[yocto] [meta-selinux][PATCH 3/3] refpolicy-minimum: fix build error with systemd

Mon, 09 Oct 2017 00:23:43 -0700 

From: Wenzong Fan <wenzong....@windriver.com>

Update patch to fix build error with systemd:

* replace below statements with 'init_dbus_chat(initrc_t)':
  allow initrc_t init_t:dbus send_msg;
  allow init_t initrc_t:dbus send_msg;

* declare class 'dbus' and 'acquire_svc' for:
  allow init_t initrc_t:dbus { acquire_svc };

This fixes build errors:
| policy/modules/system/init.te:1120:ERROR 'class dbus is not within scope' at 
token ';' on line 40246:
| allow initrc_t init_t:dbus send_msg;
| allow init_t initrc_t:dbus { send_msg acquire_svc };

Signed-off-by: Wenzong Fan <wenzong....@windriver.com>
---
 ...07-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git 
a/recipes-security/refpolicy/refpolicy-minimum/0007-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch
 
b/recipes-security/refpolicy/refpolicy-minimum/0007-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch
index 50e3c64..a4084d7 100644
--- 
a/recipes-security/refpolicy/refpolicy-minimum/0007-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch
+++ 
b/recipes-security/refpolicy/refpolicy-minimum/0007-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch
@@ -49,15 +49,18 @@ diff --git a/policy/modules/system/init.te 
b/policy/modules/system/init.te
 index 19a7a20..cefa59d 100644
 --- a/policy/modules/system/init.te
 +++ b/policy/modules/system/init.te
-@@ -1105,3 +1105,8 @@ allow init_t self:capability2 audit_read;
+@@ -1105,3 +1105,11 @@ allow init_t self:capability2 audit_read;
  
  allow initrc_t init_t:system { start status reboot };
  allow initrc_t init_var_run_t:service { start status };
 +
 +allow initrc_t init_var_run_t:service stop;
-+allow initrc_t init_t:dbus send_msg;
++init_dbus_chat(initrc_t)
 +
-+allow init_t initrc_t:dbus { send_msg acquire_svc };
++gen_require(`
++      class dbus acquire_svc;
++')
++allow init_t initrc_t:dbus { acquire_svc };
 diff --git a/policy/modules/system/locallogin.te 
b/policy/modules/system/locallogin.te
 index 09ec33f..be25c82 100644
 --- a/policy/modules/system/locallogin.te
-- 
2.13.0

-- 
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Reply via email to