Re: [meta-selinux][PATCH] refpolicy: refresh patches

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Joe MacDonald <joe@deserted.net>
To: Yi Zhao <yi.zhao@windriver.com>
Cc: yocto@yoctoproject.org
Subject: Re: [meta-selinux][PATCH] refpolicy: refresh patches
Date: Tue, 23 Apr 2019 12:00:46 -0400	[thread overview]
Message-ID: <20190423160043.GA5013@deserted.net> (raw)
In-Reply-To: <1555654248-5791-1-git-send-email-yi.zhao@windriver.com>

[-- Attachment #1: Type: text/plain, Size: 9085 bytes --]

Hi Yi,

Where did this patch refresh come from?  Since the goal right now for the
refpolicy recipes is to move to a purely git-based approach, I'd prefer to not
do patch refreshes that don't come from an export of the patched git trees, like
the one I'd mentioned in my earlier email here:

	https://www.mail-archive.com/yocto@yoctoproject.org/msg43933.html

Thanks,
-Joe.

[[yocto] [meta-selinux][PATCH] refpolicy: refresh patches] On 19.04.19 (Fri 14:10) Yi Zhao wrote:

> Refrefsh 0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> and 0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch.
> Remove the trailing line: \ No newline at end of file
> 
> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
> ---
>  ...y-minimum-audit-logging-getty-audit-related-.patch |  1 -
>  ...y-minimum-systemd-mount-logging-authlogin-ad.patch | 19 ++++++++-----------
>  ...y-minimum-audit-logging-getty-audit-related-.patch |  1 -
>  ...y-minimum-systemd-mount-logging-authlogin-ad.patch | 19 ++++++++-----------
>  4 files changed, 16 insertions(+), 24 deletions(-)
> 
> diff --git a/recipes-security/refpolicy/refpolicy-2.20190201/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch b/recipes-security/refpolicy/refpolicy-2.20190201/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> index f92ddb8..10d2bcb 100644
> --- a/recipes-security/refpolicy/refpolicy-2.20190201/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> +++ b/recipes-security/refpolicy/refpolicy-2.20190201/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> @@ -62,7 +62,6 @@ index 63e92a8e..8ab46925 100644
>  +allow auditd_t initrc_t:unix_dgram_socket sendto;
>  +
>  +allow klogd_t initrc_t:unix_dgram_socket sendto;
> -\ No newline at end of file
>  -- 
>  2.19.1
>  
> diff --git a/recipes-security/refpolicy/refpolicy-2.20190201/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch b/recipes-security/refpolicy/refpolicy-2.20190201/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> index 98b6156..65ef55b 100644
> --- a/recipes-security/refpolicy/refpolicy-2.20190201/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> +++ b/recipes-security/refpolicy/refpolicy-2.20190201/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> @@ -33,13 +33,13 @@ Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
>  Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
>  ---
>   policy/modules/system/authlogin.te | 2 ++
> - policy/modules/system/logging.te   | 7 ++++++-
> + policy/modules/system/logging.te   | 5 +++++
>   policy/modules/system/mount.te     | 3 +++
>   policy/modules/system/systemd.te   | 5 +++++
> - 4 files changed, 16 insertions(+), 1 deletion(-)
> + 4 files changed, 15 insertions(+)
>  
>  diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
> -index 345e07f3..39f860e0 100644
> +index 345e07f..39f860e 100644
>  --- a/policy/modules/system/authlogin.te
>  +++ b/policy/modules/system/authlogin.te
>  @@ -472,3 +472,5 @@ optional_policy(`
> @@ -49,23 +49,20 @@ index 345e07f3..39f860e0 100644
>  +
>  +allow chkpwd_t proc_t:filesystem getattr;
>  diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
> -index 8ab46925..520f7da6 100644
> +index c9991ab..520f7da 100644
>  --- a/policy/modules/system/logging.te
>  +++ b/policy/modules/system/logging.te
> -@@ -627,4 +627,9 @@ allow auditd_t tmpfs_t:file { getattr setattr create open read append };
> - allow auditd_t tmpfs_t:dir { open read search add_name write getattr search };
> +@@ -628,3 +628,8 @@ allow auditd_t tmpfs_t:dir { open read search add_name write getattr search };
>   allow auditd_t initrc_t:unix_dgram_socket sendto;
>   
> --allow klogd_t initrc_t:unix_dgram_socket sendto;
> -\ No newline at end of file
> -+allow klogd_t initrc_t:unix_dgram_socket sendto;
> + allow klogd_t initrc_t:unix_dgram_socket sendto;
>  +
>  +allow syslogd_t self:shm create;
>  +allow syslogd_t self:sem { create read unix_write write };
>  +allow syslogd_t self:shm { read unix_read unix_write write };
>  +allow syslogd_t tmpfs_t:file { read write };
>  diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
> -index 3dcb8493..a87d0e82 100644
> +index 3dcb849..a87d0e8 100644
>  --- a/policy/modules/system/mount.te
>  +++ b/policy/modules/system/mount.te
