[yocto] [meta-selinux][PATCH 2/2] refpolicy-minimum: update patch file
wenzong.fan at windriver.com
wenzong.fan at windriver.com
Tue Jan 10 00:54:11 PST 2017
From: Wenzong Fan <wenzong.fan at windriver.com>
Fix build errors:
| policy/modules/system/init.te:1120:ERROR 'class dbus is not within scope' at token ';' on line 40246:
| allow initrc_t init_t:dbus send_msg;
| allow init_t initrc_t:dbus { send_msg acquire_svc };
Signed-off-by: Wenzong Fan <wenzong.fan at windriver.com>
---
...07-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/recipes-security/refpolicy/refpolicy-minimum/0007-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch b/recipes-security/refpolicy/refpolicy-minimum/0007-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch
index 50e3c64..a4084d7 100644
--- a/recipes-security/refpolicy/refpolicy-minimum/0007-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch
+++ b/recipes-security/refpolicy/refpolicy-minimum/0007-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch
@@ -49,15 +49,18 @@ diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 19a7a20..cefa59d 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
-@@ -1105,3 +1105,8 @@ allow init_t self:capability2 audit_read;
+@@ -1105,3 +1105,11 @@ allow init_t self:capability2 audit_read;
allow initrc_t init_t:system { start status reboot };
allow initrc_t init_var_run_t:service { start status };
+
+allow initrc_t init_var_run_t:service stop;
-+allow initrc_t init_t:dbus send_msg;
++init_dbus_chat(initrc_t)
+
-+allow init_t initrc_t:dbus { send_msg acquire_svc };
++gen_require(`
++ class dbus acquire_svc;
++')
++allow init_t initrc_t:dbus { acquire_svc };
diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te
index 09ec33f..be25c82 100644
--- a/policy/modules/system/locallogin.te
--
2.11.0
More information about the yocto
mailing list