From b0f4055b7029bf5181f699c16c52fb88b50f51ec Mon Sep 17 00:00:00 2001 From: Xin Ouyang Date: Thu, 17 Jan 2013 20:50:42 +0800 Subject: refpolicy: file contexts for alternatives of shadow CQID: WIND00399962 Signed-off-by: Xin Ouyang --- .../poky-fc-fix-real-path_shadow.patch | 34 ++++++++++++++++++++++ .../refpolicy/refpolicy_2.20120725.inc | 1 + recipes-security/refpolicy/refpolicy_common.inc | 2 +- 3 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-real-path_shadow.patch diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-real-path_shadow.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-real-path_shadow.patch new file mode 100644 index 0000000..29ac2c3 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy-2.20120725/poky-fc-fix-real-path_shadow.patch @@ -0,0 +1,34 @@ +Subject: [PATCH] fix real path for shadow commands. + +Upstream-Status: Inappropriate [only for Poky] + +Signed-off-by: Xin Ouyang +--- + policy/modules/admin/usermanage.fc | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/policy/modules/admin/usermanage.fc b/policy/modules/admin/usermanage.fc +index f82f0ce..841ba9b 100644 +--- a/policy/modules/admin/usermanage.fc ++++ b/policy/modules/admin/usermanage.fc +@@ -4,11 +4,17 @@ ifdef(`distro_gentoo',` + + /usr/bin/chage -- gen_context(system_u:object_r:passwd_exec_t,s0) + /usr/bin/chfn -- gen_context(system_u:object_r:chfn_exec_t,s0) ++/usr/bin/chfn\.shadow -- gen_context(system_u:object_r:chfn_exec_t,s0) + /usr/bin/chsh -- gen_context(system_u:object_r:chfn_exec_t,s0) ++/usr/bin/chsh\.shadow -- gen_context(system_u:object_r:chfn_exec_t,s0) + /usr/bin/gpasswd -- gen_context(system_u:object_r:groupadd_exec_t,s0) + /usr/bin/passwd -- gen_context(system_u:object_r:passwd_exec_t,s0) ++/usr/bin/passwd\.shadow -- gen_context(system_u:object_r:passwd_exec_t,s0) ++/usr/bin/passwd\.tinylogin -- gen_context(system_u:object_r:passwd_exec_t,s0) + /usr/bin/vigr -- gen_context(system_u:object_r:admin_passwd_exec_t,s0) ++/sbin/vigr\.shadow -- gen_context(system_u:object_r:admin_passwd_exec_t,s0) + /usr/bin/vipw -- gen_context(system_u:object_r:admin_passwd_exec_t,s0) ++/sbin/vipw\.shadow -- gen_context(system_u:object_r:admin_passwd_exec_t,s0) + + /usr/lib/cracklib_dict.* -- gen_context(system_u:object_r:crack_db_t,s0) + +-- +1.7.9.5 + diff --git a/recipes-security/refpolicy/refpolicy_2.20120725.inc b/recipes-security/refpolicy/refpolicy_2.20120725.inc index 57f2046..ec8b5bf 100644 --- a/recipes-security/refpolicy/refpolicy_2.20120725.inc +++ b/recipes-security/refpolicy/refpolicy_2.20120725.inc @@ -13,6 +13,7 @@ SRC_URI += "file://poky-fc-subs_dist.patch \ file://poky-fc-fix-prefix-path_rpc.patch \ file://poky-fc-fix-real-path_resolv.conf.patch \ file://poky-fc-fix-real-path_login.patch \ + file://poky-fc-fix-real-path_shadow.patch \ " # Specific policy for Poky diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc index cb72b21..7441cd1 100644 --- a/recipes-security/refpolicy/refpolicy_common.inc +++ b/recipes-security/refpolicy/refpolicy_common.inc @@ -1,4 +1,4 @@ -PRINC = "1" +PRINC = "2" SECTION = "base" LICENSE = "GPLv2" -- cgit v1.2.3-54-g00ecf