* [PATCH][meta-selinux] audit: fix the permission of configuration file
@ 2014-02-20 12:59 rongqing.li
2014-02-21 5:53 ` Pascal Ouyang
0 siblings, 1 reply; 4+ messages in thread
From: rongqing.li @ 2014-02-20 12:59 UTC (permalink / raw)
To: yocto
From: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
---
.../audit/fix-auditd.conf-file-s-permission.patch | 41 ++++++++++++++++++++
recipes-security/audit/audit_2.3.2.bb | 4 +-
2 files changed, 44 insertions(+), 1 deletion(-)
create mode 100644 recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
diff --git a/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch b/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
new file mode 100644
index 0000000..be3412b
--- /dev/null
+++ b/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
@@ -0,0 +1,41 @@
+From abeb7f0e35a4e77e914fea34ddaf8b30b51e49e3 Mon Sep 17 00:00:00 2001
+From: Roy Li <rongqing.li@windriver.com>
+Date: Thu, 20 Feb 2014 20:38:31 +0800
+Subject: [PATCH] fix auditd.conf file and path permission
+
+Upstream-Status: Pending
+
+A ordinary use should not to access auditd configuration files
+
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+---
+ init.d/Makefile.am | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/init.d/Makefile.am b/init.d/Makefile.am
+index 521dd1d..50728bc 100644
+--- a/init.d/Makefile.am
++++ b/init.d/Makefile.am
+@@ -37,13 +37,17 @@ endif
+
+ auditdir = $(sysconfdir)/audit
+ auditrdir = $(auditdir)/rules.d
+-dist_audit_DATA = auditd.conf
+-dist_auditr_DATA = audit.rules
++auditconfig = auditd.conf
++auditrconfig = audit.rules
+ sbin_SCRIPTS = augenrules
+
+ install-data-hook:
+ $(INSTALL_DATA) -D -m 640 ${srcdir}/${dispconfig} ${DESTDIR}${dispconfigdir}
+ $(INSTALL_DATA) -D -m 640 ${srcdir}/${libconfig} ${DESTDIR}${sysconfdir}
++ $(INSTALL_DATA) -d -m 750 ${DESTDIR}${auditdir}
++ $(INSTALL_DATA) -d -m 750 ${DESTDIR}${auditrdir}
++ $(INSTALL_DATA) -m 640 ${srcdir}/${auditconfig} ${DESTDIR}${auditdir}
++ $(INSTALL_DATA) -m 640 ${srcdir}/${auditrconfig} ${DESTDIR}${auditrdir}
+ if ENABLE_SYSTEMD
+ else
+ $(INSTALL_DATA) -D -m 640 ${srcdir}/auditd.sysconfig ${DESTDIR}${sysconfigdir}/auditd
+--
+1.7.10.4
+
diff --git a/recipes-security/audit/audit_2.3.2.bb b/recipes-security/audit/audit_2.3.2.bb
index edcb881..6e376f8 100644
--- a/recipes-security/audit/audit_2.3.2.bb
+++ b/recipes-security/audit/audit_2.3.2.bb
@@ -14,7 +14,9 @@ SRC_URI = "http://people.redhat.com/sgrubb/audit/audit-${PV}.tar.gz \
file://audit-python-configure.patch \
file://audit-for-cross-compiling.patch \
file://auditd \
- file://fix-swig-host-contamination.patch"
+ file://fix-swig-host-contamination.patch \
+ file://fix-auditd.conf-file-s-permission.patch \
+"
inherit autotools pythonnative update-rc.d
--
1.7.10.4
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: [PATCH][meta-selinux] audit: fix the permission of configuration file
2014-02-20 12:59 [PATCH][meta-selinux] audit: fix the permission of configuration file rongqing.li
