[yocto] [PATCH][meta-selinux] refpolicy-targeted: remove duplicate type rules
wenzong.fan at windriver.com
wenzong.fan at windriver.com
Tue Aug 2 03:32:40 PDT 2016
From: Wenzong Fan <wenzong.fan at windriver.com>
Remove duplicate type rules from init_t to init_script_file_type,
they have been included by systemd policies. This also fixes the
errors while installing modules for refpolicy-targeted if systemd
support is enabled:
| Conflicting type rules
| Binary policy creation failed at line 327 of \
.../tmp/work/qemux86-poky-linux/refpolicy-targeted/git-r0/image\
/var/lib/selinux/targeted/tmp/modules/100/init/cil
| Failed to generate binary
| semodule: Failed!
Signed-off-by: Wenzong Fan <wenzong.fan at windriver.com>
---
...efpolicy-remove-duplicate-type_transition.patch | 46 ++++++++++++++++++++++
.../refpolicy/refpolicy-targeted_2.20151208.bb | 1 +
.../refpolicy/refpolicy-targeted_git.bb | 1 +
3 files changed, 48 insertions(+)
create mode 100644 recipes-security/refpolicy/refpolicy-targeted/refpolicy-remove-duplicate-type_transition.patch
diff --git a/recipes-security/refpolicy/refpolicy-targeted/refpolicy-remove-duplicate-type_transition.patch b/recipes-security/refpolicy/refpolicy-targeted/refpolicy-remove-duplicate-type_transition.patch
new file mode 100644
index 0000000..b6c64c6
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy-targeted/refpolicy-remove-duplicate-type_transition.patch
@@ -0,0 +1,46 @@
+From e1693b640f889818091c976a90041ea6a843fafd Mon Sep 17 00:00:00 2001
+From: Wenzong Fan <wenzong.fan at windriver.com>
+Date: Wed, 17 Feb 2016 08:35:51 -0500
+Subject: [PATCH] remove duplicate type_transition
+
+Remove duplicate type rules from init_t to init_script_file_type,
+they have been included by systemd policies. This also fixes the
+errors while installing modules for refpolicy-targeted if systemd
+support is enabled:
+
+| Conflicting type rules
+| Binary policy creation failed at line 327 of \
+ .../tmp/work/qemux86-poky-linux/refpolicy-targeted/git-r0/image\
+ /var/lib/selinux/targeted/tmp/modules/100/init/cil
+| Failed to generate binary
+| semodule: Failed!
+
+Upstream-Status: Inappropriate
+
+Signed-off-by: Wenzong Fan <wenzong.fan at windriver.com>
+---
+ policy/modules/system/init.if | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
+index f50c6e1..b445886 100644
+--- a/policy/modules/system/init.if
++++ b/policy/modules/system/init.if
+@@ -1307,12 +1307,12 @@ interface(`init_spec_domtrans_script',`
+ #
+ interface(`init_domtrans_script',`
+ gen_require(`
+- type initrc_t;
++ type initrc_t, initrc_exec_t;
+ attribute init_script_file_type;
+ ')
+
+ files_list_etc($1)
+- domtrans_pattern($1, init_script_file_type, initrc_t)
++ domtrans_pattern($1, initrc_exec_t, initrc_t)
+
+ ifdef(`enable_mcs',`
+ range_transition $1 init_script_file_type:process s0;
+--
+1.9.1
+
diff --git a/recipes-security/refpolicy/refpolicy-targeted_2.20151208.bb b/recipes-security/refpolicy/refpolicy-targeted_2.20151208.bb
index b169604..f795bf7 100644
--- a/recipes-security/refpolicy/refpolicy-targeted_2.20151208.bb
+++ b/recipes-security/refpolicy/refpolicy-targeted_2.20151208.bb
@@ -17,4 +17,5 @@ include refpolicy_${PV}.inc
SRC_URI += " \
file://refpolicy-fix-optional-issue-on-sysadm-module.patch \
file://refpolicy-unconfined_u-default-user.patch \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'file://refpolicy-remove-duplicate-type_transition.patch', '', d)} \
"
diff --git a/recipes-security/refpolicy/refpolicy-targeted_git.bb b/recipes-security/refpolicy/refpolicy-targeted_git.bb
index b169604..f795bf7 100644
--- a/recipes-security/refpolicy/refpolicy-targeted_git.bb
+++ b/recipes-security/refpolicy/refpolicy-targeted_git.bb
@@ -17,4 +17,5 @@ include refpolicy_${PV}.inc
SRC_URI += " \
file://refpolicy-fix-optional-issue-on-sysadm-module.patch \
file://refpolicy-unconfined_u-default-user.patch \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'file://refpolicy-remove-duplicate-type_transition.patch', '', d)} \
"
--
2.8.1
More information about the yocto
mailing list