[yocto] [meta-selinux][PATCH] audit: Enable ARM System Call Audit in user space.
Joe MacDonald
joe at deserted.net
Thu Apr 24 16:58:00 PDT 2014
Merged, thanks.
-J.
[[yocto] [meta-selinux][PATCH] audit: Enable ARM System Call Audit in user space.] On 14.04.24 (Thu 16:34) Kai Kang wrote:
> From: Han Chao <chan at windriver.com>
>
> Audit System Call needs kernel and user space support.
>
> In user space it needs system call table for ARM. It also needs a
> configure option --with-armeb for build audit. Audit system call also
> needs enable kernel config CONFIG_AUDITSYSCALL.
>
> Signed-off-by: Han Chao <chan at windriver.com>
> Signed-off-by: Kai Kang <kai.kang at windriver.com>
> ---
> .../audit/add-system-call-table-for-ARM.patch | 46 ++++++++++++++++++++++
> recipes-security/audit/audit_2.3.2.bb | 2 +
> 2 files changed, 48 insertions(+)
> create mode 100644 recipes-security/audit/audit/add-system-call-table-for-ARM.patch
>
> diff --git a/recipes-security/audit/audit/add-system-call-table-for-ARM.patch b/recipes-security/audit/audit/add-system-call-table-for-ARM.patch
> new file mode 100644
> index 0000000..ad94d11
> --- /dev/null
> +++ b/recipes-security/audit/audit/add-system-call-table-for-ARM.patch
> @@ -0,0 +1,46 @@
> +From 52ff74be2f01182ed9d4fcc3da059512fad63d72 Mon Sep 17 00:00:00 2001
> +From: Han Chao <chan at windriver.com>
> +Date: Thu, 27 Feb 2014 14:58:57 +0800
> +Subject: [PATCH] add system call table for ARM.
> +
> +This change enable audit system call on ARM.
> +Add arm System call table on machinetabs.h.
> +Audit system call need enable kernel config CONFIG_AUDITSYSCALL.
> +
> +Signed-off-by: Han Chao <chan at windriver.com>
> +---
> + lib/machinetabs.h | 11 ++++++-----
> + 1 file changed, 6 insertions(+), 5 deletions(-)
> +
> +diff --git a/lib/machinetabs.h b/lib/machinetabs.h
> +index ec2d033..1c2e284 100644
> +--- a/lib/machinetabs.h
> ++++ b/lib/machinetabs.h
> +@@ -1,10 +1,11 @@
> +-/* This is a generated file, see Makefile.am for its inputs. */
> +-static const char machine_strings[] = "i386\0i486\0i586\0i686\0ia64\0ppc\0ppc64\0s390\0s390x\0x86_64";
> ++/* Such is aways generated file, see Makefile.am for its inputs.
> ++ * But this version is not generated file, which is for ARM. */
> ++static const char machine_strings[] = "armeb\0armv5tejl\0armv5tel\0armv6l\0armv7l";
> + static const unsigned machine_s2i_s[] = {
> +- 0,5,10,15,20,25,29,35,40,46,
> ++ 0,6,16,25,32,
> + };
> + static const int machine_s2i_i[] = {
> +- 0,0,0,0,2,4,3,6,5,1,
> ++ 8,8,8,8,8,
> + };
> + static int machine_s2i(const char *s, int *value) {
> + size_t len, i;
> +@@ -19,7 +20,7 @@ static int machine_s2i(const char *s, int *value) {
> + }
> + }
> + static const unsigned machine_i2s_direct[] = {
> +- 0,46,20,29,25,40,35,
> ++ 39,85,59,68,64,
> + };
> + static const char *machine_i2s(int v) {
> + return i2s_direct__(machine_strings, machine_i2s_direct, 0, 6, v);
> +--
> +1.7.9.5
> +
> diff --git a/recipes-security/audit/audit_2.3.2.bb b/recipes-security/audit/audit_2.3.2.bb
> index ae6556f..4baf7a0 100644
> --- a/recipes-security/audit/audit_2.3.2.bb
> +++ b/recipes-security/audit/audit_2.3.2.bb
> @@ -18,6 +18,7 @@ SRC_URI = "http://people.redhat.com/sgrubb/audit/audit-${PV}.tar.gz \
> file://auditd.service \
> file://audit-volatile.conf \
> "
> +SRC_URI_append_arm = "file://add-system-call-table-for-ARM.patch"
>
> inherit autotools pythonnative update-rc.d systemd
>
> @@ -41,6 +42,7 @@ EXTRA_OECONF += "--without-prelude \
> --libdir=${base_libdir} \
> --sbindir=${base_sbindir} \
> "
> +EXTRA_OECONF_append_arm = " --with-armeb=yes"
>
> EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' \
> PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \
> --
> 1.8.4
>
--
-Joe MacDonald.
:wq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20140424/113198e6/attachment.pgp>
More information about the yocto
mailing list