From 02348acbf654c77b67d8b3443af59b2c5b25aa77 Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Fri, 17 Mar 2023 22:11:36 +0800 Subject: refpolicy: update to latest git rev Drop 0003-refpolicy-minimum-make-dbus-module-optional.patch as the issue has been fixed upstream. Signed-off-by: Yi Zhao Signed-off-by: Joe MacDonald --- .../refpolicy/refpolicy-minimum_git.bb | 1 - ...fpolicy-minimum-make-dbus-module-optional.patch | 36 ---------------------- recipes-security/refpolicy/refpolicy_git.inc | 2 +- 3 files changed, 1 insertion(+), 38 deletions(-) delete mode 100644 recipes-security/refpolicy/refpolicy/0003-refpolicy-minimum-make-dbus-module-optional.patch diff --git a/recipes-security/refpolicy/refpolicy-minimum_git.bb b/recipes-security/refpolicy/refpolicy-minimum_git.bb index a50a4cd..67c3785 100644 --- a/recipes-security/refpolicy/refpolicy-minimum_git.bb +++ b/recipes-security/refpolicy/refpolicy-minimum_git.bb @@ -14,7 +14,6 @@ domains are unconfined. \ SRC_URI += " \ file://0001-refpolicy-minimum-make-sysadmin-module-optional.patch \ file://0002-refpolicy-minimum-make-xdg-module-optional.patch \ - file://0003-refpolicy-minimum-make-dbus-module-optional.patch \ " POLICY_NAME = "minimum" diff --git a/recipes-security/refpolicy/refpolicy/0003-refpolicy-minimum-make-dbus-module-optional.patch b/recipes-security/refpolicy/refpolicy/0003-refpolicy-minimum-make-dbus-module-optional.patch deleted file mode 100644 index d545d2a..0000000 --- a/recipes-security/refpolicy/refpolicy/0003-refpolicy-minimum-make-dbus-module-optional.patch +++ /dev/null @@ -1,36 +0,0 @@ -From e28807393f105a16528cb5304283bde0b771fc4e Mon Sep 17 00:00:00 2001 -From: Yi Zhao -Date: Wed, 9 Nov 2022 10:53:26 +0800 -Subject: [PATCH] refpolicy-minimum: make dbus module optional - -The mount module invokes interface -dbus_dontaudit_write_system_bus_runtime_named_sockets which is from dbus -module. Since dbus is not a core moudle in sysvinit system, we could -make this interface optional in mount module by optional_policy. Then we -could make the minimum policy without dbus module. - -Upstream-Status: Inappropriate [embedded specific] - -Signed-off-by: Yi Zhao ---- - policy/modules/system/mount.te | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te -index 97f49e58e..b59529a01 100644 ---- a/policy/modules/system/mount.te -+++ b/policy/modules/system/mount.te -@@ -146,7 +146,9 @@ selinux_getattr_fs(mount_t) - - userdom_use_all_users_fds(mount_t) - --dbus_dontaudit_write_system_bus_runtime_named_sockets(mount_t) -+optional_policy(` -+ dbus_dontaudit_write_system_bus_runtime_named_sockets(mount_t) -+') - - ifdef(`distro_redhat',` - optional_policy(` --- -2.25.1 - diff --git a/recipes-security/refpolicy/refpolicy_git.inc b/recipes-security/refpolicy/refpolicy_git.inc index 54e0890..af3413b 100644 --- a/recipes-security/refpolicy/refpolicy_git.inc +++ b/recipes-security/refpolicy/refpolicy_git.inc @@ -2,7 +2,7 @@ PV = "2.20221101+git${SRCPV}" SRC_URI = "git://github.com/SELinuxProject/refpolicy.git;protocol=https;branch=master;name=refpolicy;destsuffix=refpolicy" -SRCREV_refpolicy ?= "03d486e306555da161b653c88e804ce23f3a0ea4" +SRCREV_refpolicy ?= "8e8f5e3ca3e5900cad126cb8b4fadaa8adb8caac" UPSTREAM_CHECK_GITTAGREGEX = "RELEASE_(?P\d+_\d+)" -- cgit v1.2.3-54-g00ecf