Hi Yi, Where did this patch refresh come from? Since the goal right now for the refpolicy recipes is to move to a purely git-based approach, I'd prefer to not do patch refreshes that don't come from an export of the patched git trees, like the one I'd mentioned in my earlier email here:
https://www.mail-archive.com/[email protected]/msg43933.html
Thanks,
-Joe.
[[yocto] [meta-selinux][PATCH] refpolicy: refresh patches] On 19.04.19 (Fri
14:10) Yi Zhao wrote:
> Refrefsh 0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> and 0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch.
> Remove the trailing line: \ No newline at end of file
>
> Signed-off-by: Yi Zhao <[email protected]>
> ---
> ...y-minimum-audit-logging-getty-audit-related-.patch | 1 -
> ...y-minimum-systemd-mount-logging-authlogin-ad.patch | 19
> ++++++++-----------
> ...y-minimum-audit-logging-getty-audit-related-.patch | 1 -
> ...y-minimum-systemd-mount-logging-authlogin-ad.patch | 19
> ++++++++-----------
> 4 files changed, 16 insertions(+), 24 deletions(-)
>
> diff --git
> a/recipes-security/refpolicy/refpolicy-2.20190201/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
>
> b/recipes-security/refpolicy/refpolicy-2.20190201/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> index f92ddb8..10d2bcb 100644
> ---
> a/recipes-security/refpolicy/refpolicy-2.20190201/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> +++
> b/recipes-security/refpolicy/refpolicy-2.20190201/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> @@ -62,7 +62,6 @@ index 63e92a8e..8ab46925 100644
> +allow auditd_t initrc_t:unix_dgram_socket sendto;
> +
> +allow klogd_t initrc_t:unix_dgram_socket sendto;
> -\ No newline at end of file
> --
> 2.19.1
>
> diff --git
> a/recipes-security/refpolicy/refpolicy-2.20190201/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
>
> b/recipes-security/refpolicy/refpolicy-2.20190201/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> index 98b6156..65ef55b 100644
> ---
> a/recipes-security/refpolicy/refpolicy-2.20190201/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> +++
> b/recipes-security/refpolicy/refpolicy-2.20190201/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> @@ -33,13 +33,13 @@ Signed-off-by: Shrikant Bobade
> <[email protected]>
> Signed-off-by: Joe MacDonald <[email protected]>
> ---
> policy/modules/system/authlogin.te | 2 ++
> - policy/modules/system/logging.te | 7 ++++++-
> + policy/modules/system/logging.te | 5 +++++
> policy/modules/system/mount.te | 3 +++
> policy/modules/system/systemd.te | 5 +++++
> - 4 files changed, 16 insertions(+), 1 deletion(-)
> + 4 files changed, 15 insertions(+)
>
> diff --git a/policy/modules/system/authlogin.te
> b/policy/modules/system/authlogin.te
> -index 345e07f3..39f860e0 100644
> +index 345e07f..39f860e 100644
> --- a/policy/modules/system/authlogin.te
> +++ b/policy/modules/system/authlogin.te
> @@ -472,3 +472,5 @@ optional_policy(`
> @@ -49,23 +49,20 @@ index 345e07f3..39f860e0 100644
> +
> +allow chkpwd_t proc_t:filesystem getattr;
> diff --git a/policy/modules/system/logging.te
> b/policy/modules/system/logging.te
> -index 8ab46925..520f7da6 100644
> +index c9991ab..520f7da 100644
> --- a/policy/modules/system/logging.te
> +++ b/policy/modules/system/logging.te
> -@@ -627,4 +627,9 @@ allow auditd_t tmpfs_t:file { getattr setattr create
> open read append };
> - allow auditd_t tmpfs_t:dir { open read search add_name write getattr search
> };
> +@@ -628,3 +628,8 @@ allow auditd_t tmpfs_t:dir { open read search add_name
> write getattr search };
> allow auditd_t initrc_t:unix_dgram_socket sendto;
>
> --allow klogd_t initrc_t:unix_dgram_socket sendto;
> -\ No newline at end of file
> -+allow klogd_t initrc_t:unix_dgram_socket sendto;
> + allow klogd_t initrc_t:unix_dgram_socket sendto;
> +
> +allow syslogd_t self:shm create;
> +allow syslogd_t self:sem { create read unix_write write };
> +allow syslogd_t self:shm { read unix_read unix_write write };
> +allow syslogd_t tmpfs_t:file { read write };
> diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
> -index 3dcb8493..a87d0e82 100644
> +index 3dcb849..a87d0e8 100644
> --- a/policy/modules/system/mount.te
> +++ b/policy/modules/system/mount.te
> @@ -231,3 +231,6 @@ optional_policy(`
> @@ -76,7 +73,7 @@ index 3dcb8493..a87d0e82 100644
> +allow mount_t proc_t:filesystem getattr;
