From bca5c611508d0d19a08fb7fc3f7810c85fcfeba5 Mon Sep 17 00:00:00 2001
From: Mark Hatle <mark.hatle@windriver.com>
Date: Thu, 14 Sep 2017 16:10:20 -0500
Subject: refpolicy: Add '/bin/bash.bash', an update-alternative to the policy

Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
---
 .../poky-fc-update-alternatives_bash.patch         | 24 ++++++++++++++++++++++
 .../poky-fc-update-alternatives_bash.patch         | 24 ++++++++++++++++++++++
 .../refpolicy/refpolicy_2.20170204.inc             |  1 +
 recipes-security/refpolicy/refpolicy_git.inc       |  1 +
 4 files changed, 50 insertions(+)
 create mode 100644 recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_bash.patch
 create mode 100644 recipes-security/refpolicy/refpolicy-git/poky-fc-update-alternatives_bash.patch

diff --git a/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_bash.patch b/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_bash.patch
new file mode 100644
index 0000000..e0fdba1
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_bash.patch
@@ -0,0 +1,24 @@
+From 845518a6f196e6e8c49ba38791c85e17276920e1 Mon Sep 17 00:00:00 2001
+From: Mark Hatle <mark.hatle@windriver.com>
+Date: Thu, 14 Sep 2017 15:02:23 -0500
+Subject: [PATCH 3/4] fix update-alternatives for hostname
+
+Upstream-Status: Inappropriate [only for Poky]
+
+Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
+---
+ policy/modules/system/corecommands.fc |    1 +
+ 1 file changed, 1 insertion(+)
+
+Index: refpolicy/policy/modules/kernel/corecommands.fc
+===================================================================
+--- refpolicy.orig/policy/modules/kernel/corecommands.fc
++++ refpolicy/policy/modules/kernel/corecommands.fc
+@@ -6,6 +6,7 @@
+ /bin/d?ash			--	gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/bash			--	gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/bash2			--	gen_context(system_u:object_r:shell_exec_t,s0)
++/bin/bash\.bash			--	gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/fish			--	gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/ksh.*			--	gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/mksh			--	gen_context(system_u:object_r:shell_exec_t,s0)
diff --git a/recipes-security/refpolicy/refpolicy-git/poky-fc-update-alternatives_bash.patch b/recipes-security/refpolicy/refpolicy-git/poky-fc-update-alternatives_bash.patch
new file mode 100644
index 0000000..e0fdba1
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy-git/poky-fc-update-alternatives_bash.patch
@@ -0,0 +1,24 @@
+From 845518a6f196e6e8c49ba38791c85e17276920e1 Mon Sep 17 00:00:00 2001
+From: Mark Hatle <mark.hatle@windriver.com>
+Date: Thu, 14 Sep 2017 15:02:23 -0500
+Subject: [PATCH 3/4] fix update-alternatives for hostname
+
+Upstream-Status: Inappropriate [only for Poky]
+
+Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
+---
+ policy/modules/system/corecommands.fc |    1 +
+ 1 file changed, 1 insertion(+)
+
+Index: refpolicy/policy/modules/kernel/corecommands.fc
+===================================================================
+--- refpolicy.orig/policy/modules/kernel/corecommands.fc
++++ refpolicy/policy/modules/kernel/corecommands.fc
+@@ -6,6 +6,7 @@
+ /bin/d?ash			--	gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/bash			--	gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/bash2			--	gen_context(system_u:object_r:shell_exec_t,s0)
++/bin/bash\.bash			--	gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/fish			--	gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/ksh.*			--	gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/mksh			--	gen_context(system_u:object_r:shell_exec_t,s0)
diff --git a/recipes-security/refpolicy/refpolicy_2.20170204.inc b/recipes-security/refpolicy/refpolicy_2.20170204.inc
index 48e6cd6..8b72cbd 100644
--- a/recipes-security/refpolicy/refpolicy_2.20170204.inc
+++ b/recipes-security/refpolicy/refpolicy_2.20170204.inc
@@ -9,6 +9,7 @@ SRC_URI += "file://poky-fc-subs_dist.patch \
             file://poky-fc-update-alternatives_sysvinit.patch \
             file://poky-fc-update-alternatives_sysklogd.patch \
             file://poky-fc-update-alternatives_hostname.patch \
+            file://poky-fc-update-alternatives_bash.patch \
             file://poky-fc-fix-real-path_resolv.conf.patch \
             file://poky-fc-fix-real-path_login.patch \
             file://poky-fc-fix-real-path_shadow.patch \
diff --git a/recipes-security/refpolicy/refpolicy_git.inc b/recipes-security/refpolicy/refpolicy_git.inc
index 9c62da3..f71eb35 100644
--- a/recipes-security/refpolicy/refpolicy_git.inc
+++ b/recipes-security/refpolicy/refpolicy_git.inc
@@ -14,6 +14,7 @@ SRC_URI += "file://poky-fc-subs_dist.patch \
             file://poky-fc-update-alternatives_sysvinit.patch \
             file://poky-fc-update-alternatives_sysklogd.patch \
             file://poky-fc-update-alternatives_hostname.patch \
+            file://poky-fc-update-alternatives_bash.patch \
             file://poky-fc-fix-real-path_resolv.conf.patch \
             file://poky-fc-fix-real-path_login.patch \
             file://poky-fc-fix-real-path_shadow.patch \
-- 
cgit v1.2.3-54-g00ecf