diff options
author | Yi Zhao <yi.zhao@windriver.com> | 2023-03-17 22:11:36 +0800 |
---|---|---|
committer | Joe MacDonald <joe@deserted.net> | 2023-03-27 09:34:02 -0400 |
commit | 02348acbf654c77b67d8b3443af59b2c5b25aa77 (patch) | |
tree | 7ef80b871b8e85f57ce580b4e06485b63beaab4e | |
parent | e9cea983ee0a64a5904484b775bc7b70ac83a493 (diff) | |
download | meta-selinux-02348acbf654c77b67d8b3443af59b2c5b25aa77.tar.gz |
refpolicy: update to latest git rev
Drop 0003-refpolicy-minimum-make-dbus-module-optional.patch as the issue
has been fixed upstream.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
3 files changed, 1 insertions, 38 deletions
diff --git a/recipes-security/refpolicy/refpolicy-minimum_git.bb b/recipes-security/refpolicy/refpolicy-minimum_git.bb index a50a4cd..67c3785 100644 --- a/recipes-security/refpolicy/refpolicy-minimum_git.bb +++ b/recipes-security/refpolicy/refpolicy-minimum_git.bb | |||
@@ -14,7 +14,6 @@ domains are unconfined. \ | |||
14 | SRC_URI += " \ | 14 | SRC_URI += " \ |
15 | file://0001-refpolicy-minimum-make-sysadmin-module-optional.patch \ | 15 | file://0001-refpolicy-minimum-make-sysadmin-module-optional.patch \ |
16 | file://0002-refpolicy-minimum-make-xdg-module-optional.patch \ | 16 | file://0002-refpolicy-minimum-make-xdg-module-optional.patch \ |
17 | file://0003-refpolicy-minimum-make-dbus-module-optional.patch \ | ||
18 | " | 17 | " |
19 | 18 | ||
20 | POLICY_NAME = "minimum" | 19 | POLICY_NAME = "minimum" |
diff --git a/recipes-security/refpolicy/refpolicy/0003-refpolicy-minimum-make-dbus-module-optional.patch b/recipes-security/refpolicy/refpolicy/0003-refpolicy-minimum-make-dbus-module-optional.patch deleted file mode 100644 index d545d2a..0000000 --- a/recipes-security/refpolicy/refpolicy/0003-refpolicy-minimum-make-dbus-module-optional.patch +++ /dev/null | |||
@@ -1,36 +0,0 @@ | |||
1 | From e28807393f105a16528cb5304283bde0b771fc4e Mon Sep 17 00:00:00 2001 | ||
2 | From: Yi Zhao <yi.zhao@windriver.com> | ||
3 | Date: Wed, 9 Nov 2022 10:53:26 +0800 | ||
4 | Subject: [PATCH] refpolicy-minimum: make dbus module optional | ||
5 | |||
6 | The mount module invokes interface | ||
7 | dbus_dontaudit_write_system_bus_runtime_named_sockets which is from dbus | ||
8 | module. Since dbus is not a core moudle in sysvinit system, we could | ||
9 | make this interface optional in mount module by optional_policy. Then we | ||
10 | could make the minimum policy without dbus module. | ||
11 | |||
12 | Upstream-Status: Inappropriate [embedded specific] | ||
13 | |||
14 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
15 | --- | ||
16 | policy/modules/system/mount.te | 4 +++- | ||
17 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
18 | |||
19 | diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te | ||
20 | index 97f49e58e..b59529a01 100644 | ||
21 | --- a/policy/modules/system/mount.te | ||
22 | +++ b/policy/modules/system/mount.te | ||
23 | @@ -146,7 +146,9 @@ selinux_getattr_fs(mount_t) | ||
24 | |||
25 | userdom_use_all_users_fds(mount_t) | ||
26 | |||
27 | -dbus_dontaudit_write_system_bus_runtime_named_sockets(mount_t) | ||
28 | +optional_policy(` | ||
29 | + dbus_dontaudit_write_system_bus_runtime_named_sockets(mount_t) | ||
30 | +') | ||
31 | |||
32 | ifdef(`distro_redhat',` | ||
33 | optional_policy(` | ||
34 | -- | ||
35 | 2.25.1 | ||
36 | |||
diff --git a/recipes-security/refpolicy/refpolicy_git.inc b/recipes-security/refpolicy/refpolicy_git.inc index 54e0890..af3413b 100644 --- a/recipes-security/refpolicy/refpolicy_git.inc +++ b/recipes-security/refpolicy/refpolicy_git.inc | |||
@@ -2,7 +2,7 @@ PV = "2.20221101+git${SRCPV}" | |||
2 | 2 | ||
3 | SRC_URI = "git://github.com/SELinuxProject/refpolicy.git;protocol=https;branch=master;name=refpolicy;destsuffix=refpolicy" | 3 | SRC_URI = "git://github.com/SELinuxProject/refpolicy.git;protocol=https;branch=master;name=refpolicy;destsuffix=refpolicy" |
4 | 4 | ||
5 | SRCREV_refpolicy ?= "03d486e306555da161b653c88e804ce23f3a0ea4" | 5 | SRCREV_refpolicy ?= "8e8f5e3ca3e5900cad126cb8b4fadaa8adb8caac" |
6 | 6 | ||
7 | UPSTREAM_CHECK_GITTAGREGEX = "RELEASE_(?P<pver>\d+_\d+)" | 7 | UPSTREAM_CHECK_GITTAGREGEX = "RELEASE_(?P<pver>\d+_\d+)" |
8 | 8 | ||