[meta-selinux][PATCH] refpolicy: refresh patches

All of lore.kernel.org
 help / color / mirror / Atom feed

* [meta-selinux][PATCH] refpolicy: refresh patches
@ 2019-04-19  6:10 Yi Zhao
  2019-04-23 16:00 ` Joe MacDonald
  0 siblings, 1 reply; 2+ messages in thread
From: Yi Zhao @ 2019-04-19  6:10 UTC (permalink / raw)
  To: yocto

Refrefsh 0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
and 0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch.
Remove the trailing line: \ No newline at end of file

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 ...y-minimum-audit-logging-getty-audit-related-.patch |  1 -
 ...y-minimum-systemd-mount-logging-authlogin-ad.patch | 19 ++++++++-----------
 ...y-minimum-audit-logging-getty-audit-related-.patch |  1 -
 ...y-minimum-systemd-mount-logging-authlogin-ad.patch | 19 ++++++++-----------
 4 files changed, 16 insertions(+), 24 deletions(-)

diff --git a/recipes-security/refpolicy/refpolicy-2.20190201/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch b/recipes-security/refpolicy/refpolicy-2.20190201/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
index f92ddb8..10d2bcb 100644
--- a/recipes-security/refpolicy/refpolicy-2.20190201/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
+++ b/recipes-security/refpolicy/refpolicy-2.20190201/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
@@ -62,7 +62,6 @@ index 63e92a8e..8ab46925 100644
 +allow auditd_t initrc_t:unix_dgram_socket sendto;
 +
 +allow klogd_t initrc_t:unix_dgram_socket sendto;
-\ No newline at end of file
 -- 
 2.19.1
 
diff --git a/recipes-security/refpolicy/refpolicy-2.20190201/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch b/recipes-security/refpolicy/refpolicy-2.20190201/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
index 98b6156..65ef55b 100644
--- a/recipes-security/refpolicy/refpolicy-2.20190201/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
+++ b/recipes-security/refpolicy/refpolicy-2.20190201/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
@@ -33,13 +33,13 @@ Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
 Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 ---
  policy/modules/system/authlogin.te | 2 ++
- policy/modules/system/logging.te   | 7 ++++++-
+ policy/modules/system/logging.te   | 5 +++++
  policy/modules/system/mount.te     | 3 +++
  policy/modules/system/systemd.te   | 5 +++++
- 4 files changed, 16 insertions(+), 1 deletion(-)
+ 4 files changed, 15 insertions(+)
 
 diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
-index 345e07f3..39f860e0 100644
+index 345e07f..39f860e 100644
 --- a/policy/modules/system/authlogin.te
 +++ b/policy/modules/system/authlogin.te
 @@ -472,3 +472,5 @@ optional_policy(`
@@ -49,23 +49,20 @@ index 345e07f3..39f860e0 100644
 +
 +allow chkpwd_t proc_t:filesystem getattr;
 diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
-index 8ab46925..520f7da6 100644
+index c9991ab..520f7da 100644
 --- a/policy/modules/system/logging.te
 +++ b/policy/modules/system/logging.te
-@@ -627,4 +627,9 @@ allow auditd_t tmpfs_t:file { getattr setattr create open read append };
- allow auditd_t tmpfs_t:dir { open read search add_name write getattr search };
+@@ -628,3 +628,8 @@ allow auditd_t tmpfs_t:dir { open read search add_name write getattr search };
  allow auditd_t initrc_t:unix_dgram_socket sendto;
  
--allow klogd_t initrc_t:unix_dgram_socket sendto;
-\ No newline at end of file
-+allow klogd_t initrc_t:unix_dgram_socket sendto;
+ allow klogd_t initrc_t:unix_dgram_socket sendto;
 +
 +allow syslogd_t self:shm create;
 +allow syslogd_t self:sem { create read unix_write write };
 +allow syslogd_t self:shm { read unix_read unix_write write };
 +allow syslogd_t tmpfs_t:file { read write };
 diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
-index 3dcb8493..a87d0e82 100644
+index 3dcb849..a87d0e8 100644
 --- a/policy/modules/system/mount.te
 +++ b/policy/modules/system/mount.te
 @@ -231,3 +231,6 @@ optional_policy(`
@@ -76,7 +73,7 @@ index 3dcb8493..a87d0e82 100644
 +allow mount_t proc_t:filesystem getattr;
 +allow mount_t initrc_t:udp_socket { read write };
 diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
-index a6f09dfd..68b80de3 100644
+index a6f09df..68b80de 100644
 --- a/policy/modules/system/systemd.te
 +++ b/policy/modules/system/systemd.te
 @@ -993,6 +993,11 @@ allow systemd_tmpfiles_t systemd_journal_t:file { relabelfrom relabelto };
diff --git a/recipes-security/refpolicy/refpolicy-git/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch b/recipes-security/refpolicy/refpolicy-git/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
index 3cc5395..517782d 100644
--- a/recipes-security/refpolicy/refpolicy-git/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
+++ b/recipes-security/refpolicy/refpolicy-git/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
@@ -62,7 +62,6 @@ index e6221a02..4cc73327 100644
 +allow auditd_t initrc_t:unix_dgram_socket sendto;
 +
 +allow klogd_t initrc_t:unix_dgram_socket sendto;
-\ No newline at end of file
 -- 
 2.19.1
 
