From bb478a426a0bb8679e8d7945b31c5690bcf6c6b1 Mon Sep 17 00:00:00 2001 From: Wenzong Fan Date: Tue, 2 Aug 2016 06:32:40 -0400 Subject: refpolicy-targeted: remove duplicate type rules Remove duplicate type rules from init_t to init_script_file_type, they have been included by systemd policies. This also fixes the errors while installing modules for refpolicy-targeted if systemd support is enabled: | Conflicting type rules | Binary policy creation failed at line 327 of \ .../tmp/work/qemux86-poky-linux/refpolicy-targeted/git-r0/image\ /var/lib/selinux/targeted/tmp/modules/100/init/cil | Failed to generate binary | semodule: Failed! Signed-off-by: Wenzong Fan Signed-off-by: Joe MacDonald --- ...efpolicy-remove-duplicate-type_transition.patch | 46 ++++++++++++++++++++++ .../refpolicy/refpolicy-targeted_2.20151208.bb | 1 + .../refpolicy/refpolicy-targeted_git.bb | 1 + 3 files changed, 48 insertions(+) create mode 100644 recipes-security/refpolicy/refpolicy-targeted/refpolicy-remove-duplicate-type_transition.patch diff --git a/recipes-security/refpolicy/refpolicy-targeted/refpolicy-remove-duplicate-type_transition.patch b/recipes-security/refpolicy/refpolicy-targeted/refpolicy-remove-duplicate-type_transition.patch new file mode 100644 index 0000000..b6c64c6 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy-targeted/refpolicy-remove-duplicate-type_transition.patch @@ -0,0 +1,46 @@ +From e1693b640f889818091c976a90041ea6a843fafd Mon Sep 17 00:00:00 2001 +From: Wenzong Fan +Date: Wed, 17 Feb 2016 08:35:51 -0500 +Subject: [PATCH] remove duplicate type_transition + +Remove duplicate type rules from init_t to init_script_file_type, +they have been included by systemd policies. This also fixes the +errors while installing modules for refpolicy-targeted if systemd +support is enabled: + +| Conflicting type rules +| Binary policy creation failed at line 327 of \ + .../tmp/work/qemux86-poky-linux/refpolicy-targeted/git-r0/image\ + /var/lib/selinux/targeted/tmp/modules/100/init/cil +| Failed to generate binary +| semodule: Failed! + +Upstream-Status: Inappropriate + +Signed-off-by: Wenzong Fan +--- + policy/modules/system/init.if | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if +index f50c6e1..b445886 100644 +--- a/policy/modules/system/init.if ++++ b/policy/modules/system/init.if +@@ -1307,12 +1307,12 @@ interface(`init_spec_domtrans_script',` + # + interface(`init_domtrans_script',` + gen_require(` +- type initrc_t; ++ type initrc_t, initrc_exec_t; + attribute init_script_file_type; + ') + + files_list_etc($1) +- domtrans_pattern($1, init_script_file_type, initrc_t) ++ domtrans_pattern($1, initrc_exec_t, initrc_t) + + ifdef(`enable_mcs',` + range_transition $1 init_script_file_type:process s0; +-- +1.9.1 + diff --git a/recipes-security/refpolicy/refpolicy-targeted_2.20151208.bb b/recipes-security/refpolicy/refpolicy-targeted_2.20151208.bb index b169604..f795bf7 100644 --- a/recipes-security/refpolicy/refpolicy-targeted_2.20151208.bb +++ b/recipes-security/refpolicy/refpolicy-targeted_2.20151208.bb @@ -17,4 +17,5 @@ include refpolicy_${PV}.inc SRC_URI += " \ file://refpolicy-fix-optional-issue-on-sysadm-module.patch \ file://refpolicy-unconfined_u-default-user.patch \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'file://refpolicy-remove-duplicate-type_transition.patch', '', d)} \ " diff --git a/recipes-security/refpolicy/refpolicy-targeted_git.bb b/recipes-security/refpolicy/refpolicy-targeted_git.bb index b169604..f795bf7 100644 --- a/recipes-security/refpolicy/refpolicy-targeted_git.bb +++ b/recipes-security/refpolicy/refpolicy-targeted_git.bb @@ -17,4 +17,5 @@ include refpolicy_${PV}.inc SRC_URI += " \ file://refpolicy-fix-optional-issue-on-sysadm-module.patch \ file://refpolicy-unconfined_u-default-user.patch \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'file://refpolicy-remove-duplicate-type_transition.patch', '', d)} \ " -- cgit v1.2.3-54-g00ecf