From: Philip Tricca <flihp@twobit.us>
To: "Radzykewycz, T (Radzy)" <radzy@windriver.com>
Cc: "yocto@yoctoproject.org" <yocto@yoctoproject.org>
Subject: Re: [meta-selinux][PATCH] audit: upgrade 2.4.4 -> 2.5
Date: Tue, 8 Mar 2016 07:40:29 -0800 [thread overview]
Message-ID: <56DEF26D.8090302@twobit.us> (raw)
In-Reply-To: <33006C99F5A5194A9B7A7715DFA3E383EB84DCB2@ALA-MBA.corp.ad.wrs.com>
On 03/07/2016 07:08 AM, Radzykewycz, T (Radzy) wrote:
>
> ________________________________________
>> From: Philip Tricca [flihp@twobit.us]
>> Sent: Sunday, March 06, 2016 3:38 PM
>> To: Radzykewycz, T (Radzy); joe_macdonald@mentor.com; Hatle, Mark
>> Cc: yocto@yoctoproject.org; Li, Rongqing; Fan, Wenzong
>> Subject: Re: [meta-selinux][PATCH] audit: upgrade 2.4.4 -> 2.5
>>
>> Tested this today and it works as expected: thanks!
>>
>> This leaves the same PR value as the previous version. The OE style
>> guide thinks PR should be removed when PV changes. Since we're going
>> from 2.4.4 -> 2.5 this makes me think that since PV changes PR should be
>> removed. I've never given this much thought in the past so I had to look
>> it up and may have misunderstood the docs. Is removing PR like this
>> correct or should it be left as is?
>
> My mistake. I agree with your interpretation of the docs.
> I believe it should be removed. Do you want to do that before
> merging, or should I send a revised patch ?
Mark had already answered this question in another recent thread so I
did the fixup and pushed. Should already be in.
Best,
Philip
>
> Enjoy!
>
> -- radzy
>
>> Thanks,
>> Philip
>>
>> On 02/29/2016 02:50 PM, T.O. Radzy Radzykewycz wrote:
>>> * rebase patch audit-python-configure.patch
>>>
>>> * remove audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch
>>> as it had already been applied upstream
>>>
>>> * 2.5 includes miscellaneous enhancements and fixes:
>>>
>>> 2.5
>>> - Make augenrules the default method to load audit rules
>>> - Put rules in its own directory and break out rules into groups
>>> - Have auditd do a fsync before closing log
>>> - Make default flush setting larger
>>> - In auparse. terminate the generated strings (Burn Alting)
>>> - In auditd, add incremental_async flushing mode
>>> - Clean up dangling fields in DAEMON events
>>> - Add audit by process name support to auditctl (Richard Briggs)
>>> - Relax permissions on systemd files
>>> - Fix auparse to handle interlaced events (Burn Alting)
>>> - Allow more syslog facilities in audispd-syslog (Aleksander Adamowski)
>>>
>>> 2.4.5
>>> - Fix auditd disk flushing for data and sync modes
>>> - Fix auditctl to not show options not supported on older OS
>>> - Add audit.m4 file to aid adding support to other projects
>>> - Fix C99 inline function build issue
>>> - Add account lock and unlock event types
>>> - Change logging loophole check to geteuid()
>>> - Fix ausearch to not consider AUDIT_PROCTITLE events malformed (Burn Alting)
>>> - Fix ausearch to parse FEATURE_CHANGE events
>>>
>>> ( From http://people.redhat.com/sgrubb/audit/ChangeLog )
>>>
>>> Signed-off-by: T.O. Radzy Radzykewycz <radzy@windriver.com>
>>> ---
>>> ...et-inline-functions-work-with-gnu89-gnu11.patch | 71 --------------
>>> .../audit/audit/audit-python-configure.patch | 3 +-
>>> recipes-security/audit/audit_2.4.4.bb | 100 --------------------
