[oe] [meta-oe][PATCH] audit: upgrade 4.0.2 -> 4.0.3

Yi Zhao via lists.openembedded.org Sun, 26 Jan 2025 05:18:35 -0800

ChangeLog:
- Remove a RHEL4 flag table since it's been unsupported for a while
- Change dependency from Requires to Wants for audit-rules.service
- Disable ProtectKernelModules by default in auditd.service
- Skip plugin configs that do not have .conf suffix
- audisp-filter: iterate records correctly when forwarding
- Update syscall table for missing syscalls
- Modify ausearch checkpoint code to address 64 inode and device numbers
- Fix potential segfault interpreting relative paths
- Add audit_set_enabled & audit_is_enabled back to the libaudit python bindings
- Log runlevel changes to console during boot
- Add audit-tmpfiles.conf to ensure /var/log/audit exists
- Propagate event format to the audisp-af_unix plugin
- Add support for RISC-V - riscv32, riscv64


* Enable riscv support
* Use its own volatile file for systemd.

Signed-off-by: Yi Zhao <[email protected]>
---
 .../audit/audit/audit-volatile.conf            |  1 -
 .../audit/{audit_4.0.2.bb => audit_4.0.3.bb}   | 18 +++++++-----------
 2 files changed, 7 insertions(+), 12 deletions(-)
 delete mode 100644 meta-oe/recipes-security/audit/audit/audit-volatile.conf
 rename meta-oe/recipes-security/audit/{audit_4.0.2.bb => audit_4.0.3.bb} (84%)

diff --git a/meta-oe/recipes-security/audit/audit/audit-volatile.conf 
b/meta-oe/recipes-security/audit/audit/audit-volatile.conf
deleted file mode 100644
index 9cbe1547a3..0000000000
--- a/meta-oe/recipes-security/audit/audit/audit-volatile.conf
+++ /dev/null
@@ -1 +0,0 @@
-d  /var/log/audit 0750 root root -
diff --git a/meta-oe/recipes-security/audit/audit_4.0.2.bb 
b/meta-oe/recipes-security/audit/audit_4.0.3.bb
similarity index 84%
rename from meta-oe/recipes-security/audit/audit_4.0.2.bb
rename to meta-oe/recipes-security/audit/audit_4.0.3.bb
index 4f1507923a..9501787e09 100644
--- a/meta-oe/recipes-security/audit/audit_4.0.2.bb
+++ b/meta-oe/recipes-security/audit/audit_4.0.3.bb
@@ -10,11 +10,10 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
 SRC_URI = 
"git://github.com/linux-audit/${BPN}-userspace.git;branch=master;protocol=https 
\
            file://0001-Fixed-swig-host-contamination-issue.patch \
            file://auditd \
-           file://audit-volatile.conf \
           "
 
 S = "${WORKDIR}/git"
-SRCREV = "4e6deae41d4646d28bb3ba9524a8a227a38ccd0b"
+SRCREV = "51d154c5b7ec91831cbb89fe6ca54d8eb7ba344c"
 
 inherit autotools python3targetconfig update-rc.d systemd
 
@@ -33,6 +32,7 @@ EXTRA_OECONF = " \
         --with-python3 \
         --with-arm \
         --with-aarch64 \
+        --with-riscv \
         --without-golang \
         --disable-gssapi-krb5 \
         --disable-zos-remote \
@@ -57,7 +57,9 @@ PACKAGES =+ "audispd-plugins"
 PACKAGES += "auditd ${PN}-python"
 
 FILES:${PN} = "${sysconfdir}/libaudit.conf ${libdir}/libau*.so.*"
-FILES:auditd = "${bindir}/* ${base_sbindir}/* ${sysconfdir}/* 
${datadir}/audit-rules/* ${libexecdir}/*"
+FILES:auditd = "${bindir}/* ${base_sbindir}/* ${sysconfdir}/* \
+                ${datadir}/audit-rules/* ${libexecdir}/* \
+                ${nonarch_libdir}/tmpfiles.d/*.conf"
 FILES:audispd-plugins = "${sysconfdir}/audit/audisp-remote.conf \
         ${sysconfdir}/audit/plugins.d/au-remote.conf \
         ${sysconfdir}/audit/plugins.d/syslog.conf \
@@ -87,19 +89,13 @@ do_install:append() {
     # Based on the audit.spec "Copy default rules into place on new 
installation"
     install -m 0640 ${D}/etc/audit/rules.d/audit.rules 
${D}/etc/audit/audit.rules
 
-    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', 
d)}; then
-        install -D -m 0644 ${UNPACKDIR}/audit-volatile.conf 
${D}${sysconfdir}/tmpfiles.d/audit.conf
-    fi
-
     if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', 
d)}; then
         install -D -m 0755 ${UNPACKDIR}/auditd ${D}/etc/init.d/auditd
     fi
 
     if ! ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', 
d)}; then
-        rm -rf ${D}${libdir}/systemd
-        install -d ${D}${systemd_unitdir}/system
-        install -m 0644 ${B}/init.d/auditd.service      
${D}${systemd_unitdir}/system/
-        install -m 0644 ${B}/init.d/audit-rules.service 
${D}${systemd_unitdir}/system/
+        rm -rf ${D}${nonarch_libdir}/systemd
+        rm -rf ${D}${nonarch_libdir}/tmpfiles.d
     fi
 
     # Create /var/spool/audit directory for audisp-remote
-- 
2.25.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#115102): 
https://lists.openembedded.org/g/openembedded-devel/message/115102
Mute This Topic: https://lists.openembedded.org/mt/110821180/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

[oe] [meta-oe][PATCH] audit: upgrade 4.0.2 -> 4.0.3

Reply via email to