[yocto] [meta-selinux][PATCH] audit: upgrade 2.4.4 -> 2.5
Philip Tricca
flihp at twobit.us
Sun Mar 6 15:38:18 PST 2016
Tested this today and it works as expected: thanks!
This leaves the same PR value as the previous version. The OE style
guide thinks PR should be removed when PV changes. Since we're going
from 2.4.4 -> 2.5 this makes me think that since PV changes PR should be
removed. I've never given this much thought in the past so I had to look
it up and may have misunderstood the docs. Is removing PR like this
correct or should it be left as is?
Thanks,
Philip
On 02/29/2016 02:50 PM, T.O. Radzy Radzykewycz wrote:
> * rebase patch audit-python-configure.patch
>
> * remove audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch
> as it had already been applied upstream
>
> * 2.5 includes miscellaneous enhancements and fixes:
>
> 2.5
> - Make augenrules the default method to load audit rules
> - Put rules in its own directory and break out rules into groups
> - Have auditd do a fsync before closing log
> - Make default flush setting larger
> - In auparse. terminate the generated strings (Burn Alting)
> - In auditd, add incremental_async flushing mode
> - Clean up dangling fields in DAEMON events
> - Add audit by process name support to auditctl (Richard Briggs)
> - Relax permissions on systemd files
> - Fix auparse to handle interlaced events (Burn Alting)
> - Allow more syslog facilities in audispd-syslog (Aleksander Adamowski)
>
> 2.4.5
> - Fix auditd disk flushing for data and sync modes
> - Fix auditctl to not show options not supported on older OS
> - Add audit.m4 file to aid adding support to other projects
> - Fix C99 inline function build issue
> - Add account lock and unlock event types
> - Change logging loophole check to geteuid()
> - Fix ausearch to not consider AUDIT_PROCTITLE events malformed (Burn Alting)
> - Fix ausearch to parse FEATURE_CHANGE events
>
> ( From http://people.redhat.com/sgrubb/audit/ChangeLog )
>
> Signed-off-by: T.O. Radzy Radzykewycz <radzy at windriver.com>
> ---
> ...et-inline-functions-work-with-gnu89-gnu11.patch | 71 --------------
> .../audit/audit/audit-python-configure.patch | 3 +-
> recipes-security/audit/audit_2.4.4.bb | 100 --------------------
> recipes-security/audit/audit_2.5.bb | 104 +++++++++++++++++++++
> 4 files changed, 106 insertions(+), 172 deletions(-)
> delete mode 100644 recipes-security/audit/audit/audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch
> delete mode 100644 recipes-security/audit/audit_2.4.4.bb
> create mode 100644 recipes-security/audit/audit_2.5.bb
>
> diff --git a/recipes-security/audit/audit/audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch b/recipes-security/audit/audit/audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch
> deleted file mode 100644
> index 578cfc1dc476..000000000000
> --- a/recipes-security/audit/audit/audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch
> +++ /dev/null
> @@ -1,71 +0,0 @@
> -From 15036dd4fa9eb209f5e148c6f7ee081f5ca78fa4 Mon Sep 17 00:00:00 2001
> -From: Wenzong Fan <wenzong.fan at windriver.com>
> -Date: Fri, 11 Sep 2015 03:37:13 -0400
> -Subject: [PATCH] audit/auvirt: get inline functions work with both gnu89 & gnu11
> -
> -After gcc upgraded to gcc5, and if the codes are compiled without
> -optimization (-O0), and the below error will happen:
> -
> - auvirt.c:484: undefined reference to `copy_str'
> - auvirt.c:667: undefined reference to `is_resource'
> - collect2: error: ld returned 1 exit status
> -
> -gcc5 defaults to -std=gnu11 instead of -std=gnu89, and it requires that
> -exactly one C source file has the callable copy of the inline function.