>>> recipes-security/audit/audit_2.5.bb | 104 +++++++++++++++++++++
>>> 4 files changed, 106 insertions(+), 172 deletions(-)
>>> delete mode 100644 recipes-security/audit/audit/audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch
>>> delete mode 100644 recipes-security/audit/audit_2.4.4.bb
>>> create mode 100644 recipes-security/audit/audit_2.5.bb
>>>
>>> diff --git a/recipes-security/audit/audit/audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch b/recipes-security/audit/audit/audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch
>>> deleted file mode 100644
>>> index 578cfc1dc476..000000000000
>>> --- a/recipes-security/audit/audit/audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch
>>> +++ /dev/null
>>> @@ -1,71 +0,0 @@
>>> -From 15036dd4fa9eb209f5e148c6f7ee081f5ca78fa4 Mon Sep 17 00:00:00 2001
>>> -From: Wenzong Fan <wenzong.fan@windriver.com>
>>> -Date: Fri, 11 Sep 2015 03:37:13 -0400
>>> -Subject: [PATCH] audit/auvirt: get inline functions work with both gnu89 & gnu11
>>> -
>>> -After gcc upgraded to gcc5, and if the codes are compiled without
>>> -optimization (-O0), and the below error will happen:
>>> -
>>> - auvirt.c:484: undefined reference to `copy_str'
>>> - auvirt.c:667: undefined reference to `is_resource'
>>> - collect2: error: ld returned 1 exit status
>>> -
>>> -gcc5 defaults to -std=gnu11 instead of -std=gnu89, and it requires that
>>> -exactly one C source file has the callable copy of the inline function.
>>> -Consider the following program:
>>> -
>>> - inline int
>>> - foo (void)
>>> - {
>>> - return 42;
>>> - }
>>> -
>>> - int
>>> - main (void)
>>> - {
>>> - return foo ();
>>> - }
>>> -
>>> -The program above will not link with the C99 inline semantics, because
>>> -no out-of-line function foo is generated. To fix this, either mark the
>>> -function foo as static, or add the following declaration:
>>> -
>>> - static inline int foo (void);
>>> -
>>> -More information refer to: https://gcc.gnu.org/gcc-5/porting_to.html
>>> -
>>> -Note: using "extern inline" will fail to build with gcc4.x, so replace
>>> -inline with "static inline".
>>> -
>>> -Upstream-Status: Pending
>>> -
>>> -Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
>>> ----
>>> - tools/auvirt/auvirt.c | 4 ++--
>>> - 1 file changed, 2 insertions(+), 2 deletions(-)
>>> -
>>> -diff --git a/tools/auvirt/auvirt.c b/tools/auvirt/auvirt.c
>>> -index 655c454..b16d718 100644
>>> ---- a/tools/auvirt/auvirt.c
>>> -+++ b/tools/auvirt/auvirt.c
>>> -@@ -138,7 +138,7 @@ void event_free(struct event *event)
>>> - }
>>> - }
>>> -
>>> --inline char *copy_str(const char *str)
>>> -+static inline char *copy_str(const char *str)
>>> - {
>>> - return (str) ? strdup(str) : NULL;
>>> - }
>>> -@@ -650,7 +650,7 @@ int process_control_event(auparse_state_t *au)
>>> - return 0;
>>> - }
>>> -
>>> --inline int is_resource(const char *res)
>>> -+static inline int is_resource(const char *res)
>>> - {
>>> - if (res == NULL ||
>>> - res[0] == '\0' ||
>>> ---
>>> -1.9.1
>>> -
>>> diff --git a/recipes-security/audit/audit/audit-python-configure.patch b/recipes-security/audit/audit/audit-python-configure.patch
>>> index b47cf5d2d968..cb62ec3022bb 100644
>>> --- a/recipes-security/audit/audit/audit-python-configure.patch
