',`
71	gen_require(`
72	type proc_t;
73	')
74
75	- allow $1 proc_t:dir mounton;
76	+ allow $1 proc_t:filesystem getattr;
77	')
78
79	########################################
80	## <summary>
81	## Do not audit attempts to set the