1 files changed, 0 insertions, 65 deletions
diff --git a/recipes-security/refpolicy/refpolicy-targeted/refpolicy-fix-optional-issue-on-sysadm-module.patch b/recipes-security/refpolicy/refpolicy-targeted/refpolicy-fix-optional-issue-on-sysadm-module.patch
deleted file mode 100644
index b33e84b..0000000
--- a/recipes-security/refpolicy/refpolicy-targeted/refpolicy-fix-optional-issue-on-sysadm-module.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-Subject: [PATCH] refpolicy: fix optional issue on sysadm module
-init and locallogin modules have a depend for sysadm module because
-they have called sysadm interfaces(sysadm_shell_domtrans). Since
-sysadm is not a core module, we could make the sysadm_shell_domtrans
-calls optionally by optional_policy.
-So, we could make the minimum policy without sysadm module.
-Upstream-Status: pending
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
-Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
---
- policy/modules/system/init.te       | 14 ++++++++------
- policy/modules/system/locallogin.te |  4 +++-
- 2 files changed, 11 insertions(+), 7 deletions(-)
--- a/policy/modules/system/init.te
-+++ b/policy/modules/system/init.te
-@@ -344,17 +344,19 @@ ifdef(`init_systemd',`
- 
-        optional_policy(`
-                modutils_domtrans(init_t)
-        ')
- ',`
-       tunable_policy(`init_upstart',`
-               corecmd_shell_domtrans(init_t, initrc_t)
-       ',`
-               # Run the shell in the sysadm role for single-user mode.
-               # causes problems with upstart
-               ifndef(`distro_debian',`
-                       sysadm_shell_domtrans(init_t)
-+       optional_policy(`
-+               tunable_policy(`init_upstart',`
-+                       corecmd_shell_domtrans(init_t, initrc_t)
-+               ',`
-+                       # Run the shell in the sysadm role for single-user mode.
-+                       # causes problems with upstart
-+                       ifndef(`distro_debian',`
-+                               sysadm_shell_domtrans(init_t)
-+                       ')
-                ')
-        ')
- ')
- 
- ifdef(`distro_debian',`
--- a/policy/modules/system/locallogin.te
-+++ b/policy/modules/system/locallogin.te
-@@ -260,11 +260,13 @@ seutil_read_default_contexts(sulogin_t)
- userdom_use_unpriv_users_fds(sulogin_t)
- 
- userdom_search_user_home_dirs(sulogin_t)
- userdom_use_user_ptys(sulogin_t)
- 
-sysadm_shell_domtrans(sulogin_t)
-+optional_policy(`
-+       sysadm_shell_domtrans(sulogin_t)
-+')
- 
- # by default, sulogin does not use pam...
- # sulogin_pam might need to be defined otherwise
- ifdef(`sulogin_pam', `
-        selinux_get_fs_mount(sulogin_t)

diff --git a/recipes-security/refpolicy/refpolicy-targeted/refpolicy-fix-optional-issue-on-sysadm-module.patch b/recipes-security/refpolicy/refpolicy-targeted/refpolicy-fix-optional-issue-on-sysadm-module.patch deleted file mode 100644 index b33e84b..0000000 --- a/recipes-security/refpolicy/refpolicy-targeted/refpolicy-fix-optional-issue-on-sysadm-module.patch +++ /dev/null
@@ -1,65 +0,0 @@
1	Subject: [PATCH] refpolicy: fix optional issue on sysadm module
2
3	init and locallogin modules have a depend for sysadm module because
4	they have called sysadm interfaces(sysadm_shell_domtrans). Since
5	sysadm is not a core module, we could make the sysadm_shell_domtrans
6	calls optionally by optional_policy.
7
8	So, we could make the minimum policy without sysadm module.
9
10	Upstream-Status: pending
11
12	Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
13	Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
14	Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
15	---
16	policy/modules/system/init.te \| 14 ++++++++------
17	policy/modules/system/locallogin.te \| 4 +++-
18	2 files changed, 11 insertions(+), 7 deletions(-)
19
20	--- a/policy/modules/system/init.te
21	+++ b/policy/modules/system/init.te
22	@@ -344,17 +344,19 @@ ifdef(`init_systemd',`
23
24	optional_policy(`
25	modutils_domtrans(init_t)
26	')
27	',`
28	- tunable_policy(`init_upstart',`
29	- corecmd_shell_domtrans(init_t, initrc_t)
30	- ',`
31	- # Run the shell in the sysadm role for single-user mode.
32	- # causes problems with upstart
33	- ifndef(`distro_debian',`
34	- sysadm_shell_domtrans(init_t)
35	+ optional_policy(`
36	+ tunable_policy(`init_upstart',`
37	+ corecmd_shell_domtrans(init_t, initrc_t)
38	+ ',`
39	+ # Run the shell in the sysadm role for single-user mode.
40	+ # causes problems with upstart
41	+ ifndef(`distro_debian',`
42	+ sysadm_shell_domtrans(init_t)
43	+ ')
44	')
45	')
46	')
47
48	ifdef(`distro_debian',`
49	--- a/policy/modules/system/locallogin.te
50	+++ b/policy/modules/system/locallogin.te
51	@@ -260,11 +260,13 @@ seutil_read_default_contexts(sulogin_t)
52	userdom_use_unpriv_users_fds(sulogin_t)
53
54	userdom_search_user_home_dirs(sulogin_t)
55	userdom_use_user_ptys(sulogin_t)
56
57	-sysadm_shell_domtrans(sulogin_t)
58	+optional_policy(`
59	+ sysadm_shell_domtrans(sulogin_t)
60	+')
61
62	# by default, sulogin does not use pam...
63	# sulogin_pam might need to be defined otherwise
64	ifdef(`sulogin_pam', `
65	selinux_get_fs_mount(sulogin_t)