refpolicy: Add '/bin/bash.bash', an update-alternative to the policy

Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
author: Mark Hatle <mark.hatle@windriver.com> 2017-09-14 16:10:20 -0500
committer: Mark Hatle <mark.hatle@windriver.com> 2017-09-14 16:12:25 -0500
commit: bca5c611508d0d19a08fb7fc3f7810c85fcfeba5 (patch)
tree: 99b61612bbdf96abc3978150fe781493a429980c
parent: dddf26565ec694b8d4e38171d3cbdcad734b2ef0 (diff)
download: meta-selinux-bca5c611508d0d19a08fb7fc3f7810c85fcfeba5.tar.gz
4 files changed, 50 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_bash.patch b/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_bash.patch
new file mode 100644
index 0000000..e0fdba1
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_bash.patch
@@ -0,0 +1,24 @@
+From 845518a6f196e6e8c49ba38791c85e17276920e1 Mon Sep 17 00:00:00 2001
+From: Mark Hatle <mark.hatle@windriver.com>
+Date: Thu, 14 Sep 2017 15:02:23 -0500
+Subject: [PATCH 3/4] fix update-alternatives for hostname
+Upstream-Status: Inappropriate [only for Poky]
+Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
+---
+ policy/modules/system/corecommands.fc |    1 +
+ 1 file changed, 1 insertion(+)
+Index: refpolicy/policy/modules/kernel/corecommands.fc
+===================================================================
+--- refpolicy.orig/policy/modules/kernel/corecommands.fc
+++ refpolicy/policy/modules/kernel/corecommands.fc
+@@ -6,6 +6,7 @@
+ /bin/d?ash                     --      gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/bash                      --      gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/bash2                     --      gen_context(system_u:object_r:shell_exec_t,s0)
+/bin/bash\.bash                        --      gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/fish                      --      gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/ksh.*                     --      gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/mksh                      --      gen_context(system_u:object_r:shell_exec_t,s0)
diff --git a/recipes-security/refpolicy/refpolicy-git/poky-fc-update-alternatives_bash.patch b/recipes-security/refpolicy/refpolicy-git/poky-fc-update-alternatives_bash.patch
new file mode 100644
index 0000000..e0fdba1
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy-git/poky-fc-update-alternatives_bash.patch
@@ -0,0 +1,24 @@
+From 845518a6f196e6e8c49ba38791c85e17276920e1 Mon Sep 17 00:00:00 2001
+From: Mark Hatle <mark.hatle@windriver.com>
+Date: Thu, 14 Sep 2017 15:02:23 -0500
+Subject: [PATCH 3/4] fix update-alternatives for hostname
+Upstream-Status: Inappropriate [only for Poky]
+Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
+---
+ policy/modules/system/corecommands.fc |    1 +
+ 1 file changed, 1 insertion(+)
+Index: refpolicy/policy/modules/kernel/corecommands.fc
+===================================================================
+--- refpolicy.orig/policy/modules/kernel/corecommands.fc
+++ refpolicy/policy/modules/kernel/corecommands.fc
+@@ -6,6 +6,7 @@
+ /bin/d?ash                     --      gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/bash                      --      gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/bash2                     --      gen_context(system_u:object_r:shell_exec_t,s0)
+/bin/bash\.bash                        --      gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/fish                      --      gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/ksh.*                     --      gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/mksh                      --      gen_context(system_u:object_r:shell_exec_t,s0)
diff --git a/recipes-security/refpolicy/refpolicy_2.20170204.inc b/recipes-security/refpolicy/refpolicy_2.20170204.inc
index 48e6cd6..8b72cbd 100644
--- a/recipes-security/refpolicy/refpolicy_2.20170204.inc
+++ b/recipes-security/refpolicy/refpolicy_2.20170204.inc
@@ -9,6 +9,7 @@ SRC_URI += "file://poky-fc-subs_dist.patch \
            file://poky-fc-update-alternatives_sysvinit.patch \
            file://poky-fc-update-alternatives_sysklogd.patch \
            file://poky-fc-update-alternatives_hostname.patch \
+            file://poky-fc-update-alternatives_bash.patch \
            file://poky-fc-fix-real-path_resolv.conf.patch \
            file://poky-fc-fix-real-path_login.patch \
            file://poky-fc-fix-real-path_shadow.patch \
diff --git a/recipes-security/refpolicy/refpolicy_git.inc b/recipes-security/refpolicy/refpolicy_git.inc
index 9c62da3..f71eb35 100644
--- a/recipes-security/refpolicy/refpolicy_git.inc
+++ b/recipes-security/refpolicy/refpolicy_git.inc
@@ -14,6 +14,7 @@ SRC_URI += "file://poky-fc-subs_dist.patch \
            file://poky-fc-update-alternatives_sysvinit.patch \
            file://poky-fc-update-alternatives_sysklogd.patch \
            file://poky-fc-update-alternatives_hostname.patch \
+            file://poky-fc-update-alternatives_bash.patch \
            file://poky-fc-fix-real-path_resolv.conf.patch \
            file://poky-fc-fix-real-path_login.patch \
            file://poky-fc-fix-real-path_shadow.patch \
author	Mark Hatle <mark.hatle@windriver.com>	2017-09-14 16:10:20 -0500
committer	Mark Hatle <mark.hatle@windriver.com>	2017-09-14 16:12:25 -0500
commit	bca5c611508d0d19a08fb7fc3f7810c85fcfeba5 (patch)
tree	99b61612bbdf96abc3978150fe781493a429980c
parent	dddf26565ec694b8d4e38171d3cbdcad734b2ef0 (diff)
download	meta-selinux-bca5c611508d0d19a08fb7fc3f7810c85fcfeba5.tar.gz