diff --git a/recipes-security/refpolicy/refpolicy-git/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch b/recipes-security/refpolicy/refpolicy-git/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
index 06b9192..5132cd8 100644
--- a/recipes-security/refpolicy/refpolicy-git/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
+++ b/recipes-security/refpolicy/refpolicy-git/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
@@ -33,13 +33,13 @@ Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
 Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 ---
  policy/modules/system/authlogin.te | 2 ++
- policy/modules/system/logging.te   | 7 ++++++-
+ policy/modules/system/logging.te   | 5 +++++
  policy/modules/system/mount.te     | 3 +++
  policy/modules/system/systemd.te   | 5 +++++
- 4 files changed, 16 insertions(+), 1 deletion(-)
+ 4 files changed, 15 insertions(+)
 
 diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
-index 28f74bac..dfa46612 100644
+index 28f74ba..dfa4661 100644
 --- a/policy/modules/system/authlogin.te
 +++ b/policy/modules/system/authlogin.te
 @@ -479,3 +479,5 @@ optional_policy(`
@@ -49,23 +49,20 @@ index 28f74bac..dfa46612 100644
 +
 +allow chkpwd_t proc_t:filesystem getattr;
 diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
-index 4cc73327..98c2bd19 100644
+index 541f5c6..98c2bd1 100644
 --- a/policy/modules/system/logging.te
 +++ b/policy/modules/system/logging.te
-@@ -627,4 +627,9 @@ allow auditd_t tmpfs_t:file { getattr setattr create open read append };
- allow auditd_t tmpfs_t:dir { open read search add_name write getattr search };
+@@ -628,3 +628,8 @@ allow auditd_t tmpfs_t:dir { open read search add_name write getattr search };
  allow auditd_t initrc_t:unix_dgram_socket sendto;
  
--allow klogd_t initrc_t:unix_dgram_socket sendto;
-\ No newline at end of file
-+allow klogd_t initrc_t:unix_dgram_socket sendto;
+ allow klogd_t initrc_t:unix_dgram_socket sendto;
 +
 +allow syslogd_t self:shm create;
 +allow syslogd_t self:sem { create read unix_write write };
 +allow syslogd_t self:shm { read unix_read unix_write write };
 +allow syslogd_t tmpfs_t:file { read write };
 diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
-index 3dcb8493..a87d0e82 100644
+index 3dcb849..a87d0e8 100644
 --- a/policy/modules/system/mount.te
 +++ b/policy/modules/system/mount.te
 @@ -231,3 +231,6 @@ optional_policy(`
@@ -76,7 +73,7 @@ index 3dcb8493..a87d0e82 100644
 +allow mount_t proc_t:filesystem getattr;
 +allow mount_t initrc_t:udp_socket { read write };
 diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
-index f6455f6f..b13337b9 100644
+index f6455f6..b13337b 100644
 --- a/policy/modules/system/systemd.te
 +++ b/policy/modules/system/systemd.te
 @@ -1011,6 +1011,11 @@ allow systemd_tmpfiles_t systemd_journal_t:file { relabelfrom relabelto };
-- 
2.7.4



^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [meta-selinux][PATCH] refpolicy: refresh patches
  2019-04-19  6:10 [meta-selinux][PATCH] refpolicy: refresh patches Yi Zhao
@ 2019-04-23 16:00 ` Joe MacDonald
  0 siblings, 0 replies; 2+ messages in thread
From: Joe MacDonald @ 2019-04-23 16:00 UTC (permalink / raw)
  To: Yi Zhao; +Cc: yocto

[-- Attachment #1: Type: text/plain, Size: 9085 bytes --]

Hi Yi,

Where did this patch refresh come from?  Since the goal right now for the
refpolicy recipes is to move to a purely git-based approach, I'd prefer to not
do patch refreshes that don't come from an export of the patched git trees, like
the one I'd mentioned in my earlier email here:

	https://www.mail-archive.com/yocto@yoctoproject.org/msg43933.html

Thanks,
-Joe.