>  @@ -231,3 +231,6 @@ optional_policy(`
> @@ -76,7 +73,7 @@ index 3dcb8493..a87d0e82 100644
>  +allow mount_t proc_t:filesystem getattr;
>  +allow mount_t initrc_t:udp_socket { read write };
>  diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
> -index a6f09dfd..68b80de3 100644
> +index a6f09df..68b80de 100644
>  --- a/policy/modules/system/systemd.te
>  +++ b/policy/modules/system/systemd.te
>  @@ -993,6 +993,11 @@ allow systemd_tmpfiles_t systemd_journal_t:file { relabelfrom relabelto };
> diff --git a/recipes-security/refpolicy/refpolicy-git/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch b/recipes-security/refpolicy/refpolicy-git/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> index 3cc5395..517782d 100644
> --- a/recipes-security/refpolicy/refpolicy-git/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> +++ b/recipes-security/refpolicy/refpolicy-git/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> @@ -62,7 +62,6 @@ index e6221a02..4cc73327 100644
>  +allow auditd_t initrc_t:unix_dgram_socket sendto;
>  +
>  +allow klogd_t initrc_t:unix_dgram_socket sendto;
> -\ No newline at end of file
>  -- 
>  2.19.1
>  
> diff --git a/recipes-security/refpolicy/refpolicy-git/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch b/recipes-security/refpolicy/refpolicy-git/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> index 06b9192..5132cd8 100644
> --- a/recipes-security/refpolicy/refpolicy-git/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> +++ b/recipes-security/refpolicy/refpolicy-git/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> @@ -33,13 +33,13 @@ Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
>  Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
>  ---
>   policy/modules/system/authlogin.te | 2 ++
> - policy/modules/system/logging.te   | 7 ++++++-
> + policy/modules/system/logging.te   | 5 +++++
>   policy/modules/system/mount.te     | 3 +++
>   policy/modules/system/systemd.te   | 5 +++++
> - 4 files changed, 16 insertions(+), 1 deletion(-)
> + 4 files changed, 15 insertions(+)
>  
>  diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
> -index 28f74bac..dfa46612 100644
> +index 28f74ba..dfa4661 100644
>  --- a/policy/modules/system/authlogin.te
>  +++ b/policy/modules/system/authlogin.te
>  @@ -479,3 +479,5 @@ optional_policy(`
> @@ -49,23 +49,20 @@ index 28f74bac..dfa46612 100644
>  +
>  +allow chkpwd_t proc_t:filesystem getattr;
>  diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
> -index 4cc73327..98c2bd19 100644
> +index 541f5c6..98c2bd1 100644
>  --- a/policy/modules/system/logging.te
>  +++ b/policy/modules/system/logging.te
> -@@ -627,4 +627,9 @@ allow auditd_t tmpfs_t:file { getattr setattr create open read append };
> - allow auditd_t tmpfs_t:dir { open read search add_name write getattr search };
> +@@ -628,3 +628,8 @@ allow auditd_t tmpfs_t:dir { open read search add_name write getattr search };
>   allow auditd_t initrc_t:unix_dgram_socket sendto;
>   
> --allow klogd_t initrc_t:unix_dgram_socket sendto;
> -\ No newline at end of file
> -+allow klogd_t initrc_t:unix_dgram_socket sendto;
> + allow klogd_t initrc_t:unix_dgram_socket sendto;
>  +
>  +allow syslogd_t self:shm create;
>  +allow syslogd_t self:sem { create read unix_write write };
>  +allow syslogd_t self:shm { read unix_read unix_write write };
>  +allow syslogd_t tmpfs_t:file { read write };
>  diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
> -index 3dcb8493..a87d0e82 100644
> +index 3dcb849..a87d0e8 100644
>  --- a/policy/modules/system/mount.te
>  +++ b/policy/modules/system/mount.te
>  @@ -231,3 +231,6 @@ optional_policy(`
> @@ -76,7 +73,7 @@ index 3dcb8493..a87d0e82 100644
>  +allow mount_t proc_t:filesystem getattr;
>  +allow mount_t initrc_t:udp_socket { read write };
>  diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
> -index f6455f6f..b13337b9 100644
> +index f6455f6..b13337b 100644
>  --- a/policy/modules/system/systemd.te
>  +++ b/policy/modules/system/systemd.te
>  @@ -1011,6 +1011,11 @@ allow systemd_tmpfiles_t systemd_journal_t:file { relabelfrom relabelto };
> -- 
> 2.7.4
> 
> -- 
> _______________________________________________
> yocto mailing list
> yocto@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 201 bytes --]

     prev parent reply	other threads:[~2019-04-24 13:06 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-19  6:10 [meta-selinux][PATCH] refpolicy: refresh patches Yi Zhao
2019-04-23 16:00 ` Joe MacDonald [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190423160043.GA5013@deserted.net \
    --to=joe@deserted.net \
    --cc=yi.zhao@windriver.com \
    --cc=yocto@yoctoproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.