1 files changed, 0 insertions, 72 deletions
diff --git a/recipes-security/refpolicy/refpolicy-targeted/refpolicy-fix-optional-issue-on-sysadm-module_2.20170204.patch b/recipes-security/refpolicy/refpolicy-targeted/refpolicy-fix-optional-issue-on-sysadm-module_2.20170204.patch
deleted file mode 100644
index 3a8a95e..0000000
--- a/recipes-security/refpolicy/refpolicy-targeted/refpolicy-fix-optional-issue-on-sysadm-module_2.20170204.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-Subject: [PATCH] refpolicy: fix optional issue on sysadm module
-init and locallogin modules have a depend for sysadm module because
-they have called sysadm interfaces(sysadm_shell_domtrans). Since
-sysadm is not a core module, we could make the sysadm_shell_domtrans
-calls optionally by optional_policy.
-So, we could make the minimum policy without sysadm module.
-Upstream-Status: pending
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
-Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
---
- policy/modules/system/init.te       | 14 ++++++++------
- policy/modules/system/locallogin.te |  4 +++-
- 2 files changed, 11 insertions(+), 7 deletions(-)
--- a/policy/modules/system/init.te
-+++ b/policy/modules/system/init.te
-@@ -300,16 +300,18 @@ ifdef(`init_systemd',`
- 
-        optional_policy(`
-                modutils_domtrans_insmod(init_t)
-        ')
- ',`
-       tunable_policy(`init_upstart',`
-               corecmd_shell_domtrans(init_t, initrc_t)
-       ',`
-               # Run the shell in the sysadm role for single-user mode.
-               # causes problems with upstart
-               sysadm_shell_domtrans(init_t)
-+       optional_policy(`
-+               tunable_policy(`init_upstart',`
-+                       corecmd_shell_domtrans(init_t, initrc_t)
-+               ',`
-+                       # Run the shell in the sysadm role for single-user mode.
-+                       # causes problems with upstart
-+                       sysadm_shell_domtrans(init_t)
-+               ')
-        ')
- ')
- 
- ifdef(`distro_debian',`
-        fs_tmpfs_filetrans(init_t, initctl_t, fifo_file, "initctl")
-@@ -1109,6 +1111,6 @@ optional_policy(`
- ')
- 
- # systemd related allow rules
- allow kernel_t init_t:process dyntransition;
- allow devpts_t device_t:filesystem associate;
-allow init_t self:capability2 block_suspend;
-\ No newline at end of file
-+allow init_t self:capability2 block_suspend;
--- a/policy/modules/system/locallogin.te
-+++ b/policy/modules/system/locallogin.te
-@@ -244,11 +244,13 @@ seutil_read_default_contexts(sulogin_t)
- userdom_use_unpriv_users_fds(sulogin_t)
- 
- userdom_search_user_home_dirs(sulogin_t)
- userdom_use_user_ptys(sulogin_t)
- 
-sysadm_shell_domtrans(sulogin_t)
-+optional_policy(`
-+       sysadm_shell_domtrans(sulogin_t)
-+')
- 
- # suse and debian do not use pam with sulogin...
- ifdef(`distro_suse', `define(`sulogin_no_pam')')
- ifdef(`distro_debian', `define(`sulogin_no_pam')')
-

diff --git a/recipes-security/refpolicy/refpolicy-targeted/refpolicy-fix-optional-issue-on-sysadm-module_2.20170204.patch b/recipes-security/refpolicy/refpolicy-targeted/refpolicy-fix-optional-issue-on-sysadm-module_2.20170204.patch deleted file mode 100644 index 3a8a95e..0000000 --- a/recipes-security/refpolicy/refpolicy-targeted/refpolicy-fix-optional-issue-on-sysadm-module_2.20170204.patch +++ /dev/null
@@ -1,72 +0,0 @@
1	Subject: [PATCH] refpolicy: fix optional issue on sysadm module
2
3	init and locallogin modules have a depend for sysadm module because
4	they have called sysadm interfaces(sysadm_shell_domtrans). Since
5	sysadm is not a core module, we could make the sysadm_shell_domtrans
6	calls optionally by optional_policy.
7
8	So, we could make the minimum policy without sysadm module.
9
10	Upstream-Status: pending
11
12	Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
13	Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
14	Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
15	---
16	policy/modules/system/init.te \| 14 ++++++++------
17	policy/modules/system/locallogin.te \| 4 +++-
18	2 files changed, 11 insertions(+), 7 deletions(-)
19
20	--- a/policy/modules/system/init.te
21	+++ b/policy/modules/system/init.te
22	@@ -300,16 +300,18 @@ ifdef(`init_systemd',`
23
24	optional_policy(`
25	modutils_domtrans_insmod(init_t)
26	')
27	',`
28	- tunable_policy(`init_upstart',`
29	- corecmd_shell_domtrans(init_t, initrc_t)
30	- ',`
31	- # Run the shell in the sysadm role for single-user mode.
32	- # causes problems with upstart
33	- sysadm_shell_domtrans(init_t)
34	+ optional_policy(`
35	+ tunable_policy(`init_upstart',`
36	+ corecmd_shell_domtrans(init_t, initrc_t)
37	+ ',`
38	+ # Run the shell in the sysadm role for single-user mode.
39	+ # causes problems with upstart
40	+ sysadm_shell_domtrans(init_t)
41	+ ')
42	')
43	')
44
45	ifdef(`distro_debian',`
46	fs_tmpfs_filetrans(init_t, initctl_t, fifo_file, "initctl")
47	@@ -1109,6 +1111,6 @@ optional_policy(`
48	')
49
50	# systemd related allow rules
51	allow kernel_t init_t:process dyntransition;
52	allow devpts_t device_t:filesystem associate;
53	-allow init_t self:capability2 block_suspend;
54	\ No newline at end of file
55	+allow init_t self:capability2 block_suspend;
56	--- a/policy/modules/system/locallogin.te
57	+++ b/policy/modules/system/locallogin.te
58	@@ -244,11 +244,13 @@ seutil_read_default_contexts(sulogin_t)
59	userdom_use_unpriv_users_fds(sulogin_t)
60
61	userdom_search_user_home_dirs(sulogin_t)
62	userdom_use_user_ptys(sulogin_t)
63
64	-sysadm_shell_domtrans(sulogin_t)
65	+optional_policy(`
66	+ sysadm_shell_domtrans(sulogin_t)
67	+')
68
69	# suse and debian do not use pam with sulogin...
70	ifdef(`distro_suse', `define(`sulogin_no_pam')')
71	ifdef(`distro_debian', `define(`sulogin_no_pam')')
72