[[yocto] [meta-selinux][PATCH] refpolicy: refresh patches] On 19.04.19 (Fri 14:10) Yi Zhao wrote:

> Refrefsh 0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> and 0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch.
> Remove the trailing line: \ No newline at end of file
> 
> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
> ---
>  ...y-minimum-audit-logging-getty-audit-related-.patch |  1 -
>  ...y-minimum-systemd-mount-logging-authlogin-ad.patch | 19 ++++++++-----------
>  ...y-minimum-audit-logging-getty-audit-related-.patch |  1 -
>  ...y-minimum-systemd-mount-logging-authlogin-ad.patch | 19 ++++++++-----------
>  4 files changed, 16 insertions(+), 24 deletions(-)
> 
> diff --git a/recipes-security/refpolicy/refpolicy-2.20190201/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch b/recipes-security/refpolicy/refpolicy-2.20190201/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> index f92ddb8..10d2bcb 100644
> --- a/recipes-security/refpolicy/refpolicy-2.20190201/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> +++ b/recipes-security/refpolicy/refpolicy-2.20190201/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> @@ -62,7 +62,6 @@ index 63e92a8e..8ab46925 100644
>  +allow auditd_t initrc_t:unix_dgram_socket sendto;
>  +
>  +allow klogd_t initrc_t:unix_dgram_socket sendto;
> -\ No newline at end of file
>  -- 
>  2.19.1
>  
> diff --git a/recipes-security/refpolicy/refpolicy-2.20190201/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch b/recipes-security/refpolicy/refpolicy-2.20190201/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> index 98b6156..65ef55b 100644
> --- a/recipes-security/refpolicy/refpolicy-2.20190201/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> +++ b/recipes-security/refpolicy/refpolicy-2.20190201/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> @@ -33,13 +33,13 @@ Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
>  Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
>  ---
>   policy/modules/system/authlogin.te | 2 ++
> - policy/modules/system/logging.te   | 7 ++++++-
> + policy/modules/system/logging.te   | 5 +++++
>   policy/modules/system/mount.te     | 3 +++
>   policy/modules/system/systemd.te   | 5 +++++
> - 4 files changed, 16 insertions(+), 1 deletion(-)
> + 4 files changed, 15 insertions(+)
>  
>  diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
> -index 345e07f3..39f860e0 100644
> +index 345e07f..39f860e 100644
>  --- a/policy/modules/system/authlogin.te
>  +++ b/policy/modules/system/authlogin.te
>  @@ -472,3 +472,5 @@ optional_policy(`
> @@ -49,23 +49,20 @@ index 345e07f3..39f860e0 100644
>  +
>  +allow chkpwd_t proc_t:filesystem getattr;
>  diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
> -index 8ab46925..520f7da6 100644
> +index c9991ab..520f7da 100644
>  --- a/policy/modules/system/logging.te
>  +++ b/policy/modules/system/logging.te
> -@@ -627,4 +627,9 @@ allow auditd_t tmpfs_t:file { getattr setattr create open read append };
> - allow auditd_t tmpfs_t:dir { open read search add_name write getattr search };
> +@@ -628,3 +628,8 @@ allow auditd_t tmpfs_t:dir { open read search add_name write getattr search };
>   allow auditd_t initrc_t:unix_dgram_socket sendto;
>   
> --allow klogd_t initrc_t:unix_dgram_socket sendto;
> -\ No newline at end of file
> -+allow klogd_t initrc_t:unix_dgram_socket sendto;
> + allow klogd_t initrc_t:unix_dgram_socket sendto;
>  +
>  +allow syslogd_t self:shm create;
>  +allow syslogd_t self:sem { create read unix_write write };
>  +allow syslogd_t self:shm { read unix_read unix_write write };
>  +allow syslogd_t tmpfs_t:file { read write };
>  diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
> -index 3dcb8493..a87d0e82 100644
> +index 3dcb849..a87d0e8 100644
>  --- a/policy/modules/system/mount.te
>  +++ b/policy/modules/system/mount.te
>  @@ -231,3 +231,6 @@ optional_policy(`
> @@ -76,7 +73,7 @@ index 3dcb8493..a87d0e82 100644
>  +allow mount_t proc_t:filesystem getattr;
>  +allow mount_t initrc_t:udp_socket { read write };
>  diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
> -index a6f09dfd..68b80de3 100644
> +index a6f09df..68b80de 100644
>  --- a/policy/modules/system/systemd.te