@ 2014-02-21 5:53 ` Pascal Ouyang
2014-02-21 7:42 ` Rongqing Li
0 siblings, 1 reply; 4+ messages in thread
From: Pascal Ouyang @ 2014-02-21 5:53 UTC (permalink / raw)
To: rongqing.li, yocto
于 14-2-20 下午8:59, rongqing.li@windriver.com 写道:
> From: Roy Li <rongqing.li@windriver.com>
>
> Signed-off-by: Roy Li <rongqing.li@windriver.com>
> ---
> .../audit/fix-auditd.conf-file-s-permission.patch | 41 ++++++++++++++++++++
> recipes-security/audit/audit_2.3.2.bb | 4 +-
> 2 files changed, 44 insertions(+), 1 deletion(-)
> create mode 100644 recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
>
> diff --git a/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch b/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
> new file mode 100644
> index 0000000..be3412b
> --- /dev/null
> +++ b/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
> @@ -0,0 +1,41 @@
> +From abeb7f0e35a4e77e914fea34ddaf8b30b51e49e3 Mon Sep 17 00:00:00 2001
> +From: Roy Li <rongqing.li@windriver.com>
> +Date: Thu, 20 Feb 2014 20:38:31 +0800
> +Subject: [PATCH] fix auditd.conf file and path permission
> +
> +Upstream-Status: Pending
> +
> +A ordinary use should not to access auditd configuration files
> +
> +Signed-off-by: Roy Li <rongqing.li@windriver.com>
> +---
> + init.d/Makefile.am | 8 ++++++--
> + 1 file changed, 6 insertions(+), 2 deletions(-)
> +
> +diff --git a/init.d/Makefile.am b/init.d/Makefile.am
> +index 521dd1d..50728bc 100644
> +--- a/init.d/Makefile.am
> ++++ b/init.d/Makefile.am
> +@@ -37,13 +37,17 @@ endif
> +
> + auditdir = $(sysconfdir)/audit
> + auditrdir = $(auditdir)/rules.d
> +-dist_audit_DATA = auditd.conf
> +-dist_auditr_DATA = audit.rules
> ++auditconfig = auditd.conf
> ++auditrconfig = audit.rules
> + sbin_SCRIPTS = augenrules
> +
> + install-data-hook:
> + $(INSTALL_DATA) -D -m 640 ${srcdir}/${dispconfig} ${DESTDIR}${dispconfigdir}
> + $(INSTALL_DATA) -D -m 640 ${srcdir}/${libconfig} ${DESTDIR}${sysconfdir}
> ++ $(INSTALL_DATA) -d -m 750 ${DESTDIR}${auditdir}
> ++ $(INSTALL_DATA) -d -m 750 ${DESTDIR}${auditrdir}
> ++ $(INSTALL_DATA) -m 640 ${srcdir}/${auditconfig} ${DESTDIR}${auditdir}
> ++ $(INSTALL_DATA) -m 640 ${srcdir}/${auditrconfig} ${DESTDIR}${auditrdir}
> + if ENABLE_SYSTEMD
> + else
> + $(INSTALL_DATA) -D -m 640 ${srcdir}/auditd.sysconfig ${DESTDIR}${sysconfigdir}/auditd
> +--
> +1.7.10.4
> +
> diff --git a/recipes-security/audit/audit_2.3.2.bb b/recipes-security/audit/audit_2.3.2.bb
> index edcb881..6e376f8 100644
> --- a/recipes-security/audit/audit_2.3.2.bb
> +++ b/recipes-security/audit/audit_2.3.2.bb
> @@ -14,7 +14,9 @@ SRC_URI = "http://people.redhat.com/sgrubb/audit/audit-${PV}.tar.gz \
> file://audit-python-configure.patch \
> file://audit-for-cross-compiling.patch \
> file://auditd \
> - file://fix-swig-host-contamination.patch"
> + file://fix-swig-host-contamination.patch \
> + file://fix-auditd.conf-file-s-permission.patch \
> +"
>
> inherit autotools pythonnative update-rc.d
>
>
chmod in do_install is enough, please do not use a patch.