>>> +++ b/recipes-security/audit/audit/audit-python-configure.patch
>>> @@ -8,6 +8,7 @@ Upstream-Status: pending
>>> Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
>>> Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
>>> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
>>> +Signed-off-by: T.O. Radzy Radzykewycz <radzy@windriver.com>
>>> ---
>>> configure.ac | 17 ++---------------
>>> 1 file changed, 2 insertions(+), 15 deletions(-)
>>> @@ -29,7 +30,7 @@ index 1f48cb4..cdb5219 100644
>>> - AC_MSG_NOTICE(Python bindings will be built)
>>> -else
>>> - python_found="no"
>>> -- if test x$use_python = xyes ; then
>>> +- if test "x$use_python" = xyes ; then
>>> - AC_MSG_ERROR([Python explicitly requested and python headers were not found])
>>> - else
>>> - AC_MSG_WARN("Python headers not found - python bindings will not be made")
>>> diff --git a/recipes-security/audit/audit_2.4.4.bb b/recipes-security/audit/audit_2.4.4.bb
>>> deleted file mode 100644
>>> index 55a5b12ba9c9..000000000000
>>> --- a/recipes-security/audit/audit_2.4.4.bb
>>> +++ /dev/null
>>> @@ -1,100 +0,0 @@
>>> -SUMMARY = "User space tools for kernel auditing"
>>> -DESCRIPTION = "The audit package contains the user space utilities for \
>>> -storing and searching the audit records generated by the audit subsystem \
>>> -in the Linux kernel."
>>> -HOMEPAGE = "http://people.redhat.com/sgrubb/audit/"
>>> -SECTION = "base"
>>> -PR = "r8"
>>> -LICENSE = "GPLv2+ & LGPLv2+"
>>> -LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
>>> -
>>> -SRC_URI = "http://people.redhat.com/sgrubb/audit/audit-${PV}.tar.gz \
>>> - file://audit-python-configure.patch \
>>> - file://audit-python.patch \
>>> - file://fix-swig-host-contamination.patch \
>>> - file://auditd \
>>> - file://auditd.service \
>>> - file://audit-volatile.conf \
>>> - file://audit-auvirt-get-inline-functions-work-with-gnu89-gnu11.patch \
>>> -"
>>> -SRC_URI[md5sum] = "72b0fd94d32846142bc472f0d91e62b4"
>>> -SRC_URI[sha256sum] = "25f57f465f3230d7b1166b615ffd6748818a3dc225d0e8b396c5b2e951674e23"
>>> -
>>> -inherit autotools pythonnative update-rc.d systemd
>>> -
>>> -UPDATERCPN = "auditd"
>>> -INITSCRIPT_NAME = "auditd"
>>> -INITSCRIPT_PARAMS = "defaults"
>>> -
>>> -SYSTEMD_SERVICE_${PN} = "auditd.service"
>>> -
>>> -DEPENDS += "python tcp-wrappers libcap-ng linux-libc-headers (>= 2.6.30)"
>>> -
>>> -EXTRA_OECONF += "--without-prelude \
>>> - --with-libwrap \
>>> - --enable-gssapi-krb5=no \
>>> - --with-libcap-ng=yes \
>>> - --with-python=yes \
>>> - --libdir=${base_libdir} \
>>> - --sbindir=${base_sbindir} \
>>> - --without-python3 \
>>> - --disable-zos-remote \
>>> - "
>>> -EXTRA_OECONF_append_arm = " --with-arm=yes"
>>> -
>>> -EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' \
>>> - PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \
>>> - pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \
>>> - STDINC='${STAGING_INCDIR}' \
>>> - "
>>> -
>>> -SUMMARY_audispd-plugins = "Plugins for the audit event dispatcher"
>>> -DESCRIPTION_audispd-plugins = "The audispd-plugins package provides plugins for the real-time \
>>> -interface to the audit system, audispd. These plugins can do things \
>>> -like relay events to remote machines or analyze events for suspicious \
>>> -behavior."
