diff options
author | Yi Zhao <yi.zhao@windriver.com> | 2024-02-02 17:08:18 +0800 |
---|---|---|
committer | Joe MacDonald <joe@deserted.net> | 2024-02-27 12:30:21 -0500 |
commit | 6fcfb3a6002575917805aaa7371e7b6e49ad892e (patch) | |
tree | 4bdf0e2a677bf98a43cc2074184783c4bed49ba0 | |
parent | f4f7ef11cda2fc6c74eede7502dc7c52e7d27371 (diff) | |
download | meta-selinux-6fcfb3a6002575917805aaa7371e7b6e49ad892e.tar.gz |
refpolicy: update to latest git rev
Update to latest rev to fix policy for systemd 255.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
3 files changed, 11 insertions, 11 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0026-fc-add-fcontext-for-init-scripts-and-systemd-service.patch b/recipes-security/refpolicy/refpolicy/0026-fc-add-fcontext-for-init-scripts-and-systemd-service.patch index c47984d..5699e10 100644 --- a/recipes-security/refpolicy/refpolicy/0026-fc-add-fcontext-for-init-scripts-and-systemd-service.patch +++ b/recipes-security/refpolicy/refpolicy/0026-fc-add-fcontext-for-init-scripts-and-systemd-service.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 1096b2eb1172506006691e90769e51a086b8374f Mon Sep 17 00:00:00 2001 | 1 | From 4784a7fe74fd3842c1ade228e148cd6f5d6fd22e Mon Sep 17 00:00:00 2001 |
2 | From: Yi Zhao <yi.zhao@windriver.com> | 2 | From: Yi Zhao <yi.zhao@windriver.com> |
3 | Date: Tue, 30 Jun 2020 10:45:57 +0800 | 3 | Date: Tue, 30 Jun 2020 10:45:57 +0800 |
4 | Subject: [PATCH] fc: add fcontext for init scripts and systemd service files | 4 | Subject: [PATCH] fc: add fcontext for init scripts and systemd service files |
@@ -34,11 +34,11 @@ index 382c067f9..0ecc5acc4 100644 | |||
34 | /usr/bin/rngd -- gen_context(system_u:object_r:rngd_exec_t,s0) | 34 | /usr/bin/rngd -- gen_context(system_u:object_r:rngd_exec_t,s0) |
35 | 35 | ||
36 | diff --git a/policy/modules/services/rpc.fc b/policy/modules/services/rpc.fc | 36 | diff --git a/policy/modules/services/rpc.fc b/policy/modules/services/rpc.fc |
37 | index 75c2f0617..fa881ba2e 100644 | 37 | index 18c204908..95f06d8de 100644 |
38 | --- a/policy/modules/services/rpc.fc | 38 | --- a/policy/modules/services/rpc.fc |
39 | +++ b/policy/modules/services/rpc.fc | 39 | +++ b/policy/modules/services/rpc.fc |
40 | @@ -1,7 +1,9 @@ | 40 | @@ -2,7 +2,9 @@ |
41 | /etc/exports -- gen_context(system_u:object_r:exports_t,s0) | 41 | /etc/exports\.d(/.*)? -- gen_context(system_u:object_r:exports_t,s0) |
42 | 42 | ||
43 | /etc/rc\.d/init\.d/nfs -- gen_context(system_u:object_r:nfsd_initrc_exec_t,s0) | 43 | /etc/rc\.d/init\.d/nfs -- gen_context(system_u:object_r:nfsd_initrc_exec_t,s0) |
44 | +/etc/rc\.d/init\.d/nfsserver -- gen_context(system_u:object_r:nfsd_initrc_exec_t,s0) | 44 | +/etc/rc\.d/init\.d/nfsserver -- gen_context(system_u:object_r:nfsd_initrc_exec_t,s0) |
diff --git a/recipes-security/refpolicy/refpolicy/0055-policy-modules-system-authlogin-fix-login-errors-aft.patch b/recipes-security/refpolicy/refpolicy/0055-policy-modules-system-authlogin-fix-login-errors-aft.patch index 8a5dde6..a3b5e21 100644 --- a/recipes-security/refpolicy/refpolicy/0055-policy-modules-system-authlogin-fix-login-errors-aft.patch +++ b/recipes-security/refpolicy/refpolicy/0055-policy-modules-system-authlogin-fix-login-errors-aft.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 2824a6c927bf6df4be997a138a27d159d533d08b Mon Sep 17 00:00:00 2001 | 1 | From b8b80a2a07c451a1c9dfc166efcd7985f7a0a966 Mon Sep 17 00:00:00 2001 |
