Re: [PATCH][meta-selinux] audit: fix the permission of configuration file

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pascal Ouyang <xin.ouyang@windriver.com>
To: Rongqing Li <rongqing.li@windriver.com>
Cc: yocto@yoctoproject.org
Subject: Re: [PATCH][meta-selinux] audit: fix the permission of configuration file
Date: Fri, 21 Feb 2014 15:56:09 +0800	[thread overview]
Message-ID: <53070699.6080909@windriver.com> (raw)
In-Reply-To: <5307036D.2070002@windriver.com>

于 14-2-21 下午3:42, Rongqing Li 写道:
>
>
> On 02/21/2014 01:53 PM, Pascal Ouyang wrote:
>> 于 14-2-20 下午8:59, rongqing.li@windriver.com 写道:
>>> From: Roy Li <rongqing.li@windriver.com>
>>>
>>> Signed-off-by: Roy Li <rongqing.li@windriver.com>
>>> ---
>>>   .../audit/fix-auditd.conf-file-s-permission.patch  |   41
>>> ++++++++++++++++++++
>>>   recipes-security/audit/audit_2.3.2.bb              |    4 +-
>>>   2 files changed, 44 insertions(+), 1 deletion(-)
>>>   create mode 100644
>>> recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
>>>
>>> diff --git
>>> a/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
>>> b/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
>>> new file mode 100644
>>> index 0000000..be3412b
>>> --- /dev/null
>>> +++
>>> b/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
>>> @@ -0,0 +1,41 @@
>>> +From abeb7f0e35a4e77e914fea34ddaf8b30b51e49e3 Mon Sep 17 00:00:00 2001
>>> +From: Roy Li <rongqing.li@windriver.com>
>>> +Date: Thu, 20 Feb 2014 20:38:31 +0800
>>> +Subject: [PATCH] fix auditd.conf file and path permission
>>> +
>>> +Upstream-Status: Pending
>>> +
>>> +A ordinary use should not to access auditd configuration files
>>> +
>>> +Signed-off-by: Roy Li <rongqing.li@windriver.com>
>>> +---
>>> + init.d/Makefile.am |    8 ++++++--
>>> + 1 file changed, 6 insertions(+), 2 deletions(-)
>>> +
>>> +diff --git a/init.d/Makefile.am b/init.d/Makefile.am
>>> +index 521dd1d..50728bc 100644
>>> +--- a/init.d/Makefile.am
>>> ++++ b/init.d/Makefile.am
>>> +@@ -37,13 +37,17 @@ endif
>>> +
>>> + auditdir = $(sysconfdir)/audit
>>> + auditrdir = $(auditdir)/rules.d
>>> +-dist_audit_DATA = auditd.conf
>>> +-dist_auditr_DATA = audit.rules
>>> ++auditconfig = auditd.conf
>>> ++auditrconfig = audit.rules
>>> + sbin_SCRIPTS = augenrules
>>> +
>>> + install-data-hook:
>>> +     $(INSTALL_DATA) -D -m 640 ${srcdir}/${dispconfig}
>>> ${DESTDIR}${dispconfigdir}
>>> +     $(INSTALL_DATA) -D -m 640 ${srcdir}/${libconfig}
>>> ${DESTDIR}${sysconfdir}
>>> ++    $(INSTALL_DATA) -d -m 750 ${DESTDIR}${auditdir}
>>> ++    $(INSTALL_DATA) -d -m 750 ${DESTDIR}${auditrdir}
>>> ++    $(INSTALL_DATA) -m 640 ${srcdir}/${auditconfig}
>>> ${DESTDIR}${auditdir}
>>> ++    $(INSTALL_DATA) -m 640 ${srcdir}/${auditrconfig}
>>> ${DESTDIR}${auditrdir}
>>> + if ENABLE_SYSTEMD
>>> + else
>>> +     $(INSTALL_DATA) -D -m 640 ${srcdir}/auditd.sysconfig
>>> ${DESTDIR}${sysconfigdir}/auditd
>>> +--
>>> +1.7.10.4
>>> +
>>> diff --git a/recipes-security/audit/audit_2.3.2.bb
>>> b/recipes-security/audit/audit_2.3.2.bb
>>> index edcb881..6e376f8 100644
>>> --- a/recipes-security/audit/audit_2.3.2.bb
>>> +++ b/recipes-security/audit/audit_2.3.2.bb
>>> @@ -14,7 +14,9 @@ SRC_URI =
>>> "http://people.redhat.com/sgrubb/audit/audit-${PV}.tar.gz \
>>>          file://audit-python-configure.patch \
>>>          file://audit-for-cross-compiling.patch \
>>>          file://auditd \
>>> -       file://fix-swig-host-contamination.patch"
>>> +       file://fix-swig-host-contamination.patch \
>>> +       file://fix-auditd.conf-file-s-permission.patch \
>>> +"
>>>
>>>   inherit autotools pythonnative update-rc.d
>>>
>>>
>>
>> chmod in do_install is enough, please do not use a patch.
>>
>
> Why ?
>
> -Roy
>
>> Thanks. :)
>>
>

Because more patches need more maintain work. It is not unnecessary if 
simple bb modify also work.

Thanks. :)

-- 
- Pascal

     prev parent reply	other threads:[~2014-02-21  7:56 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-02-20 12:59 [PATCH][meta-selinux] audit: fix the permission of configuration file rongqing.li
2014-02-21  5:53 ` Pascal Ouyang
2014-02-21  7:42   ` Rongqing Li
2014-02-21  7:56     ` Pascal Ouyang [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=53070699.6080909@windriver.com \
    --to=xin.ouyang@windriver.com \
    --cc=rongqing.li@windriver.com \
    --cc=yocto@yoctoproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.