[yocto] [meta-selinux][PATCH] refpolicy: refresh patches

Joe MacDonald joe at deserted.net
Tue Apr 23 09:00:46 PDT 2019


Hi Yi,

Where did this patch refresh come from?  Since the goal right now for the
refpolicy recipes is to move to a purely git-based approach, I'd prefer to not
do patch refreshes that don't come from an export of the patched git trees, like
the one I'd mentioned in my earlier email here:

	https://www.mail-archive.com/yocto@yoctoproject.org/msg43933.html

Thanks,
-Joe.

[[yocto] [meta-selinux][PATCH] refpolicy: refresh patches] On 19.04.19 (Fri 14:10) Yi Zhao wrote:

> Refrefsh 0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> and 0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch.
> Remove the trailing line: \ No newline at end of file
> 
> Signed-off-by: Yi Zhao <yi.zhao at windriver.com>
> ---
>  ...y-minimum-audit-logging-getty-audit-related-.patch |  1 -
>  ...y-minimum-systemd-mount-logging-authlogin-ad.patch | 19 ++++++++-----------
>  ...y-minimum-audit-logging-getty-audit-related-.patch |  1 -
>  ...y-minimum-systemd-mount-logging-authlogin-ad.patch | 19 ++++++++-----------
>  4 files changed, 16 insertions(+), 24 deletions(-)
> 
> diff --git a/recipes-security/refpolicy/refpolicy-2.20190201/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch b/recipes-security/refpolicy/refpolicy-2.20190201/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> index f92ddb8..10d2bcb 100644
> --- a/recipes-security/refpolicy/refpolicy-2.20190201/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> +++ b/recipes-security/refpolicy/refpolicy-2.20190201/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> @@ -62,7 +62,6 @@ index 63e92a8e..8ab46925 100644
>  +allow auditd_t initrc_t:unix_dgram_socket sendto;
>  +
>  +allow klogd_t initrc_t:unix_dgram_socket sendto;
> -\ No newline at end of file
>  -- 
>  2.19.1
>  
> diff --git a/recipes-security/refpolicy/refpolicy-2.20190201/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch b/recipes-security/refpolicy/refpolicy-2.20190201/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> index 98b6156..65ef55b 100644
> --- a/recipes-security/refpolicy/refpolicy-2.20190201/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> +++ b/recipes-security/refpolicy/refpolicy-2.20190201/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> @@ -33,13 +33,13 @@ Signed-off-by: Shrikant Bobade <shrikant_bobade at mentor.com>
>  Signed-off-by: Joe MacDonald <joe_macdonald at mentor.com>
>  ---
>   policy/modules/system/authlogin.te | 2 ++
> - policy/modules/system/logging.te   | 7 ++++++-
> + policy/modules/system/logging.te   | 5 +++++
>   policy/modules/system/mount.te     | 3 +++
>   policy/modules/system/systemd.te   | 5 +++++
> - 4 files changed, 16 insertions(+), 1 deletion(-)
> + 4 files changed, 15 insertions(+)
>  
>  diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
> -index 345e07f3..39f860e0 100644
> +index 345e07f..39f860e 100644
>  --- a/policy/modules/system/authlogin.te
>  +++ b/policy/modules/system/authlogin.te
>  @@ -472,3 +472,5 @@ optional_policy(`
> @@ -49,23 +49,20 @@ index 345e07f3..39f860e0 100644
>  +
>  +allow chkpwd_t proc_t:filesystem getattr;
>  diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
> -index 8ab46925..520f7da6 100644
> +index c9991ab..520f7da 100644
>  --- a/policy/modules/system/logging.te
>  +++ b/policy/modules/system/logging.te
> -@@ -627,4 +627,9 @@ allow auditd_t tmpfs_t:file { getattr setattr create open read append };
> - allow auditd_t tmpfs_t:dir { open read search add_name write getattr search };
> +@@ -628,3 +628,8 @@ allow auditd_t tmpfs_t:dir { open read search add_name write getattr search };
>   allow auditd_t initrc_t:unix_dgram_socket sendto;
>   
> --allow klogd_t initrc_t:unix_dgram_socket sendto;
> -\ No newline at end of file
> -+allow klogd_t initrc_t:unix_dgram_socket sendto;
> + allow klogd_t initrc_t:unix_dgram_socket sendto;
>  +
>  +allow syslogd_t self:shm create;
>  +allow syslogd_t self:sem { create read unix_write write };
>  +allow syslogd_t self:shm { read unix_read unix_write write };
>  +allow syslogd_t tmpfs_t:file { read write };
>  diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
> -index 3dcb8493..a87d0e82 100644
> +index 3dcb849..a87d0e8 100644
>  --- a/policy/modules/system/mount.te
>  +++ b/policy/modules/system/mount.te