Thanks. :)
--
- Pascal
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH][meta-selinux] audit: fix the permission of configuration file
2014-02-21 5:53 ` Pascal Ouyang
@ 2014-02-21 7:42 ` Rongqing Li
2014-02-21 7:56 ` Pascal Ouyang
0 siblings, 1 reply; 4+ messages in thread
From: Rongqing Li @ 2014-02-21 7:42 UTC (permalink / raw)
To: Pascal Ouyang; +Cc: yocto
On 02/21/2014 01:53 PM, Pascal Ouyang wrote:
> 于 14-2-20 下午8:59, rongqing.li@windriver.com 写道:
>> From: Roy Li <rongqing.li@windriver.com>
>>
>> Signed-off-by: Roy Li <rongqing.li@windriver.com>
>> ---
>> .../audit/fix-auditd.conf-file-s-permission.patch | 41
>> ++++++++++++++++++++
>> recipes-security/audit/audit_2.3.2.bb | 4 +-
>> 2 files changed, 44 insertions(+), 1 deletion(-)
>> create mode 100644
>> recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
>>
>> diff --git
>> a/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
>> b/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
>> new file mode 100644
>> index 0000000..be3412b
>> --- /dev/null
>> +++
>> b/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
>> @@ -0,0 +1,41 @@
>> +From abeb7f0e35a4e77e914fea34ddaf8b30b51e49e3 Mon Sep 17 00:00:00 2001
>> +From: Roy Li <rongqing.li@windriver.com>
>> +Date: Thu, 20 Feb 2014 20:38:31 +0800
>> +Subject: [PATCH] fix auditd.conf file and path permission
>> +
>> +Upstream-Status: Pending
>> +
>> +A ordinary use should not to access auditd configuration files
>> +
>> +Signed-off-by: Roy Li <rongqing.li@windriver.com>
>> +---
>> + init.d/Makefile.am | 8 ++++++--
>> + 1 file changed, 6 insertions(+), 2 deletions(-)
>> +
>> +diff --git a/init.d/Makefile.am b/init.d/Makefile.am
>> +index 521dd1d..50728bc 100644
>> +--- a/init.d/Makefile.am
>> ++++ b/init.d/Makefile.am
>> +@@ -37,13 +37,17 @@ endif
>> +
>> + auditdir = $(sysconfdir)/audit
>> + auditrdir = $(auditdir)/rules.d
>> +-dist_audit_DATA = auditd.conf
>> +-dist_auditr_DATA = audit.rules
>> ++auditconfig = auditd.conf
>> ++auditrconfig = audit.rules
>> + sbin_SCRIPTS = augenrules
>> +
>> + install-data-hook:
>> + $(INSTALL_DATA) -D -m 640 ${srcdir}/${dispconfig}
>> ${DESTDIR}${dispconfigdir}
>> + $(INSTALL_DATA) -D -m 640 ${srcdir}/${libconfig}
>> ${DESTDIR}${sysconfdir}
>> ++ $(INSTALL_DATA) -d -m 750 ${DESTDIR}${auditdir}
>> ++ $(INSTALL_DATA) -d -m 750 ${DESTDIR}${auditrdir}
>> ++ $(INSTALL_DATA) -m 640 ${srcdir}/${auditconfig}
>> ${DESTDIR}${auditdir}
>> ++ $(INSTALL_DATA) -m 640 ${srcdir}/${auditrconfig}
>> ${DESTDIR}${auditrdir}
>> + if ENABLE_SYSTEMD
>> + else
>> + $(INSTALL_DATA) -D -m 640 ${srcdir}/auditd.sysconfig
>> ${DESTDIR}${sysconfigdir}/auditd
>> +--
>> +1.7.10.4
>> +
>> diff --git a/recipes-security/audit/audit_2.3.2.bb
>> b/recipes-security/audit/audit_2.3.2.bb
>> index edcb881..6e376f8 100644
>> --- a/recipes-security/audit/audit_2.3.2.bb
>> +++ b/recipes-security/audit/audit_2.3.2.bb
>> @@ -14,7 +14,9 @@ SRC_URI =
>> "http://people.redhat.com/sgrubb/audit/audit-${PV}.tar.gz \
>> file://audit-python-configure.patch \
>> file://audit-for-cross-compiling.patch \
>> file://auditd \
>> - file://fix-swig-host-contamination.patch"
>> + file://fix-swig-host-contamination.patch \
>> + file://fix-auditd.conf-file-s-permission.patch \
>> +"
>>
>> inherit autotools pythonnative update-rc.d
>>
>>
>
> chmod in do_install is enough, please do not use a patch.
>
Why ?
