diff options
author | Mark Hatle <mark.hatle@windriver.com> | 2017-09-14 16:10:20 -0500 |
---|---|---|
committer | Mark Hatle <mark.hatle@windriver.com> | 2017-09-14 16:12:25 -0500 |
commit | bca5c611508d0d19a08fb7fc3f7810c85fcfeba5 (patch) | |
tree | 99b61612bbdf96abc3978150fe781493a429980c | |
parent | dddf26565ec694b8d4e38171d3cbdcad734b2ef0 (diff) | |
download | meta-selinux-bca5c611508d0d19a08fb7fc3f7810c85fcfeba5.tar.gz |
refpolicy: Add '/bin/bash.bash', an update-alternative to the policy
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
4 files changed, 50 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_bash.patch b/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_bash.patch new file mode 100644 index 0000000..e0fdba1 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_bash.patch | |||
@@ -0,0 +1,24 @@ | |||
1 | From 845518a6f196e6e8c49ba38791c85e17276920e1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mark Hatle <mark.hatle@windriver.com> | ||
3 | Date: Thu, 14 Sep 2017 15:02:23 -0500 | ||
4 | Subject: [PATCH 3/4] fix update-alternatives for hostname | ||
5 | |||
6 | Upstream-Status: Inappropriate [only for Poky] | ||
7 | |||
8 | Signed-off-by: Mark Hatle <mark.hatle@windriver.com> | ||
9 | --- | ||
10 | policy/modules/system/corecommands.fc | 1 + | ||
11 | 1 file changed, 1 insertion(+) | ||
12 | |||
13 | Index: refpolicy/policy/modules/kernel/corecommands.fc | ||
14 | =================================================================== | ||
15 | --- refpolicy.orig/policy/modules/kernel/corecommands.fc | ||
16 | +++ refpolicy/policy/modules/kernel/corecommands.fc | ||
17 | @@ -6,6 +6,7 @@ | ||
18 | /bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0) | ||
19 | /bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0) | ||
20 | /bin/bash2 -- gen_context(system_u:object_r:shell_exec_t,s0) | ||
21 | +/bin/bash\.bash -- gen_context(system_u:object_r:shell_exec_t,s0) | ||
22 | /bin/fish -- gen_context(system_u:object_r:shell_exec_t,s0) | ||
23 | /bin/ksh.* -- gen_context(system_u:object_r:shell_exec_t,s0) | ||
24 | /bin/mksh -- gen_context(system_u:object_r:shell_exec_t,s0) | ||
diff --git a/recipes-security/refpolicy/refpolicy-git/poky-fc-update-alternatives_bash.patch b/recipes-security/refpolicy/refpolicy-git/poky-fc-update-alternatives_bash.patch new file mode 100644 index 0000000..e0fdba1 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy-git/poky-fc-update-alternatives_bash.patch | |||
@@ -0,0 +1,24 @@ | |||
1 | From 845518a6f196e6e8c49ba38791c85e17276920e1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mark Hatle <mark.hatle@windriver.com> | ||
3 | Date: Thu, 14 Sep 2017 15:02:23 -0500 | ||
4 | Subject: [PATCH 3/4] fix update-alternatives for hostname | ||
5 | |||
6 | Upstream-Status: Inappropriate [only for Poky] | ||
7 | |||
8 | Signed-off-by: Mark Hatle <mark.hatle@windriver.com> | ||
9 | --- | ||
10 | policy/modules/system/corecommands.fc | 1 + | ||
11 | 1 file changed, 1 insertion(+) | ||
12 | |||
13 | Index: refpolicy/policy/modules/kernel/corecommands.fc | ||
14 | =================================================================== | ||
15 | --- refpolicy.orig/policy/modules/kernel/corecommands.fc | ||
16 | +++ refpolicy/policy/modules/kernel/corecommands.fc | ||
17 | @@ -6,6 +6,7 @@ | ||
18 | /bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0) | ||
19 | /bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0) | ||
20 | /bin/bash2 -- gen_context(system_u:object_r:shell_exec_t,s0) | ||
21 | +/bin/bash\.bash -- gen_context(system_u:object_r:shell_exec_t,s0) | ||
22 | /bin/fish -- gen_context(system_u:object_r:shell_exec_t,s0) | ||
23 | /bin/ksh.* -- gen_context(system_u:object_r:shell_exec_t,s0) | ||
24 | /bin/mksh -- gen_context(system_u:object_r:shell_exec_t,s0) | ||
diff --git a/recipes-security/refpolicy/refpolicy_2.20170204.inc b/recipes-security/refpolicy/refpolicy_2.20170204.inc index 48e6cd6..8b72cbd 100644 --- a/recipes-security/refpolicy/refpolicy_2.20170204.inc +++ b/recipes-security/refpolicy/refpolicy_2.20170204.inc | |||
@@ -9,6 +9,7 @@ SRC_URI += "file://poky-fc-subs_dist.patch \ | |||
9 | file://poky-fc-update-alternatives_sysvinit.patch \ | 9 | file://poky-fc-update-alternatives_sysvinit.patch \ |
10 | file://poky-fc-update-alternatives_sysklogd.patch \ | 10 | file://poky-fc-update-alternatives_sysklogd.patch \ |
11 | file://poky-fc-update-alternatives_hostname.patch \ | 11 | file://poky-fc-update-alternatives_hostname.patch \ |
12 | file://poky-fc-update-alternatives_bash.patch \ | ||
12 | file://poky-fc-fix-real-path_resolv.conf.patch \ | 13 | file://poky-fc-fix-real-path_resolv.conf.patch \ |
13 | file://poky-fc-fix-real-path_login.patch \ | 14 | file://poky-fc-fix-real-path_login.patch \ |
14 | file://poky-fc-fix-real-path_shadow.patch \ | 15 | file://poky-fc-fix-real-path_shadow.patch \ |
diff --git a/recipes-security/refpolicy/refpolicy_git.inc b/recipes-security/refpolicy/refpolicy_git.inc index 9c62da3..f71eb35 100644 --- a/recipes-security/refpolicy/refpolicy_git.inc +++ b/recipes-security/refpolicy/refpolicy_git.inc | |||
@@ -14,6 +14,7 @@ SRC_URI += "file://poky-fc-subs_dist.patch \ | |||
14 | file://poky-fc-update-alternatives_sysvinit.patch \ | 14 | file://poky-fc-update-alternatives_sysvinit.patch \ |
15 | file://poky-fc-update-alternatives_sysklogd.patch \ | 15 | file://poky-fc-update-alternatives_sysklogd.patch \ |
16 | file://poky-fc-update-alternatives_hostname.patch \ | 16 | file://poky-fc-update-alternatives_hostname.patch \ |
17 | file://poky-fc-update-alternatives_bash.patch \ | ||
17 | file://poky-fc-fix-real-path_resolv.conf.patch \ | 18 | file://poky-fc-fix-real-path_resolv.conf.patch \ |
18 | file://poky-fc-fix-real-path_login.patch \ | 19 | file://poky-fc-fix-real-path_login.patch \ |
19 | file://poky-fc-fix-real-path_shadow.patch \ | 20 | file://poky-fc-fix-real-path_shadow.patch \ |