[yocto] [PATCH][meta-selinux] audit: fix the permission of configuration file
Pascal Ouyang
xin.ouyang at windriver.com
Thu Feb 20 21:53:04 PST 2014
于 14-2-20 下午8:59, rongqing.li at windriver.com 写道:
> From: Roy Li <rongqing.li at windriver.com>
>
> Signed-off-by: Roy Li <rongqing.li at windriver.com>
> ---
> .../audit/fix-auditd.conf-file-s-permission.patch | 41 ++++++++++++++++++++
> recipes-security/audit/audit_2.3.2.bb | 4 +-
> 2 files changed, 44 insertions(+), 1 deletion(-)
> create mode 100644 recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
>
> diff --git a/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch b/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
> new file mode 100644
> index 0000000..be3412b
> --- /dev/null
> +++ b/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
> @@ -0,0 +1,41 @@
> +From abeb7f0e35a4e77e914fea34ddaf8b30b51e49e3 Mon Sep 17 00:00:00 2001
> +From: Roy Li <rongqing.li at windriver.com>
> +Date: Thu, 20 Feb 2014 20:38:31 +0800
> +Subject: [PATCH] fix auditd.conf file and path permission
> +
> +Upstream-Status: Pending
> +
> +A ordinary use should not to access auditd configuration files
> +
> +Signed-off-by: Roy Li <rongqing.li at windriver.com>
> +---
> + init.d/Makefile.am | 8 ++++++--
> + 1 file changed, 6 insertions(+), 2 deletions(-)
> +
> +diff --git a/init.d/Makefile.am b/init.d/Makefile.am
> +index 521dd1d..50728bc 100644
> +--- a/init.d/Makefile.am
> ++++ b/init.d/Makefile.am
> +@@ -37,13 +37,17 @@ endif
> +
> + auditdir = $(sysconfdir)/audit
> + auditrdir = $(auditdir)/rules.d
> +-dist_audit_DATA = auditd.conf
> +-dist_auditr_DATA = audit.rules
> ++auditconfig = auditd.conf
> ++auditrconfig = audit.rules
> + sbin_SCRIPTS = augenrules
> +
> + install-data-hook:
> + $(INSTALL_DATA) -D -m 640 ${srcdir}/${dispconfig} ${DESTDIR}${dispconfigdir}
> + $(INSTALL_DATA) -D -m 640 ${srcdir}/${libconfig} ${DESTDIR}${sysconfdir}
> ++ $(INSTALL_DATA) -d -m 750 ${DESTDIR}${auditdir}
> ++ $(INSTALL_DATA) -d -m 750 ${DESTDIR}${auditrdir}
> ++ $(INSTALL_DATA) -m 640 ${srcdir}/${auditconfig} ${DESTDIR}${auditdir}
> ++ $(INSTALL_DATA) -m 640 ${srcdir}/${auditrconfig} ${DESTDIR}${auditrdir}
> + if ENABLE_SYSTEMD
> + else
> + $(INSTALL_DATA) -D -m 640 ${srcdir}/auditd.sysconfig ${DESTDIR}${sysconfigdir}/auditd
> +--
> +1.7.10.4
> +
> diff --git a/recipes-security/audit/audit_2.3.2.bb b/recipes-security/audit/audit_2.3.2.bb
> index edcb881..6e376f8 100644
> --- a/recipes-security/audit/audit_2.3.2.bb
> +++ b/recipes-security/audit/audit_2.3.2.bb
> @@ -14,7 +14,9 @@ SRC_URI = "http://people.redhat.com/sgrubb/audit/audit-${PV}.tar.gz \
> file://audit-python-configure.patch \
> file://audit-for-cross-compiling.patch \
> file://auditd \
> - file://fix-swig-host-contamination.patch"
> + file://fix-swig-host-contamination.patch \
> + file://fix-auditd.conf-file-s-permission.patch \
> +"
>
> inherit autotools pythonnative update-rc.d
>
>
chmod in do_install is enough, please do not use a patch.
Thanks. :)
--
- Pascal
More information about the yocto
mailing list