2 | From: Yi Zhao <yi.zhao@windriver.com> | 2 | From: Yi Zhao <yi.zhao@windriver.com> |
3 | Date: Fri, 8 Dec 2023 14:16:26 +0800 | 3 | Date: Fri, 8 Dec 2023 14:16:26 +0800 |
4 | Subject: [PATCH] policy/modules/system/authlogin: fix login errors after | 4 | Subject: [PATCH] policy/modules/system/authlogin: fix login errors after |
@@ -45,27 +45,27 @@ Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | |||
45 | 3 files changed, 5 insertions(+), 3 deletions(-) | 45 | 3 files changed, 5 insertions(+), 3 deletions(-) |
46 | 46 | ||
47 | diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if | 47 | diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if |
48 | index cd34cd9dd..b867f58b9 100644 | 48 | index dce1a0ea9..c55cdfc09 100644 |
49 | --- a/policy/modules/admin/su.if | 49 | --- a/policy/modules/admin/su.if |
50 | +++ b/policy/modules/admin/su.if | 50 | +++ b/policy/modules/admin/su.if |
51 | @@ -75,7 +75,7 @@ template(`su_restricted_domain_template', ` | 51 | @@ -76,7 +76,7 @@ template(`su_restricted_domain_template', ` |
52 | selinux_compute_access_vector($1_su_t) | 52 | selinux_compute_access_vector($1_su_t) |
53 | 53 | ||
54 | auth_domtrans_chk_passwd($1_su_t) | 54 | auth_domtrans_chk_passwd($1_su_t) |
55 | - auth_dontaudit_read_shadow($1_su_t) | 55 | - auth_dontaudit_read_shadow($1_su_t) |
56 | + auth_read_shadow($1_su_t) | 56 | + auth_read_shadow($1_su_t) |
57 | auth_use_nsswitch($1_su_t) | 57 | auth_use_nsswitch($1_su_t) |
58 | auth_create_faillog_files($1_su_t) | ||
58 | auth_rw_faillog($1_su_t) | 59 | auth_rw_faillog($1_su_t) |
59 | 60 | @@ -183,7 +183,7 @@ template(`su_role_template',` | |
60 | @@ -176,7 +176,7 @@ template(`su_role_template',` | ||
61 | selinux_use_status_page($1_su_t) | 61 | selinux_use_status_page($1_su_t) |
62 | 62 | ||
63 | auth_domtrans_chk_passwd($1_su_t) | 63 | auth_domtrans_chk_passwd($1_su_t) |
64 | - auth_dontaudit_read_shadow($1_su_t) | 64 | - auth_dontaudit_read_shadow($1_su_t) |
65 | + auth_read_shadow($1_su_t) | 65 | + auth_read_shadow($1_su_t) |
66 | auth_use_nsswitch($1_su_t) | 66 | auth_use_nsswitch($1_su_t) |
67 | auth_create_faillog_files($1_su_t) | ||
67 | auth_rw_faillog($1_su_t) | 68 | auth_rw_faillog($1_su_t) |
68 | |||
69 | diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te | 69 | diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te |
70 | index 3a5d1ac3e..f9d50a8d4 100644 | 70 | index 3a5d1ac3e..f9d50a8d4 100644 |
71 | --- a/policy/modules/system/authlogin.te | 71 | --- a/policy/modules/system/authlogin.te |
diff --git a/recipes-security/refpolicy/refpolicy_git.inc b/recipes-security/refpolicy/refpolicy_git.inc index d739522..f09fc94 100644 --- a/recipes-security/refpolicy/refpolicy_git.inc +++ b/recipes-security/refpolicy/refpolicy_git.inc | |||
@@ -2,7 +2,7 @@ PV = "2.20231002+git${SRCPV}" | |||
2 | 2 | ||
3 | SRC_URI = "git://github.com/SELinuxProject/refpolicy.git;protocol=https;branch=main;name=refpolicy;destsuffix=refpolicy" | 3 | SRC_URI = "git://github.com/SELinuxProject/refpolicy.git;protocol=https;branch=main;name=refpolicy;destsuffix=refpolicy" |
4 | 4 | ||
5 | SRCREV_refpolicy ?= "d7d41288b162b8786de844bde6daac25e4485565" | 5 | SRCREV_refpolicy ?= "504feb7a98e2e70f774d6fe7107b5d1a5f2c6124" |
6 | 6 | ||
7 | UPSTREAM_CHECK_GITTAGREGEX = "RELEASE_(?P<pver>\d+_\d+)" | 7 | UPSTREAM_CHECK_GITTAGREGEX = "RELEASE_(?P<pver>\d+_\d+)" |
8 | 8 | ||