diff options
| author | Shrikant Bobade <shrikant_bobade@mentor.com> | 2015-08-03 19:04:37 +0530 |
|---|---|---|
| committer | Joe MacDonald <joe_macdonald@mentor.com> | 2015-08-07 17:33:21 -0400 |
| commit | 6a775bb8ed866fac87f2a9b11a8ff11988a40ac6 (patch) | |
| tree | 4373dff0fef6f2ef4b7b8c8a7289d10bfc11d2cf /recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-cache-symlink.patch | |
| parent | e59f3b7d04bea0a8897a6458f5f5427a364d3388 (diff) | |
| download | meta-selinux-6a775bb8ed866fac87f2a9b11a8ff11988a40ac6.tar.gz | |
refpolicy git: update refpolicy to git repository
A straight update from refpolicy 2.20140311 to refpolicy git
repository for the core policy variants and forward-porting
of policy patches as appropriate.
This approach is useful for building refpolicy & refpolicy-contrib
directly from the git repos, rather than release tarballs.
It helps to check the refpolicy based on source commits by just
updating the git repo rev. as appropriate in refpolicy_git.inc
ref: https://github.com/TresysTechnology/refpolicy/wiki
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Diffstat (limited to 'recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-cache-symlink.patch')
| -rw-r--r-- | recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-cache-symlink.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-cache-symlink.patch b/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-cache-symlink.patch new file mode 100644 index 0000000..18a92dd --- /dev/null +++ b/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-var-cache-symlink.patch | |||
| @@ -0,0 +1,34 @@ | |||
| 1 | From bad816bc752369a6c1bf40231c505d21d95cab08 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Xin Ouyang <Xin.Ouyang@windriver.com> | ||
| 3 | Date: Fri, 23 Aug 2013 11:20:00 +0800 | ||
| 4 | Subject: [PATCH 4/6] add rules for the subdir symlinks in /var/ | ||
| 5 | |||
| 6 | Except /var/log,/var/run,/var/lock, there still other subdir symlinks in | ||
| 7 | /var for poky, so we need allow rules for all domains to read these | ||
| 8 | symlinks. Domains still need their practical allow rules to read the | ||
| 9 | contents, so this is still a secure relax. | ||
| 10 | |||
| 11 | Upstream-Status: Inappropriate [only for Poky] | ||
| 12 | |||
| 13 | Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com> | ||
| 14 | --- | ||
| 15 | policy/modules/kernel/domain.te | 3 +++ | ||
| 16 | 1 file changed, 3 insertions(+) | ||
| 17 | |||
| 18 | diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te | ||
| 19 | index cf04cb5..9ffe6b0 100644 | ||
| 20 | --- a/policy/modules/kernel/domain.te | ||
| 21 | +++ b/policy/modules/kernel/domain.te | ||
| 22 | @@ -104,6 +104,9 @@ term_use_controlling_term(domain) | ||
| 23 | # list the root directory | ||
| 24 | files_list_root(domain) | ||
| 25 | |||
| 26 | +# Yocto/oe-core use some var volatile links | ||
| 27 | +files_read_var_symlinks(domain) | ||
| 28 | + | ||
| 29 | ifdef(`hide_broken_symptoms',` | ||
| 30 | # This check is in the general socket | ||
| 31 | # listen code, before protocol-specific | ||
| 32 | -- | ||
| 33 | 1.7.9.5 | ||
| 34 | |||