From 75e818530fc1ca0bb71cd3ee501dd69fa04a4918 Mon Sep 17 00:00:00 2001 From: Xin Ouyang Date: Tue, 27 Mar 2012 17:37:53 +0800 Subject: setools: Patch for neverallow rules. --- .../setools-neverallow-rules-all-always-fail.patch | 31 ++++++++++++++++++++++ recipes-security/setools/setools_3.3.7.bb | 1 + 2 files changed, 32 insertions(+) create mode 100644 recipes-security/setools/setools/setools-neverallow-rules-all-always-fail.patch (limited to 'recipes-security/setools') diff --git a/recipes-security/setools/setools/setools-neverallow-rules-all-always-fail.patch b/recipes-security/setools/setools/setools-neverallow-rules-all-always-fail.patch new file mode 100644 index 0000000..a165dae --- /dev/null +++ b/recipes-security/setools/setools/setools-neverallow-rules-all-always-fail.patch @@ -0,0 +1,31 @@ +From 4360fae5a6fbee9c8866573fe5a8af2fdae4944d Mon Sep 17 00:00:00 2001 +From: Xin Ouyang +Date: Fri, 9 Mar 2012 10:18:35 +0800 +Subject: [PATCH] setools: neverallow rules all always fail. + +Since we do not ship neverallow rules all always fail. +ERROR: Cannot get avrules: Neverallow rules requested but not available +ERROR: Operation not supported +--- + libqpol/src/avrule_query.c | 3 +++ + 1 files changed, 3 insertions(+), 0 deletions(-) + +diff --git a/libqpol/src/avrule_query.c b/libqpol/src/avrule_query.c +index 749565b..e7d42fc 100644 +--- a/libqpol/src/avrule_query.c ++++ b/libqpol/src/avrule_query.c +@@ -57,8 +57,11 @@ int qpol_policy_get_avrule_iter(const qpol_policy_t * policy, uint32_t rule_type + + if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) { + ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available"); ++ /* + errno = ENOTSUP; + return STATUS_ERR; ++ */ ++ return STATUS_SUCCESS; + } + + db = &policy->p->p; +-- +1.7.5.4 + diff --git a/recipes-security/setools/setools_3.3.7.bb b/recipes-security/setools/setools_3.3.7.bb index bb6dcf0..ae53fb7 100644 --- a/recipes-security/setools/setools_3.3.7.bb +++ b/recipes-security/setools/setools_3.3.7.bb @@ -15,6 +15,7 @@ SRC_URI[sha256sum] = "2bfa0918746bdcc910b16b26a51109a4ffd07404c306141ada584cb36e SRC_URI += "file://setools-Add-seinfo-and-sesearch-python-bindings.patch" SRC_URI += "file://setools-seinfo-should-exit-with-correct-errno.patch" +SRC_URI += "file://setools-neverallow-rules-all-always-fail.patch" SRC_URI += "file://setools-Fix-man-pages-and-getoptions.patch" SRC_URI += "file://setools-Fix-sepol-calls-to-work-with-latest-libsepol.patch" SRC_URI += "file://setools-Changes-to-support-named-file_trans-rules.patch" -- cgit v1.2.3-54-g00ecf