> -Consider the following program:
> -
> - inline int
> - foo (void)
> - {
> - return 42;
> - }
> -
> - int
> - main (void)
> - {
> - return foo ();
> - }
> -
> -The program above will not link with the C99 inline semantics, because
> -no out-of-line function foo is generated. To fix this, either mark the
> -function foo as static, or add the following declaration:
> -
> - static inline int foo (void);
> -
> -More information refer to: https://gcc.gnu.org/gcc-5/porting_to.html
> -
> -Note: using "extern inline" will fail to build with gcc4.x, so replace
> -inline with "static inline".
> -
> -Upstream-Status: Pending
> -
> -Signed-off-by: Wenzong Fan <wenzong.fan at windriver.com>
> ----
> - tools/auvirt/auvirt.c | 4 ++--
> - 1 file changed, 2 insertions(+), 2 deletions(-)
> -
> -diff --git a/tools/auvirt/auvirt.c b/tools/auvirt/auvirt.c
> -index 655c454..b16d718 100644
> ---- a/tools/auvirt/auvirt.c
> -+++ b/tools/auvirt/auvirt.c
> -@@ -138,7 +138,7 @@ void event_free(struct event *event)
> - }
> - }
> -
> --inline char *copy_str(const char *str)
> -+static inline char *copy_str(const char *str)
> - {
> - return (str) ? strdup(str) : NULL;
> - }
> -@@ -650,7 +650,7 @@ int process_control_event(auparse_state_t *au)
> - return 0;
> - }
> -
> --inline int is_resource(const char *res)
> -+static inline int is_resource(const char *res)
> - {
> - if (res == NULL ||
> - res[0] == '\0' ||
> ---
> -1.9.1
> -
> diff --git a/recipes-security/audit/audit/audit-python-configure.patch b/recipes-security/audit/audit/audit-python-configure.patch
> index b47cf5d2d968..cb62ec3022bb 100644
> --- a/recipes-security/audit/audit/audit-python-configure.patch
> +++ b/recipes-security/audit/audit/audit-python-configure.patch
> @@ -8,6 +8,7 @@ Upstream-Status: pending
> Signed-off-by: Xin Ouyang <Xin.Ouyang at windriver.com>
> Signed-off-by: Li Xin <lixin.fnst at cn.fujitsu.com>
> Signed-off-by: Wenzong Fan <wenzong.fan at windriver.com>
> +Signed-off-by: T.O. Radzy Radzykewycz <radzy at windriver.com>
> ---
> configure.ac | 17 ++---------------
> 1 file changed, 2 insertions(+), 15 deletions(-)
> @@ -29,7 +30,7 @@ index 1f48cb4..cdb5219 100644
> - AC_MSG_NOTICE(Python bindings will be built)
> -else
> - python_found="no"
> -- if test x$use_python = xyes ; then
> +- if test "x$use_python" = xyes ; then
> - AC_MSG_ERROR([Python explicitly requested and python headers were not found])
> - else
> - AC_MSG_WARN("Python headers not found - python bindings will not be made")
> diff --git a/recipes-security/audit/audit_2.4.4.bb b/recipes-security/audit/audit_2.4.4.bb
> deleted file mode 100644
> index 55a5b12ba9c9..000000000000
> --- a/recipes-security/audit/audit_2.4.4.bb
> +++ /dev/null
> @@ -1,100 +0,0 @@
> -SUMMARY = "User space tools for kernel auditing"
> -DESCRIPTION = "The audit package contains the user space utilities for \
> -storing and searching the audit records generated by the audit subsystem \
> -in the Linux kernel."