-Roy
> Thanks. :)
>
--
Best Reagrds,
Roy | RongQing Li
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH][meta-selinux] audit: fix the permission of configuration file
2014-02-21 7:42 ` Rongqing Li
@ 2014-02-21 7:56 ` Pascal Ouyang
0 siblings, 0 replies; 4+ messages in thread
From: Pascal Ouyang @ 2014-02-21 7:56 UTC (permalink / raw)
To: Rongqing Li; +Cc: yocto
于 14-2-21 下午3:42, Rongqing Li 写道:
>
>
> On 02/21/2014 01:53 PM, Pascal Ouyang wrote:
>> 于 14-2-20 下午8:59, rongqing.li@windriver.com 写道:
>>> From: Roy Li <rongqing.li@windriver.com>
>>>
>>> Signed-off-by: Roy Li <rongqing.li@windriver.com>
>>> ---
>>> .../audit/fix-auditd.conf-file-s-permission.patch | 41
>>> ++++++++++++++++++++
>>> recipes-security/audit/audit_2.3.2.bb | 4 +-
>>> 2 files changed, 44 insertions(+), 1 deletion(-)
>>> create mode 100644
>>> recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
>>>
>>> diff --git
>>> a/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
>>> b/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
>>> new file mode 100644
>>> index 0000000..be3412b
>>> --- /dev/null
>>> +++
>>> b/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
>>> @@ -0,0 +1,41 @@
>>> +From abeb7f0e35a4e77e914fea34ddaf8b30b51e49e3 Mon Sep 17 00:00:00 2001
>>> +From: Roy Li <rongqing.li@windriver.com>
>>> +Date: Thu, 20 Feb 2014 20:38:31 +0800
>>> +Subject: [PATCH] fix auditd.conf file and path permission
>>> +
>>> +Upstream-Status: Pending
>>> +
>>> +A ordinary use should not to access auditd configuration files
>>> +
>>> +Signed-off-by: Roy Li <rongqing.li@windriver.com>
>>> +---
>>> + init.d/Makefile.am | 8 ++++++--
>>> + 1 file changed, 6 insertions(+), 2 deletions(-)
>>> +
>>> +diff --git a/init.d/Makefile.am b/init.d/Makefile.am
>>> +index 521dd1d..50728bc 100644
>>> +--- a/init.d/Makefile.am
>>> ++++ b/init.d/Makefile.am
>>> +@@ -37,13 +37,17 @@ endif
>>> +
>>> + auditdir = $(sysconfdir)/audit
>>> + auditrdir = $(auditdir)/rules.d
>>> +-dist_audit_DATA = auditd.conf
>>> +-dist_auditr_DATA = audit.rules
>>> ++auditconfig = auditd.conf
>>> ++auditrconfig = audit.rules
>>> + sbin_SCRIPTS = augenrules
>>> +
>>> + install-data-hook:
>>> + $(INSTALL_DATA) -D -m 640 ${srcdir}/${dispconfig}
>>> ${DESTDIR}${dispconfigdir}
>>> + $(INSTALL_DATA) -D -m 640 ${srcdir}/${libconfig}
>>> ${DESTDIR}${sysconfdir}
>>> ++ $(INSTALL_DATA) -d -m 750 ${DESTDIR}${auditdir}
>>> ++ $(INSTALL_DATA) -d -m 750 ${DESTDIR}${auditrdir}
>>> ++ $(INSTALL_DATA) -m 640 ${srcdir}/${auditconfig}
>>> ${DESTDIR}${auditdir}
>>> ++ $(INSTALL_DATA) -m 640 ${srcdir}/${auditrconfig}
>>> ${DESTDIR}${auditrdir}
>>> + if ENABLE_SYSTEMD
>>> + else
>>> + $(INSTALL_DATA) -D -m 640 ${srcdir}/auditd.sysconfig
>>> ${DESTDIR}${sysconfigdir}/auditd
>>> +--
>>> +1.7.10.4
>>> +
>>> diff --git a/recipes-security/audit/audit_2.3.2.bb
>>> b/recipes-security/audit/audit_2.3.2.bb
>>> index edcb881..6e376f8 100644
>>> --- a/recipes-security/audit/audit_2.3.2.bb
>>> +++ b/recipes-security/audit/audit_2.3.2.bb
>>> @@ -14,7 +14,9 @@ SRC_URI =
>>> "http://people.redhat.com/sgrubb/audit/audit-${PV}.tar.gz \
>>> file://audit-python-configure.patch \
>>> file://audit-for-cross-compiling.patch \
>>> file://auditd \
>>> - file://fix-swig-host-contamination.patch"
>>> + file://fix-swig-host-contamination.patch \
>>> + file://fix-auditd.conf-file-s-permission.patch \
>>> +"
>>>
>>> inherit autotools pythonnative update-rc.d
>>>
>>>
>>
>> chmod in do_install is enough, please do not use a patch.
>>
>
> Why ?
>
> -Roy
>
>> Thanks. :)
>>
>
Because more patches need more maintain work. It is not unnecessary if
simple bb modify also work.
Thanks. :)
--
- Pascal
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-02-21 7:56 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-02-20 12:59 [PATCH][meta-selinux] audit: fix the permission of configuration file rongqing.li
2014-02-21 5:53 ` Pascal Ouyang
2014-02-21 7:42 ` Rongqing Li
2014-02-21 7:56 ` Pascal Ouyang
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.