>  @@ -231,3 +231,6 @@ optional_policy(`
> @@ -76,7 +73,7 @@ index 3dcb8493..a87d0e82 100644
>  +allow mount_t proc_t:filesystem getattr;
>  +allow mount_t initrc_t:udp_socket { read write };
>  diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
> -index a6f09dfd..68b80de3 100644
> +index a6f09df..68b80de 100644
>  --- a/policy/modules/system/systemd.te
>  +++ b/policy/modules/system/systemd.te
>  @@ -993,6 +993,11 @@ allow systemd_tmpfiles_t systemd_journal_t:file { relabelfrom relabelto };
> diff --git a/recipes-security/refpolicy/refpolicy-git/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch b/recipes-security/refpolicy/refpolicy-git/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> index 3cc5395..517782d 100644
> --- a/recipes-security/refpolicy/refpolicy-git/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> +++ b/recipes-security/refpolicy/refpolicy-git/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> @@ -62,7 +62,6 @@ index e6221a02..4cc73327 100644
>  +allow auditd_t initrc_t:unix_dgram_socket sendto;
>  +
>  +allow klogd_t initrc_t:unix_dgram_socket sendto;
> -\ No newline at end of file
>  -- 
>  2.19.1
>  
> diff --git a/recipes-security/refpolicy/refpolicy-git/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch b/recipes-security/refpolicy/refpolicy-git/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> index 06b9192..5132cd8 100644
> --- a/recipes-security/refpolicy/refpolicy-git/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> +++ b/recipes-security/refpolicy/refpolicy-git/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> @@ -33,13 +33,13 @@ Signed-off-by: Shrikant Bobade <shrikant_bobade at mentor.com>
>  Signed-off-by: Joe MacDonald <joe_macdonald at mentor.com>
>  ---
>   policy/modules/system/authlogin.te | 2 ++
> - policy/modules/system/logging.te   | 7 ++++++-
> + policy/modules/system/logging.te   | 5 +++++
>   policy/modules/system/mount.te     | 3 +++
>   policy/modules/system/systemd.te   | 5 +++++
> - 4 files changed, 16 insertions(+), 1 deletion(-)
> + 4 files changed, 15 insertions(+)
>  
>  diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
> -index 28f74bac..dfa46612 100644
> +index 28f74ba..dfa4661 100644
>  --- a/policy/modules/system/authlogin.te
>  +++ b/policy/modules/system/authlogin.te
>  @@ -479,3 +479,5 @@ optional_policy(`
> @@ -49,23 +49,20 @@ index 28f74bac..dfa46612 100644
>  +
>  +allow chkpwd_t proc_t:filesystem getattr;
>  diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
> -index 4cc73327..98c2bd19 100644
> +index 541f5c6..98c2bd1 100644
>  --- a/policy/modules/system/logging.te
>  +++ b/policy/modules/system/logging.te
> -@@ -627,4 +627,9 @@ allow auditd_t tmpfs_t:file { getattr setattr create open read append };
> - allow auditd_t tmpfs_t:dir { open read search add_name write getattr search };
> +@@ -628,3 +628,8 @@ allow auditd_t tmpfs_t:dir { open read search add_name write getattr search };
>   allow auditd_t initrc_t:unix_dgram_socket sendto;
>   
> --allow klogd_t initrc_t:unix_dgram_socket sendto;
> -\ No newline at end of file
> -+allow klogd_t initrc_t:unix_dgram_socket sendto;
> + allow klogd_t initrc_t:unix_dgram_socket sendto;
>  +
>  +allow syslogd_t self:shm create;
>  +allow syslogd_t self:sem { create read unix_write write };
>  +allow syslogd_t self:shm { read unix_read unix_write write };
>  +allow syslogd_t tmpfs_t:file { read write };
>  diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
> -index 3dcb8493..a87d0e82 100644
> +index 3dcb849..a87d0e8 100644
>  --- a/policy/modules/system/mount.te
>  +++ b/policy/modules/system/mount.te
>  @@ -231,3 +231,6 @@ optional_policy(`
> @@ -76,7 +73,7 @@ index 3dcb8493..a87d0e82 100644
>  +allow mount_t proc_t:filesystem getattr;
>  +allow mount_t initrc_t:udp_socket { read write };
>  diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
> -index f6455f6f..b13337b9 100644
> +index f6455f6..b13337b 100644
>  --- a/policy/modules/system/systemd.te
>  +++ b/policy/modules/system/systemd.te
>  @@ -1011,6 +1011,11 @@ allow systemd_tmpfiles_t systemd_journal_t:file { relabelfrom relabelto };
> -- 
> 2.7.4
> 
> -- 
> _______________________________________________
> yocto mailing list
> yocto at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20190423/0cb26372/attachment.pgp>


More information about the yocto mailing list