[yocto] [meta-selinux][PATCH] audit: Fix lack of a default audit.rules
Joe MacDonald
joe at deserted.net
Mon Apr 7 06:54:47 PDT 2014
[[meta-selinux][PATCH] audit: Fix lack of a default audit.rules] On 14.04.04 (Fri 18:09) Mark Hatle wrote:
> Various components were failing, and upon investigation it was noted
> that the audit.rules file referenced by the initscript wasn't available.
>
> There was however a copy under the rules.d directory. Investigating
> the audit.spec file (which in the upstream source) showed that it was
> expected that the version in the rules.d should be copied into
> /etc/audit.
It's expected that you'd actually generate the audit.rules file using
augenrules, but this is a reasonable approximation of that. :-)
> Do this and correct the systemd services file to use the same file.
Also the right thing to do here.
Merging.
-J.
>
> Signed-off-by: Mark Hatle <mark.hatle at windriver.com>
> ---
> recipes-security/audit/audit/auditd.service | 2 +-
> recipes-security/audit/audit_2.3.2.bb | 5 +++++
> 2 files changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/recipes-security/audit/audit/auditd.service b/recipes-security/audit/audit/auditd.service
> index 6daa056..adf4d3b 100644
> --- a/recipes-security/audit/audit/auditd.service
> +++ b/recipes-security/audit/audit/auditd.service
> @@ -14,7 +14,7 @@ ExecStart=/sbin/auditd -n
> ## Then copy existing rules to /etc/audit/rules.d/
> ## Not doing this last step can cause loss of existing rules
> #ExecStartPost=-/sbin/augenrules --load
> -ExecStartPost=-/sbin/auditctl -R /etc/audit/rules.d/audit.rules
> +ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
> ExecReload=/bin/kill -HUP $MAINPID
>
> [Install]
> diff --git a/recipes-security/audit/audit_2.3.2.bb b/recipes-security/audit/audit_2.3.2.bb
> index 4a9c954..ae6556f 100644
> --- a/recipes-security/audit/audit_2.3.2.bb
> +++ b/recipes-security/audit/audit_2.3.2.bb
> @@ -67,6 +67,8 @@ FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug"
> FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
> FILES_${PN}-dev += "${base_libdir}/*.so ${base_libdir}/*.la"
>
> +CONFFILES_auditd += "${sysconfdir}/audit/audit.rules"
> +
> do_install_append() {
> rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a
> rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la
> @@ -91,4 +93,7 @@ do_install_append() {
>
> chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d
> chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules
> +
> + # Based on the audit.spec "Copy default rules into place on new installation"
> + cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules
> }
--
-Joe MacDonald.
:wq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20140407/4140bf73/attachment.pgp>
More information about the yocto
mailing list