* [meta-selinux][PATCH] audit: Fix lack of a default audit.rules
@ 2014-04-04 23:09 Mark Hatle
2014-04-07 13:54 ` Joe MacDonald
0 siblings, 1 reply; 2+ messages in thread
From: Mark Hatle @ 2014-04-04 23:09 UTC (permalink / raw)
To: joe, xin.ouyang, yocto
Various components were failing, and upon investigation it was noted
that the audit.rules file referenced by the initscript wasn't available.
There was however a copy under the rules.d directory. Investigating
the audit.spec file (which in the upstream source) showed that it was
expected that the version in the rules.d should be copied into
/etc/audit.
Do this and correct the systemd services file to use the same file.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
---
recipes-security/audit/audit/auditd.service | 2 +-
recipes-security/audit/audit_2.3.2.bb | 5 +++++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/recipes-security/audit/audit/auditd.service b/recipes-security/audit/audit/auditd.service
index 6daa056..adf4d3b 100644
--- a/recipes-security/audit/audit/auditd.service
+++ b/recipes-security/audit/audit/auditd.service
@@ -14,7 +14,7 @@ ExecStart=/sbin/auditd -n
## Then copy existing rules to /etc/audit/rules.d/
## Not doing this last step can cause loss of existing rules
#ExecStartPost=-/sbin/augenrules --load
-ExecStartPost=-/sbin/auditctl -R /etc/audit/rules.d/audit.rules
+ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
ExecReload=/bin/kill -HUP $MAINPID
[Install]
diff --git a/recipes-security/audit/audit_2.3.2.bb b/recipes-security/audit/audit_2.3.2.bb
index 4a9c954..ae6556f 100644
--- a/recipes-security/audit/audit_2.3.2.bb
+++ b/recipes-security/audit/audit_2.3.2.bb
@@ -67,6 +67,8 @@ FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug"
FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
FILES_${PN}-dev += "${base_libdir}/*.so ${base_libdir}/*.la"
+CONFFILES_auditd += "${sysconfdir}/audit/audit.rules"
+
do_install_append() {
rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a
rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la
@@ -91,4 +93,7 @@ do_install_append() {
chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d
chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules
+
+ # Based on the audit.spec "Copy default rules into place on new installation"
+ cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules
}
--
1.8.5.3
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [meta-selinux][PATCH] audit: Fix lack of a default audit.rules
2014-04-04 23:09 [meta-selinux][PATCH] audit: Fix lack of a default audit.rules Mark Hatle
@ 2014-04-07 13:54 ` Joe MacDonald
0 siblings, 0 replies; 2+ messages in thread
From: Joe MacDonald @ 2014-04-07 13:54 UTC (permalink / raw)
To: Mark Hatle; +Cc: yocto
[-- Attachment #1: Type: text/plain, Size: 2681 bytes --]
[[meta-selinux][PATCH] audit: Fix lack of a default audit.rules] On 14.04.04 (Fri 18:09) Mark Hatle wrote:
> Various components were failing, and upon investigation it was noted
> that the audit.rules file referenced by the initscript wasn't available.
>
> There was however a copy under the rules.d directory. Investigating
> the audit.spec file (which in the upstream source) showed that it was
> expected that the version in the rules.d should be copied into
> /etc/audit.
It's expected that you'd actually generate the audit.rules file using
augenrules, but this is a reasonable approximation of that. :-)
> Do this and correct the systemd services file to use the same file.
Also the right thing to do here.
Merging.
-J.
>
> Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
> ---
> recipes-security/audit/audit/auditd.service | 2 +-
> recipes-security/audit/audit_2.3.2.bb | 5 +++++
> 2 files changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/recipes-security/audit/audit/auditd.service b/recipes-security/audit/audit/auditd.service
> index 6daa056..adf4d3b 100644
> --- a/recipes-security/audit/audit/auditd.service
> +++ b/recipes-security/audit/audit/auditd.service
> @@ -14,7 +14,7 @@ ExecStart=/sbin/auditd -n
> ## Then copy existing rules to /etc/audit/rules.d/
> ## Not doing this last step can cause loss of existing rules
> #ExecStartPost=-/sbin/augenrules --load
> -ExecStartPost=-/sbin/auditctl -R /etc/audit/rules.d/audit.rules
> +ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
> ExecReload=/bin/kill -HUP $MAINPID
>
> [Install]
> diff --git a/recipes-security/audit/audit_2.3.2.bb b/recipes-security/audit/audit_2.3.2.bb
> index 4a9c954..ae6556f 100644
> --- a/recipes-security/audit/audit_2.3.2.bb
> +++ b/recipes-security/audit/audit_2.3.2.bb
> @@ -67,6 +67,8 @@ FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug"
> FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
> FILES_${PN}-dev += "${base_libdir}/*.so ${base_libdir}/*.la"
>
> +CONFFILES_auditd += "${sysconfdir}/audit/audit.rules"
> +
> do_install_append() {
> rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a
> rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la
> @@ -91,4 +93,7 @@ do_install_append() {
>
> chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d
> chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules
> +
> + # Based on the audit.spec "Copy default rules into place on new installation"
> + cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules
> }
--
-Joe MacDonald.
:wq
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 205 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-04-07 13:54 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-04-04 23:09 [meta-selinux][PATCH] audit: Fix lack of a default audit.rules Mark Hatle
2014-04-07 13:54 ` Joe MacDonald
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.