> -HOMEPAGE = "http://people.redhat.com/sgrubb/audit/"
> -SECTION = "base"
> -PR = "r8"
> -LICENSE = "GPLv2+ & LGPLv2+"
> -LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
> -
> -SRC_URI = "http://people.redhat.com/sgrubb/audit/audit-${PV}.tar.gz \
> - file://audit-python-configure.patch \
> - file://audit-python.patch \
> - file://fix-swig-host-contamination.patch \
> - file://auditd \
> - file://auditd.service \
> - file://audit-volatile.conf \
> - file://audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch \
> -"
> -SRC_URI[md5sum] = "72b0fd94d32846142bc472f0d91e62b4"
> -SRC_URI[sha256sum] = "25f57f465f3230d7b1166b615ffd6748818a3dc225d0e8b396c5b2e951674e23"
> -
> -inherit autotools pythonnative update-rc.d systemd
> -
> -UPDATERCPN = "auditd"
> -INITSCRIPT_NAME = "auditd"
> -INITSCRIPT_PARAMS = "defaults"
> -
> -SYSTEMD_SERVICE_${PN} = "auditd.service"
> -
> -DEPENDS += "python tcp-wrappers libcap-ng linux-libc-headers (>= 2.6.30)"
> -
> -EXTRA_OECONF += "--without-prelude \
> - --with-libwrap \
> - --enable-gssapi-krb5=no \
> - --with-libcap-ng=yes \
> - --with-python=yes \
> - --libdir=${base_libdir} \
> - --sbindir=${base_sbindir} \
> - --without-python3 \
> - --disable-zos-remote \
> - "
> -EXTRA_OECONF_append_arm = " --with-arm=yes"
> -
> -EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' \
> - PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \
> - pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \
> - STDINC='${STAGING_INCDIR}' \
> - "
> -
> -SUMMARY_audispd-plugins = "Plugins for the audit event dispatcher"
> -DESCRIPTION_audispd-plugins = "The audispd-plugins package provides plugins for the real-time \
> -interface to the audit system, audispd. These plugins can do things \
> -like relay events to remote machines or analyze events for suspicious \
> -behavior."
> -
> -PACKAGES =+ "audispd-plugins"
> -PACKAGES += "auditd ${PN}-python"
> -
> -FILES_${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*"
> -FILES_auditd += "${bindir}/* ${base_sbindir}/* ${sysconfdir}/*"
> -FILES_audispd-plugins += "${sysconfdir}/audisp/audisp-remote.conf \
> - ${sysconfdir}/audisp/plugins.d/au-remote.conf \
> - ${sbindir}/audisp-remote ${localstatedir}/spool/audit \
> - "
> -FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug"
> -FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
> -FILES_${PN}-dev += "${base_libdir}/*.so ${base_libdir}/*.la ${base_libdir}/pkgconfig/*"
> -
> -CONFFILES_auditd += "${sysconfdir}/audit/audit.rules"
> -RDEPENDS_auditd += "bash"
> -
> -do_install_append() {
> - rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a
> - rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la
> -
> - # reuse auditd config
> - [ ! -e ${D}/etc/default ] && mkdir ${D}/etc/default
> - mv ${D}/etc/sysconfig/auditd ${D}/etc/default
> - rmdir ${D}/etc/sysconfig/
> -
> - # replace init.d
> - install -D -m 0755 ${S}/../auditd ${D}/etc/init.d/auditd
> - rm -rf ${D}/etc/rc.d
> -
> - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
> - install -d ${D}${sysconfdir}/tmpfiles.d/
> - install -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/
> - fi
> -
> - # install systemd unit files
> - install -d ${D}${systemd_unitdir}/system
> - install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system
> -
> - chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d
> - chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules
> -
> - # Based on the audit.spec "Copy default rules into place on new installation"
> - cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules
> -}
> diff --git a/recipes-security/audit/audit_2.5.bb b/recipes-security/audit/audit_2.5.bb
> new file mode 100644
> index 000000000000..53aa23dabdd9
> --- /dev/null
> +++ b/recipes-security/audit/audit_2.5.bb
> @@ -0,0 +1,104 @@
> +SUMMARY = "User space tools for kernel auditing"
> +DESCRIPTION = "The audit package contains the user space utilities for \
> +storing and searching the audit records generated by the audit subsystem \
> +in the Linux kernel."
