| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Add aarch64 support
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Because 'libdir' is set with ${base_libdir} in recipe file of audit,
package config files(.pc) are installed to ${base_libdir}/pkgconfig that
variable pkgconfigdir is set with ${libdir}/pkgconfig in makefile.
Set pkgconfigdir directly to install .pc files to right directory.
And remove setting of FILES_${PN}-dev which has been done in
bitbake.conf in oe-core.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
| |
Upgrade audit from 2.7.1 to 2.7.6
Signed-off-by: susanbian <bianyq@cn.fujitsu.com>
|
| |
|
|
|
|
|
|
| |
auditd.service should be packaged in 'auditd' instead
of 'audit' since the required binaries and config files
are all in 'auditd'.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
|
| |
|
|
|
|
|
| |
Added swig-native to DEPENDS
Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
Fixed:
make[4]: swig: Command not found
make[4]: *** [audit_wrap.c] Error 127
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
| |
1) Upgrade audit from 2.5 to 2.6.6.
2) Modify audit-python.patch, since the data has changed.
Signed-off-by: Wang Xin <wangxin2015.fnst@cn.fujitsu.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* rebase patch audit-python-configure.patch
* remove audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch
as it had already been applied upstream
* 2.5 includes miscellaneous enhancements and fixes:
2.5
- Make augenrules the default method to load audit rules
- Put rules in its own directory and break out rules into groups
- Have auditd do a fsync before closing log
- Make default flush setting larger
- In auparse. terminate the generated strings (Burn Alting)
- In auditd, add incremental_async flushing mode
- Clean up dangling fields in DAEMON events
- Add audit by process name support to auditctl (Richard Briggs)
- Relax permissions on systemd files
- Fix auparse to handle interlaced events (Burn Alting)
- Allow more syslog facilities in audispd-syslog (Aleksander Adamowski)
2.4.5
- Fix auditd disk flushing for data and sync modes
- Fix auditctl to not show options not supported on older OS
- Add audit.m4 file to aid adding support to other projects
- Fix C99 inline function build issue
- Add account lock and unlock event types
- Change logging loophole check to geteuid()
- Fix ausearch to not consider AUDIT_PROCTITLE events malformed (Burn Alting)
- Fix ausearch to parse FEATURE_CHANGE events
( From http://people.redhat.com/sgrubb/audit/ChangeLog )
Signed-off-by: T.O. Radzy Radzykewycz <radzy@windriver.com>
Signed-off-by: Philip Tricca <flihp@twobit.us>
|
| |
|
|
|
|
|
|
|
|
| |
* rebase patch audit-python-configure.patch
* 2.4.4 includes CVE-2015-5186 and bug fixes, detials refer to:
http://people.redhat.com/sgrubb/audit/ChangeLog
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After gcc upgraded to gcc5, and if the codes are compiled without
optimization (-O0), and the below error will happen:
auvirt.c:484: undefined reference to `copy_str'
auvirt.c:667: undefined reference to `is_resource'
collect2: error: ld returned 1 exit status
gcc5 defaults to -std=gnu11 instead of -std=gnu89, and it requires that
exactly one C source file has the callable copy of the inline function.
Consider the following program:
inline int
foo (void)
{
return 42;
}
int
main (void)
{
return foo ();
}
The program above will not link with the C99 inline semantics, because
no out-of-line function foo is generated. To fix this, either mark the
function foo as static, or add the following declaration:
static inline int foo (void);
More information refer to: https://gcc.gnu.org/gcc-5/porting_to.html
Note: using "extern inline" will fail to build with gcc4.x, so replace
inline with "static inline".
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
| |
There isn't lib/machinetabs.h any more, there isn't data structures like
"static const char machine_strings", either.
This fixed a do_patch error when arm.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
| |
update config option '--with-armeb' to '--with-arm'
for audit qa warning fix.
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Remove audit-for-cross-compiling.patch and disable-ldap.patch
since it it not needed anymore.
