From 2632759938613f8173ae511bf99dccf14d23ed8d Mon Sep 17 00:00:00 2001 From: Xin Ouyang Date: Mon, 21 Jan 2013 18:53:10 +0800 Subject: audit: admin tools&daemons install to base_sbindir audit admin tools and daemons should install to base_sbindir, so they can get correct security labels after selinux restorecon command. Signed-off-by: Xin Ouyang --- recipes-security/audit/audit-2.2.1/auditd | 7 +++-- .../audit/audit-2.2.1/sbin-in-usr.patch | 33 ---------------------- recipes-security/audit/audit_2.2.1.bb | 6 ++-- 3 files changed, 7 insertions(+), 39 deletions(-) delete mode 100644 recipes-security/audit/audit-2.2.1/sbin-in-usr.patch diff --git a/recipes-security/audit/audit-2.2.1/auditd b/recipes-security/audit/audit-2.2.1/auditd index cda836a..48b6990 100755 --- a/recipes-security/audit/audit-2.2.1/auditd +++ b/recipes-security/audit/audit-2.2.1/auditd @@ -18,7 +18,7 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin DESC="audit daemon" NAME=auditd -DAEMON=/usr/sbin/auditd +DAEMON=/sbin/auditd PIDFILE=/var/run/"$NAME".pid SCRIPTNAME=/etc/init.d/"$NAME" @@ -48,7 +48,7 @@ do_start() || return 2 if [ -f /etc/audit/audit.rules ] then - /usr/sbin/auditctl -R /etc/audit/audit.rules >/dev/null + /sbin/auditctl -R /etc/audit/audit.rules >/dev/null fi } @@ -71,7 +71,7 @@ do_stop() # Remove watches so shutdown works cleanly case "$AUDITD_CLEAN_STOP" in no|NO) ;; - *) /usr/sbin/auditctl -D >/dev/null ;; + *) /sbin/auditctl -D >/dev/null ;; esac return "$RETVAL" } @@ -86,6 +86,7 @@ do_reload() { if [ ! -e /var/log/audit ]; then mkdir -p /var/log/audit + [ -x /sbin/restorecon ] && /sbin/restorecon /var/log/audit fi case "$1" in diff --git a/recipes-security/audit/audit-2.2.1/sbin-in-usr.patch b/recipes-security/audit/audit-2.2.1/sbin-in-usr.patch deleted file mode 100644 index 95f98a2..0000000 --- a/recipes-security/audit/audit-2.2.1/sbin-in-usr.patch +++ /dev/null @@ -1,33 +0,0 @@ -Fix sbindir paths in config files - -Change the default PATH of apps to reflect the location of sbindir -in /usr/sbin - -Signed-off-by: Amy Fong ---- - audisp/plugins/remote/au-remote.conf | 2 +- - init.d/auditd.conf | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - ---- a/audisp/plugins/remote/au-remote.conf -+++ b/audisp/plugins/remote/au-remote.conf -@@ -5,7 +5,7 @@ - - active = no - direction = out --path = /sbin/audisp-remote -+path = /usr/sbin/audisp-remote - type = always - #args = - format = string ---- a/init.d/auditd.conf -+++ b/init.d/auditd.conf -@@ -10,7 +10,7 @@ - freq = 20 - num_logs = 5 - disp_qos = lossy --dispatcher = /sbin/audispd -+dispatcher = /usr/sbin/audispd - name_format = NONE - ##name = mydomain - max_log_file = 6 diff --git a/recipes-security/audit/audit_2.2.1.bb b/recipes-security/audit/audit_2.2.1.bb index e12c90a..4d94025 100644 --- a/recipes-security/audit/audit_2.2.1.bb +++ b/recipes-security/audit/audit_2.2.1.bb @@ -4,7 +4,7 @@ storing and searching the audit records generated by the audit subsystem \ in the Linux kernel." HOMEPAGE = "http://people.redhat.com/sgrubb/audit/" SECTION = "base" -PR = "r4" +PR = "r5" LICENSE = "GPLv2+ & LGPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" @@ -14,7 +14,6 @@ SRC_URI = "http://people.redhat.com/sgrubb/audit/audit-${PV}.tar.gz \ SRC_URI += "file://2.2.1-audit-for-cross-compiling.patch \ file://audit-python-configure.patch \ - file://sbin-in-usr.patch \ file://auditd" inherit autotools pythonnative update-rc.d @@ -35,6 +34,7 @@ EXTRA_OECONF += "--without-prelude \ --with-libcap-ng=yes \ --with-python=yes \ --libdir=${base_libdir} \ + --sbindir=${base_sbindir} \ " EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' \ @@ -52,7 +52,7 @@ PACKAGES =+ "audispd-plugins" PACKAGES += "auditd ${PN}-python" FILES_${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*" -FILES_auditd += "${bindir}/* ${sbindir}/* ${sysconfdir}/*" +FILES_auditd += "${bindir}/* ${base_sbindir}/* ${sysconfdir}/*" FILES_audispd-plugins += "${sysconfdir}/audisp/audisp-remote.conf \ ${sysconfdir}/audisp/plugins.d/au-remote.conf \ ${sbindir}/audisp-remote ${localstatedir}/spool/audit \ -- cgit v1.2.3-54-g00ecf