diff --git a/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_bash.patch b/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_bash.patch new file mode 100644 index 0000000..e0fdba1 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy-2.20170204/poky-fc-update-alternatives_bash.patch
@@ -0,0 +1,24 @@
		1	From 845518a6f196e6e8c49ba38791c85e17276920e1 Mon Sep 17 00:00:00 2001
		2	From: Mark Hatle <mark.hatle@windriver.com>
		3	Date: Thu, 14 Sep 2017 15:02:23 -0500
		4	Subject: [PATCH 3/4] fix update-alternatives for hostname
		5
		6	Upstream-Status: Inappropriate [only for Poky]
		7
		8	Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
		9	---
		10	policy/modules/system/corecommands.fc \| 1 +
		11	1 file changed, 1 insertion(+)
		12
		13	Index: refpolicy/policy/modules/kernel/corecommands.fc
		14	===================================================================
		15	--- refpolicy.orig/policy/modules/kernel/corecommands.fc
		16	+++ refpolicy/policy/modules/kernel/corecommands.fc
		17	@@ -6,6 +6,7 @@
		18	/bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0)
		19	/bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0)
		20	/bin/bash2 -- gen_context(system_u:object_r:shell_exec_t,s0)
		21	+/bin/bash\.bash -- gen_context(system_u:object_r:shell_exec_t,s0)
		22	/bin/fish -- gen_context(system_u:object_r:shell_exec_t,s0)
		23	/bin/ksh.* -- gen_context(system_u:object_r:shell_exec_t,s0)
		24	/bin/mksh -- gen_context(system_u:object_r:shell_exec_t,s0)