> +allow mount_t initrc_t:udp_socket { read write };
> diff --git a/policy/modules/system/systemd.te
> b/policy/modules/system/systemd.te
> -index a6f09dfd..68b80de3 100644
> +index a6f09df..68b80de 100644
> --- a/policy/modules/system/systemd.te
> +++ b/policy/modules/system/systemd.te
> @@ -993,6 +993,11 @@ allow systemd_tmpfiles_t systemd_journal_t:file {
> relabelfrom relabelto };
> diff --git
> a/recipes-security/refpolicy/refpolicy-git/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
>
> b/recipes-security/refpolicy/refpolicy-git/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> index 3cc5395..517782d 100644
> ---
> a/recipes-security/refpolicy/refpolicy-git/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> +++
> b/recipes-security/refpolicy/refpolicy-git/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> @@ -62,7 +62,6 @@ index e6221a02..4cc73327 100644
> +allow auditd_t initrc_t:unix_dgram_socket sendto;
> +
> +allow klogd_t initrc_t:unix_dgram_socket sendto;
> -\ No newline at end of file
> --
> 2.19.1
>
> diff --git
> a/recipes-security/refpolicy/refpolicy-git/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
>
> b/recipes-security/refpolicy/refpolicy-git/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> index 06b9192..5132cd8 100644
> ---
> a/recipes-security/refpolicy/refpolicy-git/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> +++
> b/recipes-security/refpolicy/refpolicy-git/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> @@ -33,13 +33,13 @@ Signed-off-by: Shrikant Bobade
> <[email protected]>
> Signed-off-by: Joe MacDonald <[email protected]>
> ---
> policy/modules/system/authlogin.te | 2 ++
> - policy/modules/system/logging.te | 7 ++++++-
> + policy/modules/system/logging.te | 5 +++++
> policy/modules/system/mount.te | 3 +++
> policy/modules/system/systemd.te | 5 +++++
> - 4 files changed, 16 insertions(+), 1 deletion(-)
> + 4 files changed, 15 insertions(+)
>
> diff --git a/policy/modules/system/authlogin.te
> b/policy/modules/system/authlogin.te
> -index 28f74bac..dfa46612 100644
> +index 28f74ba..dfa4661 100644
> --- a/policy/modules/system/authlogin.te
> +++ b/policy/modules/system/authlogin.te
> @@ -479,3 +479,5 @@ optional_policy(`
> @@ -49,23 +49,20 @@ index 28f74bac..dfa46612 100644
> +
> +allow chkpwd_t proc_t:filesystem getattr;
> diff --git a/policy/modules/system/logging.te
> b/policy/modules/system/logging.te
> -index 4cc73327..98c2bd19 100644
> +index 541f5c6..98c2bd1 100644
> --- a/policy/modules/system/logging.te
> +++ b/policy/modules/system/logging.te
> -@@ -627,4 +627,9 @@ allow auditd_t tmpfs_t:file { getattr setattr create
> open read append };
> - allow auditd_t tmpfs_t:dir { open read search add_name write getattr search
> };
> +@@ -628,3 +628,8 @@ allow auditd_t tmpfs_t:dir { open read search add_name
> write getattr search };
> allow auditd_t initrc_t:unix_dgram_socket sendto;
>
> --allow klogd_t initrc_t:unix_dgram_socket sendto;
> -\ No newline at end of file
> -+allow klogd_t initrc_t:unix_dgram_socket sendto;
> + allow klogd_t initrc_t:unix_dgram_socket sendto;
> +
> +allow syslogd_t self:shm create;
> +allow syslogd_t self:sem { create read unix_write write };
> +allow syslogd_t self:shm { read unix_read unix_write write };
> +allow syslogd_t tmpfs_t:file { read write };
> diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
> -index 3dcb8493..a87d0e82 100644
> +index 3dcb849..a87d0e8 100644
> --- a/policy/modules/system/mount.te
> +++ b/policy/modules/system/mount.te
> @@ -231,3 +231,6 @@ optional_policy(`
> @@ -76,7 +73,7 @@ index 3dcb8493..a87d0e82 100644
> +allow mount_t proc_t:filesystem getattr;
> +allow mount_t initrc_t:udp_socket { read write };
> diff --git a/policy/modules/system/systemd.te
> b/policy/modules/system/systemd.te
> -index f6455f6f..b13337b9 100644
> +index f6455f6..b13337b 100644
> --- a/policy/modules/system/systemd.te
> +++ b/policy/modules/system/systemd.te
> @@ -1011,6 +1011,11 @@ allow systemd_tmpfiles_t systemd_journal_t:file {
> relabelfrom relabelto };
> --
> 2.7.4
>
> --
> _______________________________________________
> yocto mailing list
> [email protected]
> https://lists.yoctoproject.org/listinfo/yocto
signature.asc
Description: PGP signature
-- _______________________________________________ yocto mailing list [email protected] https://lists.yoctoproject.org/listinfo/yocto
