[yocto] [PATCH][meta-selinux] audit: fix the permission of configuration file
Rongqing Li
rongqing.li at windriver.com
Thu Feb 20 23:42:37 PST 2014
On 02/21/2014 01:53 PM, Pascal Ouyang wrote:
> 于 14-2-20 下午8:59, rongqing.li at windriver.com 写道:
>> From: Roy Li <rongqing.li at windriver.com>
>>
>> Signed-off-by: Roy Li <rongqing.li at windriver.com>
>> ---
>> .../audit/fix-auditd.conf-file-s-permission.patch | 41
>> ++++++++++++++++++++
>> recipes-security/audit/audit_2.3.2.bb | 4 +-
>> 2 files changed, 44 insertions(+), 1 deletion(-)
>> create mode 100644
>> recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
>>
>> diff --git
>> a/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
>> b/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
>> new file mode 100644
>> index 0000000..be3412b
>> --- /dev/null
>> +++
>> b/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
>> @@ -0,0 +1,41 @@
>> +From abeb7f0e35a4e77e914fea34ddaf8b30b51e49e3 Mon Sep 17 00:00:00 2001
>> +From: Roy Li <rongqing.li at windriver.com>
>> +Date: Thu, 20 Feb 2014 20:38:31 +0800
>> +Subject: [PATCH] fix auditd.conf file and path permission
>> +
>> +Upstream-Status: Pending
>> +
>> +A ordinary use should not to access auditd configuration files
>> +
>> +Signed-off-by: Roy Li <rongqing.li at windriver.com>
>> +---
>> + init.d/Makefile.am | 8 ++++++--
>> + 1 file changed, 6 insertions(+), 2 deletions(-)
>> +
>> +diff --git a/init.d/Makefile.am b/init.d/Makefile.am
>> +index 521dd1d..50728bc 100644
>> +--- a/init.d/Makefile.am
>> ++++ b/init.d/Makefile.am
>> +@@ -37,13 +37,17 @@ endif
>> +
>> + auditdir = $(sysconfdir)/audit
>> + auditrdir = $(auditdir)/rules.d
>> +-dist_audit_DATA = auditd.conf
>> +-dist_auditr_DATA = audit.rules
>> ++auditconfig = auditd.conf
>> ++auditrconfig = audit.rules
>> + sbin_SCRIPTS = augenrules
>> +
>> + install-data-hook:
>> + $(INSTALL_DATA) -D -m 640 ${srcdir}/${dispconfig}
>> ${DESTDIR}${dispconfigdir}
>> + $(INSTALL_DATA) -D -m 640 ${srcdir}/${libconfig}
>> ${DESTDIR}${sysconfdir}
>> ++ $(INSTALL_DATA) -d -m 750 ${DESTDIR}${auditdir}
>> ++ $(INSTALL_DATA) -d -m 750 ${DESTDIR}${auditrdir}
>> ++ $(INSTALL_DATA) -m 640 ${srcdir}/${auditconfig}
>> ${DESTDIR}${auditdir}
>> ++ $(INSTALL_DATA) -m 640 ${srcdir}/${auditrconfig}
>> ${DESTDIR}${auditrdir}
>> + if ENABLE_SYSTEMD
>> + else
>> + $(INSTALL_DATA) -D -m 640 ${srcdir}/auditd.sysconfig
>> ${DESTDIR}${sysconfigdir}/auditd
>> +--
>> +1.7.10.4
>> +
>> diff --git a/recipes-security/audit/audit_2.3.2.bb
>> b/recipes-security/audit/audit_2.3.2.bb
>> index edcb881..6e376f8 100644
>> --- a/recipes-security/audit/audit_2.3.2.bb
>> +++ b/recipes-security/audit/audit_2.3.2.bb
>> @@ -14,7 +14,9 @@ SRC_URI =
>> "http://people.redhat.com/sgrubb/audit/audit-${PV}.tar.gz \
>> file://audit-python-configure.patch \
>> file://audit-for-cross-compiling.patch \
>> file://auditd \
>> - file://fix-swig-host-contamination.patch"
>> + file://fix-swig-host-contamination.patch \
>> + file://fix-auditd.conf-file-s-permission.patch \
>> +"
>>
>> inherit autotools pythonnative update-rc.d
>>
>>
>
> chmod in do_install is enough, please do not use a patch.
>
Why ?
-Roy
> Thanks. :)
>
--
Best Reagrds,
Roy | RongQing Li
More information about the yocto
mailing list