>>> -
>>> -PACKAGES =+ "audispd-plugins"
>>> -PACKAGES += "auditd ${PN}-python"
>>> -
>>> -FILES_${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*"
>>> -FILES_auditd += "${bindir}/* ${base_sbindir}/* ${sysconfdir}/*"
>>> -FILES_audispd-plugins += "${sysconfdir}/audisp/audisp-remote.conf \
>>> - ${sysconfdir}/audisp/plugins.d/au-remote.conf \
>>> - ${sbindir}/audisp-remote ${localstatedir}/spool/audit \
>>> - "
>>> -FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug"
>>> -FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
>>> -FILES_${PN}-dev += "${base_libdir}/*.so ${base_libdir}/*.la ${base_libdir}/pkgconfig/*"
>>> -
>>> -CONFFILES_auditd += "${sysconfdir}/audit/audit.rules"
>>> -RDEPENDS_auditd += "bash"
>>> -
>>> -do_install_append() {
>>> - rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a
>>> - rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la
>>> -
>>> - # reuse auditd config
>>> - [ ! -e ${D}/etc/default ] && mkdir ${D}/etc/default
>>> - mv ${D}/etc/sysconfig/auditd ${D}/etc/default
>>> - rmdir ${D}/etc/sysconfig/
>>> -
>>> - # replace init.d
>>> - install -D -m 0755 ${S}/../auditd ${D}/etc/init.d/auditd
>>> - rm -rf ${D}/etc/rc.d
>>> -
>>> - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
>>> - install -d ${D}${sysconfdir}/tmpfiles.d/
>>> - install -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/
>>> - fi
>>> -
>>> - # install systemd unit files
>>> - install -d ${D}${systemd_unitdir}/system
>>> - install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system
>>> -
>>> - chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d
>>> - chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules
>>> -
>>> - # Based on the audit.spec "Copy default rules into place on new installation"
>>> - cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules
>>> -}
>>> diff --git a/recipes-security/audit/audit_2.5.bb b/recipes-security/audit/audit_2.5.bb
>>> new file mode 100644
>>> index 000000000000..53aa23dabdd9
>>> --- /dev/null
>>> +++ b/recipes-security/audit/audit_2.5.bb
>>> @@ -0,0 +1,104 @@
>>> +SUMMARY = "User space tools for kernel auditing"
>>> +DESCRIPTION = "The audit package contains the user space utilities for \
>>> +storing and searching the audit records generated by the audit subsystem \
>>> +in the Linux kernel."
>>> +HOMEPAGE = "http://people.redhat.com/sgrubb/audit/"
>>> +SECTION = "base"
>>> +PR = "r8"
>>> +LICENSE = "GPLv2+ & LGPLv2+"
>>> +LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
>>> +
>>> +SRC_URI = "http://people.redhat.com/sgrubb/${BPN}/${BPN}-${PV}.tar.gz \
>>> + file://audit-python-configure.patch \
>>> + file://audit-python.patch \
>>> + file://fix-swig-host-contamination.patch \
>>> + file://auditd \
>>> + file://auditd.service \
>>> + file://audit-volatile.conf \
>>> +"
>>> +SRC_URI[md5sum] = "e721d48f3e1927c84b7c176b3bdbc443"
>>> +SRC_URI[sha256sum] = "9b0a0760c6f37d80cbbfe46a74db722e60ac8100b28eb31953878ffca8ac14b4"
>>> +
>>> +
>>> +inherit autotools pythonnative update-rc.d systemd
>>> +
>>> +UPDATERCPN = "auditd"
>>> +INITSCRIPT_NAME = "auditd"
>>> +INITSCRIPT_PARAMS = "defaults"
>>> +
>>> +SYSTEMD_SERVICE_${PN} = "auditd.service"
>>> +
>>> +DEPENDS += "python tcp-wrappers libcap-ng linux-libc-headers (>= 2.6.30)"
>>> +
>>> +EXTRA_OECONF += "--without-prelude \
>>> + --with-libwrap \
>>> + --enable-gssapi-krb5=no \
>>> + --with-libcap-ng=yes \
>>> + --with-python=yes \
>>> + --libdir=${base_libdir} \
>>> + --sbindir=${base_sbindir} \
>>> + --without-python3 \
>>> + --disable-zos-remote \
>>> + "
>>> +EXTRA_OECONF_append_arm = " --with-arm=yes"
>>> +
>>> +EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' \
>>> + PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \
>>> + pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \
>>> + STDINC='${STAGING_INCDIR}' \
>>> + "
>>> +
>>> +SUMMARY_audispd-plugins = "Plugins for the audit event dispatcher"
>>> +DESCRIPTION_audispd-plugins = "The audispd-plugins package provides plugins for the real-time \
>>> +interface to the audit system, audispd. These plugins can do things \
>>> +like relay events to remote machines or analyze events for suspicious \
>>> +behavior."