diff --git a/recipes-security/refpolicy/refpolicy-git/poky-fc-update-alternatives_bash.patch b/recipes-security/refpolicy/refpolicy-git/poky-fc-update-alternatives_bash.patch new file mode 100644 index 0000000..e0fdba1 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy-git/poky-fc-update-alternatives_bash.patch
@@ -0,0 +1,24 @@
		1	From 845518a6f196e6e8c49ba38791c85e17276920e1 Mon Sep 17 00:00:00 2001
		2	From: Mark Hatle <mark.hatle@windriver.com>
		3	Date: Thu, 14 Sep 2017 15:02:23 -0500
		4	Subject: [PATCH 3/4] fix update-alternatives for hostname
		5
		6	Upstream-Status: Inappropriate [only for Poky]
		7
		8	Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
		9	---
		10	policy/modules/system/corecommands.fc \| 1 +
		11	1 file changed, 1 insertion(+)
		12
		13	Index: refpolicy/policy/modules/kernel/corecommands.fc
		14	===================================================================
		15	--- refpolicy.orig/policy/modules/kernel/corecommands.fc
		16	+++ refpolicy/policy/modules/kernel/corecommands.fc
		17	@@ -6,6 +6,7 @@
		18	/bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0)
		19	/bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0)
		20	/bin/bash2 -- gen_context(system_u:object_r:shell_exec_t,s0)
		21	+/bin/bash\.bash -- gen_context(system_u:object_r:shell_exec_t,s0)
		22	/bin/fish -- gen_context(system_u:object_r:shell_exec_t,s0)
		23	/bin/ksh.* -- gen_context(system_u:object_r:shell_exec_t,s0)
		24	/bin/mksh -- gen_context(system_u:object_r:shell_exec_t,s0)


diff --git a/recipes-security/refpolicy/refpolicy_2.20170204.inc b/recipes-security/refpolicy/refpolicy_2.20170204.inc index 48e6cd6..8b72cbd 100644 --- a/recipes-security/refpolicy/refpolicy_2.20170204.inc +++ b/recipes-security/refpolicy/refpolicy_2.20170204.inc
@@ -9,6 +9,7 @@ SRC_URI += "file://poky-fc-subs_dist.patch \
9	file://poky-fc-update-alternatives_sysvinit.patch \	9	file://poky-fc-update-alternatives_sysvinit.patch \
10	file://poky-fc-update-alternatives_sysklogd.patch \	10	file://poky-fc-update-alternatives_sysklogd.patch \
11	file://poky-fc-update-alternatives_hostname.patch \	11	file://poky-fc-update-alternatives_hostname.patch \
		12	file://poky-fc-update-alternatives_bash.patch \
12	file://poky-fc-fix-real-path_resolv.conf.patch \	13	file://poky-fc-fix-real-path_resolv.conf.patch \
13	file://poky-fc-fix-real-path_login.patch \	14	file://poky-fc-fix-real-path_login.patch \
14	file://poky-fc-fix-real-path_shadow.patch \	15	file://poky-fc-fix-real-path_shadow.patch \


diff --git a/recipes-security/refpolicy/refpolicy_git.inc b/recipes-security/refpolicy/refpolicy_git.inc index 9c62da3..f71eb35 100644 --- a/recipes-security/refpolicy/refpolicy_git.inc +++ b/recipes-security/refpolicy/refpolicy_git.inc
@@ -14,6 +14,7 @@ SRC_URI += "file://poky-fc-subs_dist.patch \
14	file://poky-fc-update-alternatives_sysvinit.patch \	14	file://poky-fc-update-alternatives_sysvinit.patch \
15	file://poky-fc-update-alternatives_sysklogd.patch \	15	file://poky-fc-update-alternatives_sysklogd.patch \
16	file://poky-fc-update-alternatives_hostname.patch \	16	file://poky-fc-update-alternatives_hostname.patch \
		17	file://poky-fc-update-alternatives_bash.patch \
17	file://poky-fc-fix-real-path_resolv.conf.patch \	18	file://poky-fc-fix-real-path_resolv.conf.patch \
18	file://poky-fc-fix-real-path_login.patch \	19	file://poky-fc-fix-real-path_login.patch \
19	file://poky-fc-fix-real-path_shadow.patch \	20	file://poky-fc-fix-real-path_shadow.patch \