2) Modify audit-python-configure.patch audit-python.patch
fix-swig-host-contamination.patch,since configure.ac and
Makefile.am has been changed in 2.4.3
3) Warning Fix:
-WARNING: QA Issue: audit: configure was passed unrecognised options: --without-ldap [unknown-configure-option]
-WARNING: QA Issue: audit: Files/directories were installed but not shipped in any package
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
| |
This is to fix the following QA warning:
audit-2.3.2: auditd requires /bin/bash, but no providers in its RDEPENDS [file-rdeps]
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
| |
The audit service should be manually stopped with systemd.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Based on oe-core commit:
commit 1528e596d4906c33e4be83fcf691cfe76d340ff3
Author: Otavio Salvador <otavio@ossystems.com.br>
Date: Thu Apr 24 15:59:20 2014 -0300
Globally replace 'base_contains' calls with 'bb.utils.contains'
The base_contains is kept as a compatibility method and we ought to not
use it in OE-Core so we can remove it from base metadata in future.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Audit System Call needs kernel and user space support.
In user space it needs system call table for ARM. It also needs a
configure option --with-armeb for build audit. Audit system call also
needs enable kernel config CONFIG_AUDITSYSCALL.
Signed-off-by: Han Chao <chan@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Various components were failing, and upon investigation it was noted
that the audit.rules file referenced by the initscript wasn't available.
There was however a copy under the rules.d directory. Investigating
the audit.spec file (which in the upstream source) showed that it was
expected that the version in the rules.d should be copied into
/etc/audit.
Do this and correct the systemd services file to use the same file.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
| |
A ordinary use should not to access auditd configuration files
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
| |
Audit unit file is from https://fedorahosted.org/audit/browser/trunk/init.d/auditd.service
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
| |
This reverts commit 146bd8c6bc3bc0e9e96a8517263f28f7915b871d.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
|
| |
|
|
|
|
|
| |
Building libsemanage 2.2 need the header libaudit.h.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
The previous approach works well for modern hosts but older ones still
require the pre-gen'd header files to behave nicely in a x-compile
environment. So we generate them, patch them in and remove the bits of
the Makefile that may take it upon itself to re-gen them again.
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
| |
Refactor the audit cross compiling patch. The new patch might have some minor
host dependencies. If so, let me know!
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
|
|
| |
In policycoreutils-2.13+, restorecon changes its default behaviour,
and does not restore context if the file' type is correct, even its
mcs/mls level is incorrect.
We should force it always to restore file contexts in initscripts to
avoid issues.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
CQID: 428272
The audit build uses swig to generate a python wrapper.
Unfortunately, the swig info file references host include
directories. Some of these were previously noticed and
eliminated, but the one fixed here was not.
Signed-off-by: Anders Hedlund <anders.hedlund@windriver.com>
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Default audit Makefile will generate native executables in lib/ and
auparse/, which are named as gen_*_h and run on the hosts to create
*_tables.h/*tabs.h header files for the targets.
This is inappropriate for our cross compiling because they need
linux-libc-headers from the host.
Even worse, on some old hosts, build will fail because some .h files
in the old linux-libc-headers (<= 2.6.29) has incomplete DEFINE lists
for the audit system.
So add *tables.h/*tabs.h header files which are generated from
linux-libc-headers-3.4, and do not generate and run those native
executables.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
| |
audit admin tools and daemons should install to base_sbindir, so
they can get correct security labels after selinux restorecon
command.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
| |
CQID: WIND00397456
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Rename two packages and change files in them.
* audit-libs -> audit : main package, for libraries
* audit -> auditd : for daemon binaries
Libraries are changed to install into ${base_libdir}.
The two fixes are used to fix QA issues and fit the Debian policy.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
eglibc-2.16 splits enum __socket_type from bits/socket.h to
bits/socket_type.h, so old eglibc does not have bits/socket_type.h
We should copy it only if it exists.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
| |
We have copied some target kernel headers in 72fb6da. We may get
build failures because of missing bits/socket_type.h on some hosts,
so add it.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Just like audit_2.1.3.bb.
The executables in lib/, which are named as gen_*_h, will run on
the hosts to create *_tables.h/*tabs.h header files for the
targets.
In some old hosts, build will fail because .h files in the old
linux-libc-headers (<= 2.6.29) has incomplete DEFINE lists for
the audit system.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The recipe is derived from 2.1.3 with some changes made.
1. configuration files are updated to look for sbin binaries in /usr/sbin
2. a init.d file was derived from Debian to work with busybox's start-stop-daemon
3. the plugin package contents was fine tuned as some of the files from 2.1.3 were required
to let audit run.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The executables in lib/, which are named as gen_*_h, will run on
the hosts to create *_tables.h/*tabs.h header files for the
targets.
In some old hosts, build will fail because audit.h in the old
linux-libc-headers (<= 2.6.29) has a incomplete netlink message
list for the audit system.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
|
| | |
|
|
|
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