> +HOMEPAGE = "http://people.redhat.com/sgrubb/audit/"
> +SECTION = "base"
> +PR = "r8"
> +LICENSE = "GPLv2+ & LGPLv2+"
> +LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
> +
> +SRC_URI = "http://people.redhat.com/sgrubb/${BPN}/${BPN}-${PV}.tar.gz \
> + file://audit-python-configure.patch \
> + file://audit-python.patch \
> + file://fix-swig-host-contamination.patch \
> + file://auditd \
> + file://auditd.service \
> + file://audit-volatile.conf \
> +"
> +SRC_URI[md5sum] = "e721d48f3e1927c84b7c176b3bdbc443"
> +SRC_URI[sha256sum] = "9b0a0760c6f37d80cbbfe46a74db722e60ac8100b28eb31953878ffca8ac14b4"
> +
> +
> +inherit autotools pythonnative update-rc.d systemd
> +
> +UPDATERCPN = "auditd"
> +INITSCRIPT_NAME = "auditd"
> +INITSCRIPT_PARAMS = "defaults"
> +
> +SYSTEMD_SERVICE_${PN} = "auditd.service"
> +
> +DEPENDS += "python tcp-wrappers libcap-ng linux-libc-headers (>= 2.6.30)"
> +
> +EXTRA_OECONF += "--without-prelude \
> + --with-libwrap \
> + --enable-gssapi-krb5=no \
> + --with-libcap-ng=yes \
> + --with-python=yes \
> + --libdir=${base_libdir} \
> + --sbindir=${base_sbindir} \
> + --without-python3 \
> + --disable-zos-remote \
> + "
> +EXTRA_OECONF_append_arm = " --with-arm=yes"
> +
> +EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' \
> + PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \
> + pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \
> + STDINC='${STAGING_INCDIR}' \
> + "
> +
> +SUMMARY_audispd-plugins = "Plugins for the audit event dispatcher"
> +DESCRIPTION_audispd-plugins = "The audispd-plugins package provides plugins for the real-time \
> +interface to the audit system, audispd. These plugins can do things \
> +like relay events to remote machines or analyze events for suspicious \
> +behavior."
> +
> +PACKAGES =+ "audispd-plugins"
> +PACKAGES += "auditd ${PN}-python"
> +
> +FILES_${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*"
> +FILES_auditd += "${bindir}/* ${base_sbindir}/* ${sysconfdir}/*"
> +FILES_audispd-plugins += "${sysconfdir}/audisp/audisp-remote.conf \
> + ${sysconfdir}/audisp/plugins.d/au-remote.conf \
> + ${sbindir}/audisp-remote ${localstatedir}/spool/audit \
> + "
> +FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug"
> +FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
> +FILES_${PN}-dev += "${base_libdir}/*.so ${base_libdir}/*.la ${base_libdir}/pkgconfig/*"
> +
> +CONFFILES_auditd += "${sysconfdir}/audit/audit.rules"
> +RDEPENDS_auditd += "bash"
> +
> +do_install_append() {
> + rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a
> + rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la
> +
> + # reuse auditd config
> + [ ! -e ${D}/etc/default ] && mkdir ${D}/etc/default
> + mv ${D}/etc/sysconfig/auditd ${D}/etc/default
> + rmdir ${D}/etc/sysconfig/
> +
> + # replace init.d
> + install -D -m 0755 ${S}/../auditd ${D}/etc/init.d/auditd
> + rm -rf ${D}/etc/rc.d
> +
> + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
> + install -d ${D}${sysconfdir}/tmpfiles.d/
> + install -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/
> + fi
> +
> + # install systemd unit files
> + install -d ${D}${systemd_unitdir}/system
> + install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system
> +
> + # audit-2.5 doesn't install any rules by default, so we do that here
> + mkdir -p ${D}/etc/audit ${D}/etc/audit/rules.d
> + cp ${S}/rules/10-base-config.rules ${D}/etc/audit/rules.d/audit.rules
> +
> + chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d
> + chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules
> +
> + # Based on the audit.spec "Copy default rules into place on new installation"
> + cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules
> +}
>
More information about the yocto
mailing list