>>> +
>>> +PACKAGES =+ "audispd-plugins"
>>> +PACKAGES += "auditd ${PN}-python"
>>> +
>>> +FILES_${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*"
>>> +FILES_auditd += "${bindir}/* ${base_sbindir}/* ${sysconfdir}/*"
>>> +FILES_audispd-plugins += "${sysconfdir}/audisp/audisp-remote.conf \
>>> + ${sysconfdir}/audisp/plugins.d/au-remote.conf \
>>> + ${sbindir}/audisp-remote ${localstatedir}/spool/audit \
>>> + "
>>> +FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug"
>>> +FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
>>> +FILES_${PN}-dev += "${base_libdir}/*.so ${base_libdir}/*.la ${base_libdir}/pkgconfig/*"
>>> +
>>> +CONFFILES_auditd += "${sysconfdir}/audit/audit.rules"
>>> +RDEPENDS_auditd += "bash"
>>> +
>>> +do_install_append() {
>>> + rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a
>>> + rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la
>>> +
>>> + # reuse auditd config
>>> + [ ! -e ${D}/etc/default ] && mkdir ${D}/etc/default
>>> + mv ${D}/etc/sysconfig/auditd ${D}/etc/default
>>> + rmdir ${D}/etc/sysconfig/
>>> +
>>> + # replace init.d
>>> + install -D -m 0755 ${S}/../auditd ${D}/etc/init.d/auditd
>>> + rm -rf ${D}/etc/rc.d
>>> +
>>> + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
>>> + install -d ${D}${sysconfdir}/tmpfiles.d/
>>> + install -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/
>>> + fi
>>> +
>>> + # install systemd unit files
>>> + install -d ${D}${systemd_unitdir}/system
>>> + install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system
>>> +
>>> + # audit-2.5 doesn't install any rules by default, so we do that here
>>> + mkdir -p ${D}/etc/audit ${D}/etc/audit/rules.d
>>> + cp ${S}/rules/10-base-config.rules ${D}/etc/audit/rules.d/audit.rules
>>> +
>>> + chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d
>>> + chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules
>>> +
>>> + # Based on the audit.spec "Copy default rules into place on new installation"
>>> + cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules
>>> +}
next prev parent reply other threads:[~2016-03-08 15:40 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-29 22:50 [meta-selinux][PATCH] audit: upgrade 2.4.4 -> 2.5 T.O. Radzy Radzykewycz
2016-03-06 23:38 ` Philip Tricca
2016-03-06 23:50 ` Philip Tricca
2016-03-07 15:08 ` Radzykewycz, T (Radzy)
2016-03-08 15:40 ` Philip Tricca [this message]
2016-03-07 15:42 ` Mark Hatle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56DEF26D.8090302@twobit.us \
--to=flihp@twobit.us \
--cc=radzy@windriver.com \
--cc=yocto@yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.