1 files changed, 0 insertions, 54 deletions
diff --git a/recipes-security/refpolicy/refpolicy-git/0002-refpolicy-minimum-locallogin-add-allow-rules-for-typ.patch b/recipes-security/refpolicy/refpolicy-git/0002-refpolicy-minimum-locallogin-add-allow-rules-for-typ.patch
deleted file mode 100644
index e2c6c89..0000000
--- a/recipes-security/refpolicy/refpolicy-git/0002-refpolicy-minimum-locallogin-add-allow-rules-for-typ.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From b69a82237ccc8de3f5b822739760f5cb6596fe51 Mon Sep 17 00:00:00 2001
-From: Shrikant Bobade <shrikant_bobade@mentor.com>
-Date: Fri, 26 Aug 2016 17:53:46 +0530
-Subject: [PATCH 2/9] refpolicy-minimum: locallogin: add allow rules for type
- local_login_t
-add allow rules for locallogin module avc denials.
-without this change we are getting errors like these:
-type=AVC msg=audit(): avc:  denied  { read write open } for  pid=353
-comm="login" path="/var/volatile/log/lastlog" dev="tmpfs" ino=12281 scontext
-=system_u:system_r:local_login_t:s0-s0:c0.c1023 tcontext=system_u:object_r:
-var_log_t:s0 tclass=file permissive=1
-type=AVC msg=audit(): avc:  denied  { sendto } for  pid=353 comm="login"
-path="/run/systemd/journal/dev-log" scontext=system_u:system_r:
-local_login_t:s0-s0:c0.c1023 tcontext=system_u:system_r:initrc_t:s0
-tclass=unix_dgram_socket permissive=1
-type=AVC msg=audit(): avc:  denied  { lock } for  pid=353 comm="login" path=
-"/var/volatile/log/lastlog" dev="tmpfs" ino=12281 scontext=system_u:system_r
-:local_login_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_log_t:s0 tclass
-=file permissive=1
-Upstream-Status: Pending
-Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
---
- policy/modules/system/locallogin.te | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te
-index 4c679ff3..75750e4c 100644
--- a/policy/modules/system/locallogin.te
-+++ b/policy/modules/system/locallogin.te
-@@ -288,3 +288,13 @@ optional_policy(`
- optional_policy(`
-        nscd_use(sulogin_t)
- ')
-+
-+allow local_login_t initrc_t:fd use;
-+allow local_login_t initrc_t:unix_dgram_socket sendto;
-+allow local_login_t initrc_t:unix_stream_socket connectto;
-+allow local_login_t self:capability net_admin;
-+allow local_login_t var_log_t:file { create lock open read write };
-+allow local_login_t var_run_t:file { open read write lock};
-+allow local_login_t var_run_t:sock_file write;
-+allow local_login_t tmpfs_t:dir { add_name write search};
-+allow local_login_t tmpfs_t:file { create open read write lock };
-- 
-2.19.1

diff --git a/recipes-security/refpolicy/refpolicy-git/0002-refpolicy-minimum-locallogin-add-allow-rules-for-typ.patch b/recipes-security/refpolicy/refpolicy-git/0002-refpolicy-minimum-locallogin-add-allow-rules-for-typ.patch deleted file mode 100644 index e2c6c89..0000000 --- a/recipes-security/refpolicy/refpolicy-git/0002-refpolicy-minimum-locallogin-add-allow-rules-for-typ.patch +++ /dev/null
@@ -1,54 +0,0 @@
1	From b69a82237ccc8de3f5b822739760f5cb6596fe51 Mon Sep 17 00:00:00 2001
2	From: Shrikant Bobade <shrikant_bobade@mentor.com>
3	Date: Fri, 26 Aug 2016 17:53:46 +0530
4	Subject: [PATCH 2/9] refpolicy-minimum: locallogin: add allow rules for type
5	local_login_t
6
7	add allow rules for locallogin module avc denials.
8
9	without this change we are getting errors like these:
10
11	type=AVC msg=audit(): avc: denied { read write open } for pid=353
12	comm="login" path="/var/volatile/log/lastlog" dev="tmpfs" ino=12281 scontext
13	=system_u:system_r:local_login_t:s0-s0:c0.c1023 tcontext=system_u:object_r:
14	var_log_t:s0 tclass=file permissive=1
15
16	type=AVC msg=audit(): avc: denied { sendto } for pid=353 comm="login"
17	path="/run/systemd/journal/dev-log" scontext=system_u:system_r:
18	local_login_t:s0-s0:c0.c1023 tcontext=system_u:system_r:initrc_t:s0
19	tclass=unix_dgram_socket permissive=1
20
21	type=AVC msg=audit(): avc: denied { lock } for pid=353 comm="login" path=
22	"/var/volatile/log/lastlog" dev="tmpfs" ino=12281 scontext=system_u:system_r
23	:local_login_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_log_t:s0 tclass
24	=file permissive=1
25
26	Upstream-Status: Pending
27
28	Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
29	Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
30	---
31	policy/modules/system/locallogin.te \| 10 ++++++++++
32	1 file changed, 10 insertions(+)
33
34	diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te
35	index 4c679ff3..75750e4c 100644
36	--- a/policy/modules/system/locallogin.te
37	+++ b/policy/modules/system/locallogin.te
38	@@ -288,3 +288,13 @@ optional_policy(`
39	optional_policy(`
40	nscd_use(sulogin_t)
41	')
42	+
43	+allow local_login_t initrc_t:fd use;
44	+allow local_login_t initrc_t:unix_dgram_socket sendto;
45	+allow local_login_t initrc_t:unix_stream_socket connectto;
46	+allow local_login_t self:capability net_admin;
47	+allow local_login_t var_log_t:file { create lock open read write };
48	+allow local_login_t var_run_t:file { open read write lock};
49	+allow local_login_t var_run_t:sock_file write;
50	+allow local_login_t tmpfs_t:dir { add_name write search};
51	+allow local_login_t tmpfs_t:file { create open read write lock };
52	--
53	2.19.1
54