[meta-selinux][PATCH 0/1] refpolicy: fix real path for udevd

[meta-selinux][PATCH 0/1] refpolicy: fix real path for udevd

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

In Yocto the real path for udevd is /lib/udev/udevd, this patch fixes
the init issues like:
    
    udevd[87]: setfilecon /dev/vcsa2 failed: Operation not permitted
    udevd[89]: setfilecon /dev/fb0 failed: Operation not permitted

The following changes since commit 2209cb5fc21c1ad5a7471897528ed64170f70219:

  policy: Create compressed_policy distro feature (2013-12-05 09:03:41 -0500)

are available in the git repository at:

  git://git.pokylinux.org/poky-contrib wenzong/fix-udevd-path
  http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/fix-udevd-path

Wenzong Fan (1):
  refpolicy: fix real path for udevd

 .../refpolicy-2.20130424/poky-fc-udevd.patch       |   27 ++++++++++++++++++++
 .../refpolicy/refpolicy_2.20130424.inc             |    1 +
 2 files changed, 28 insertions(+)
 create mode 100644 recipes-security/refpolicy/refpolicy-2.20130424/poky-fc-udevd.patch

-- 
1.7.9.5

[meta-selinux][PATCH 1/1] refpolicy: fix real path for udevd

[wenzong.fan]

From: Wenzong Fan <wenzong.fan@windriver.com>

In Yocto the real path for udevd is /lib/udev/udevd, this patch fixes
the init issues like:

udevd[87]: setfilecon /dev/vcsa2 failed: Operation not permitted
udevd[89]: setfilecon /dev/fb0 failed: Operation not permitted

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 .../refpolicy-2.20130424/poky-fc-udevd.patch       |   27 ++++++++++++++++++++
 .../refpolicy/refpolicy_2.20130424.inc             |    1 +
 2 files changed, 28 insertions(+)
 create mode 100644 recipes-security/refpolicy/refpolicy-2.20130424/poky-fc-udevd.patch

diff --git a/recipes-security/refpolicy/refpolicy-2.20130424/poky-fc-udevd.patch b/recipes-security/refpolicy/refpolicy-2.20130424/poky-fc-udevd.patch
new file mode 100644
index 0000000..d6540a9
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy-2.20130424/poky-fc-udevd.patch
@@ -0,0 +1,27 @@
+From 86fd93b15b97042bcf5ff1b2d1228e7d64b8cfd1 Mon Sep 17 00:00:00 2001
+From: Wenzong Fan <wenzong.fan@windriver.com>
+Date: Tue, 7 Jan 2014 22:22:00 -0500
+Subject: [PATCH] refpolicy: fix real path for udevd
+
+Upstream-Status: Inappropriate [configuration]
+
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+---
+ policy/modules/system/udev.fc |    1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/policy/modules/system/udev.fc b/policy/modules/system/udev.fc
+index 40928d8..36d471d 100644
+--- a/policy/modules/system/udev.fc
++++ b/policy/modules/system/udev.fc
+@@ -10,6 +10,7 @@
+ /etc/udev/scripts/.+ --	gen_context(system_u:object_r:udev_helper_exec_t,s0)
+ 
+ /lib/udev/udev-acl --	gen_context(system_u:object_r:udev_exec_t,s0)
++/lib/udev/udevd    --	gen_context(system_u:object_r:udev_exec_t,s0)
+ 
+ ifdef(`distro_debian',`
+ /lib/udev/create_static_nodes -- gen_context(system_u:object_r:udev_exec_t,s0)
+-- 
+1.7.9.5
+
diff --git a/recipes-security/refpolicy/refpolicy_2.20130424.inc b/recipes-security/refpolicy/refpolicy_2.20130424.inc
index 6871813..cfeeaed 100644
--- a/recipes-security/refpolicy/refpolicy_2.20130424.inc
+++ b/recipes-security/refpolicy/refpolicy_2.20130424.inc
@@ -27,6 +27,7 @@ SRC_URI += "file://poky-fc-subs_dist.patch \
             file://poky-fc-ssh.patch \
             file://poky-fc-su.patch \
             file://poky-fc-sysnetwork.patch \
+            file://poky-fc-udevd.patch \
            "
 
 # Specific policy for Poky
-- 
1.7.9.5

Re: [meta-selinux][PATCH 0/1] refpolicy: fix real path for udevd

[Pascal Ouyang]

于 14-1-9 上午10:54, wenzong.fan@windriver.com 写道:
> From: Wenzong Fan <wenzong.fan@windriver.com>
> 
> In Yocto the real path for udevd is /lib/udev/udevd, this patch fixes
> the init issues like:
>      
>      udevd[87]: setfilecon /dev/vcsa2 failed: Operation not permitted
>      udevd[89]: setfilecon /dev/fb0 failed: Operation not permitted
> 
> The following changes since commit 2209cb5fc21c1ad5a7471897528ed64170f70219:
> 
>    policy: Create compressed_policy distro feature (2013-12-05 09:03:41 -0500)
> 
> are available in the git repository at:
> 
>    git://git.pokylinux.org/poky-contrib wenzong/fix-udevd-path
>    http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/fix-udevd-path
> 
> Wenzong Fan (1):
>    refpolicy: fix real path for udevd
> 
>   .../refpolicy-2.20130424/poky-fc-udevd.patch       |   27 ++++++++++++++++++++
>   .../refpolicy/refpolicy_2.20130424.inc             |    1 +
>   2 files changed, 28 insertions(+)
>   create mode 100644 recipes-security/refpolicy/refpolicy-2.20130424/poky-fc-udevd.patch
> 

Tech ok. Thank you. :)

-- 
- Pascal

Re: [meta-selinux][PATCH 0/1] refpolicy: fix real path for udevd

[Mark Hatle]

merged to master-next

On 1/8/14, 8:54 PM, wenzong.fan@windriver.com wrote:
> From: Wenzong Fan <wenzong.fan@windriver.com>
>
> In Yocto the real path for udevd is /lib/udev/udevd, this patch fixes
> the init issues like:
>
>      udevd[87]: setfilecon /dev/vcsa2 failed: Operation not permitted
>      udevd[89]: setfilecon /dev/fb0 failed: Operation not permitted
>
> The following changes since commit 2209cb5fc21c1ad5a7471897528ed64170f70219:
>
>    policy: Create compressed_policy distro feature (2013-12-05 09:03:41 -0500)
>
> are available in the git repository at:
>
>    git://git.pokylinux.org/poky-contrib wenzong/fix-udevd-path
>    http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/fix-udevd-path
>
> Wenzong Fan (1):
>    refpolicy: fix real path for udevd
>
>   .../refpolicy-2.20130424/poky-fc-udevd.patch       |   27 ++++++++++++++++++++
>   .../refpolicy/refpolicy_2.20130424.inc             |    1 +
>   2 files changed, 28 insertions(+)
>   create mode 100644 recipes-security/refpolicy/refpolicy-2.20130424/poky-fc-udevd.patch
>