>  +++ b/policy/modules/system/systemd.te
>  @@ -993,6 +993,11 @@ allow systemd_tmpfiles_t systemd_journal_t:file { relabelfrom relabelto };
> diff --git a/recipes-security/refpolicy/refpolicy-git/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch b/recipes-security/refpolicy/refpolicy-git/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> index 3cc5395..517782d 100644
> --- a/recipes-security/refpolicy/refpolicy-git/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> +++ b/recipes-security/refpolicy/refpolicy-git/0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch
> @@ -62,7 +62,6 @@ index e6221a02..4cc73327 100644
>  +allow auditd_t initrc_t:unix_dgram_socket sendto;
>  +
>  +allow klogd_t initrc_t:unix_dgram_socket sendto;
> -\ No newline at end of file
>  -- 
>  2.19.1
>  
> diff --git a/recipes-security/refpolicy/refpolicy-git/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch b/recipes-security/refpolicy/refpolicy-git/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> index 06b9192..5132cd8 100644
> --- a/recipes-security/refpolicy/refpolicy-git/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> +++ b/recipes-security/refpolicy/refpolicy-git/0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch
> @@ -33,13 +33,13 @@ Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
>  Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
>  ---
>   policy/modules/system/authlogin.te | 2 ++
> - policy/modules/system/logging.te   | 7 ++++++-
> + policy/modules/system/logging.te   | 5 +++++
>   policy/modules/system/mount.te     | 3 +++
>   policy/modules/system/systemd.te   | 5 +++++
> - 4 files changed, 16 insertions(+), 1 deletion(-)
> + 4 files changed, 15 insertions(+)
>  
>  diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
> -index 28f74bac..dfa46612 100644
> +index 28f74ba..dfa4661 100644
>  --- a/policy/modules/system/authlogin.te
>  +++ b/policy/modules/system/authlogin.te
>  @@ -479,3 +479,5 @@ optional_policy(`
> @@ -49,23 +49,20 @@ index 28f74bac..dfa46612 100644
>  +
>  +allow chkpwd_t proc_t:filesystem getattr;
>  diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
> -index 4cc73327..98c2bd19 100644
> +index 541f5c6..98c2bd1 100644
>  --- a/policy/modules/system/logging.te
>  +++ b/policy/modules/system/logging.te
> -@@ -627,4 +627,9 @@ allow auditd_t tmpfs_t:file { getattr setattr create open read append };
> - allow auditd_t tmpfs_t:dir { open read search add_name write getattr search };
> +@@ -628,3 +628,8 @@ allow auditd_t tmpfs_t:dir { open read search add_name write getattr search };
>   allow auditd_t initrc_t:unix_dgram_socket sendto;
>   
> --allow klogd_t initrc_t:unix_dgram_socket sendto;
> -\ No newline at end of file
> -+allow klogd_t initrc_t:unix_dgram_socket sendto;
> + allow klogd_t initrc_t:unix_dgram_socket sendto;
>  +
>  +allow syslogd_t self:shm create;
>  +allow syslogd_t self:sem { create read unix_write write };
>  +allow syslogd_t self:shm { read unix_read unix_write write };
>  +allow syslogd_t tmpfs_t:file { read write };
>  diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
> -index 3dcb8493..a87d0e82 100644
> +index 3dcb849..a87d0e8 100644
>  --- a/policy/modules/system/mount.te
>  +++ b/policy/modules/system/mount.te
>  @@ -231,3 +231,6 @@ optional_policy(`
> @@ -76,7 +73,7 @@ index 3dcb8493..a87d0e82 100644
>  +allow mount_t proc_t:filesystem getattr;
>  +allow mount_t initrc_t:udp_socket { read write };
>  diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
> -index f6455f6f..b13337b9 100644
> +index f6455f6..b13337b 100644
>  --- a/policy/modules/system/systemd.te
>  +++ b/policy/modules/system/systemd.te
>  @@ -1011,6 +1011,11 @@ allow systemd_tmpfiles_t systemd_journal_t:file { relabelfrom relabelto };
> -- 
> 2.7.4
> 
> -- 
> _______________________________________________
> yocto mailing list
> yocto@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 201 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2019-04-24 13:06 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-04-19  6:10 [meta-selinux][PATCH] refpolicy: refresh patches Yi Zhao
2019-04-23 16:00 ` Joe MacDonald

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.