From f696ed04980b3818d90513fdf15ba01a07c94c15 Mon Sep 17 00:00:00 2001
From: Roy Li <rongqing.li@windriver.com>
Date: Thu, 3 Apr 2014 14:05:43 -0400
Subject: audit: fix the permission of configuration file

A ordinary use should not to access auditd configuration files

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
---
 recipes-security/audit/audit_2.3.2.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/recipes-security/audit/audit_2.3.2.bb b/recipes-security/audit/audit_2.3.2.bb
index eafcd30..4a9c954 100644
--- a/recipes-security/audit/audit_2.3.2.bb
+++ b/recipes-security/audit/audit_2.3.2.bb
@@ -88,4 +88,7 @@ do_install_append() {
 	# install systemd unit files
 	install -d ${D}${systemd_unitdir}/system
 	install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system
+
+	chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d
+	chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules
 }
-- 
cgit v1.2.3-54-g00ecf