From 776da889b550ac9e5be414a8cc10fd86b1923264 Mon Sep 17 00:00:00 2001 From: Joe MacDonald Date: Mon, 8 Apr 2019 13:50:40 -0400 Subject: refpolicy: update to 2.20190201 and git HEAD policies Additionally, the README has fallen out of date, update it to reflect the current reality of layer dependencies. Signed-off-by: Joe MacDonald --- ...ply-usr-bin-bash-context-to-bin-bash.bash.patch | 30 ++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 recipes-security/refpolicy/refpolicy-git/0005-fc-bash-apply-usr-bin-bash-context-to-bin-bash.bash.patch (limited to 'recipes-security/refpolicy/refpolicy-git/0005-fc-bash-apply-usr-bin-bash-context-to-bin-bash.bash.patch') diff --git a/recipes-security/refpolicy/refpolicy-git/0005-fc-bash-apply-usr-bin-bash-context-to-bin-bash.bash.patch b/recipes-security/refpolicy/refpolicy-git/0005-fc-bash-apply-usr-bin-bash-context-to-bin-bash.bash.patch new file mode 100644 index 0000000..194a474 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy-git/0005-fc-bash-apply-usr-bin-bash-context-to-bin-bash.bash.patch @@ -0,0 +1,30 @@ +From 783ba03eff9d5b94363fff148aa1c745ff02ddd4 Mon Sep 17 00:00:00 2001 +From: Joe MacDonald +Date: Thu, 28 Mar 2019 21:37:32 -0400 +Subject: [PATCH 05/34] fc/bash: apply /usr/bin/bash context to /bin/bash.bash + +We include /bin/bash.bash as a valid alias for /bin/bash, so ensure we apply +the proper context to the target for our policy. + +Upstream-Status: Inappropriate [only for Yocto] + +Signed-off-by: Joe MacDonald +--- + policy/modules/kernel/corecommands.fc | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc +index e7415cac..cf3848db 100644 +--- a/policy/modules/kernel/corecommands.fc ++++ b/policy/modules/kernel/corecommands.fc +@@ -141,6 +141,7 @@ ifdef(`distro_gentoo',` + /usr/bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0) + /usr/bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0) + /usr/bin/bash2 -- gen_context(system_u:object_r:shell_exec_t,s0) ++/usr/bin/bash.bash -- gen_context(system_u:object_r:shell_exec_t,s0) + /usr/bin/fish -- gen_context(system_u:object_r:shell_exec_t,s0) + /usr/bin/git-shell -- gen_context(system_u:object_r:shell_exec_t,s0) + /usr/bin/insmod_ksymoops_clean -- gen_context(system_u:object_r:bin_t,s0) +-- +2.19.1 + -- cgit v1.2.3-54-g00ecf