1 files changed, 18 insertions, 16 deletions
diff --git a/recipes-security/refpolicy/refpolicy-git/poky-fc-fix-real-path_login.patch b/recipes-security/refpolicy/refpolicy-git/poky-fc-fix-real-path_login.patch
index d97d58e..fc54217 100644
--- a/recipes-security/refpolicy/refpolicy-git/poky-fc-fix-real-path_login.patch
+++ b/recipes-security/refpolicy/refpolicy-git/poky-fc-fix-real-path_login.patch
@@ -3,31 +3,33 @@ Subject: [PATCH] fix real path for login commands.
 Upstream-Status: Inappropriate [only for Poky]
 Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
+Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 ---
 policy/modules/system/authlogin.fc |    5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)
 --- a/policy/modules/system/authlogin.fc
 +++ b/policy/modules/system/authlogin.fc
-@@ -1,19 +1,18 @@
+@@ -3,20 +3,19 @@
- 
- /bin/login             --      gen_context(system_u:object_r:login_exec_t,s0)
-+/bin/login\.shadow     --      gen_context(system_u:object_r:login_exec_t,s0)
-+/bin/login\.tinylogin  --      gen_context(system_u:object_r:login_exec_t,s0)
- 
- /etc/\.pwd\.lock       --      gen_context(system_u:object_r:shadow_t,s0)
- /etc/group\.lock       --      gen_context(system_u:object_r:shadow_t,s0)
 /etc/gshadow.*         --      gen_context(system_u:object_r:shadow_t,s0)
 /etc/passwd\.lock      --      gen_context(system_u:object_r:shadow_t,s0)
 /etc/shadow.*          --      gen_context(system_u:object_r:shadow_t,s0)
 
- /sbin/pam_console_apply         --     gen_context(system_u:object_r:pam_console_exec_t,s0)
+ /usr/bin/login         --      gen_context(system_u:object_r:login_exec_t,s0)
- /sbin/pam_timestamp_check --   gen_context(system_u:object_r:pam_exec_t,s0)
+/usr/bin/login\.shadow --      gen_context(system_u:object_r:login_exec_t,s0)
-/sbin/unix_chkpwd      --      gen_context(system_u:object_r:chkpwd_exec_t,s0)
+/usr/bin/login\.tinylogin      --      gen_context(system_u:object_r:login_exec_t,s0)
-/sbin/unix_update      --      gen_context(system_u:object_r:updpwd_exec_t,s0)
+ 
-/sbin/unix_verify      --      gen_context(system_u:object_r:chkpwd_exec_t,s0)
+ /usr/kerberos/sbin/login\.krb5 -- gen_context(system_u:object_r:login_exec_t,s0)
+ 
+ /usr/lib/utempter/utempter --  gen_context(system_u:object_r:utempter_exec_t,s0)
+ 
+ /usr/sbin/pam_console_apply    --      gen_context(system_u:object_r:pam_console_exec_t,s0)
+ /usr/sbin/pam_timestamp_check   --     gen_context(system_u:object_r:pam_exec_t,s0)
+-/usr/sbin/unix_chkpwd          --      gen_context(system_u:object_r:chkpwd_exec_t,s0)
+-/usr/sbin/unix_update          --      gen_context(system_u:object_r:updpwd_exec_t,s0)
+-/usr/sbin/unix_verify          --      gen_context(system_u:object_r:chkpwd_exec_t,s0)
+ /usr/sbin/utempter             --      gen_context(system_u:object_r:utempter_exec_t,s0)
+ /usr/sbin/validate             --      gen_context(system_u:object_r:chkpwd_exec_t,s0)
 ifdef(`distro_suse', `
- /sbin/unix2_chkpwd     --      gen_context(system_u:object_r:chkpwd_exec_t,s0)
+ /usr/sbin/unix2_chkpwd --      gen_context(system_u:object_r:chkpwd_exec_t,s0)
 ')
- 
- /usr/bin/login         --      gen_context(system_u:object_r:login_exec_t,s0)

diff --git a/recipes-security/refpolicy/refpolicy-git/poky-fc-fix-real-path_login.patch b/recipes-security/refpolicy/refpolicy-git/poky-fc-fix-real-path_login.patch index d97d58e..fc54217 100644 --- a/recipes-security/refpolicy/refpolicy-git/poky-fc-fix-real-path_login.patch +++ b/recipes-security/refpolicy/refpolicy-git/poky-fc-fix-real-path_login.patch
@@ -3,31 +3,33 @@ Subject: [PATCH] fix real path for login commands.
3	Upstream-Status: Inappropriate [only for Poky]	3	Upstream-Status: Inappropriate [only for Poky]
4		4
5	Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>	5	Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
		6	Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
6	---	7	---
7	policy/modules/system/authlogin.fc \| 5 ++---	8	policy/modules/system/authlogin.fc \| 5 ++---
8	1 file changed, 2 insertions(+), 3 deletions(-)	9	1 file changed, 2 insertions(+), 3 deletions(-)
9		10
10	--- a/policy/modules/system/authlogin.fc	11	--- a/policy/modules/system/authlogin.fc
11	+++ b/policy/modules/system/authlogin.fc	12	+++ b/policy/modules/system/authlogin.fc
12	@@ -1,19 +1,18 @@	13	@@ -3,20 +3,19 @@
13
14	/bin/login -- gen_context(system_u:object_r:login_exec_t,s0)
15	+/bin/login\.shadow -- gen_context(system_u:object_r:login_exec_t,s0)
16	+/bin/login\.tinylogin -- gen_context(system_u:object_r:login_exec_t,s0)
17
18	/etc/\.pwd\.lock -- gen_context(system_u:object_r:shadow_t,s0)
19	/etc/group\.lock -- gen_context(system_u:object_r:shadow_t,s0)
20	/etc/gshadow.* -- gen_context(system_u:object_r:shadow_t,s0)	14	/etc/gshadow.* -- gen_context(system_u:object_r:shadow_t,s0)
21	/etc/passwd\.lock -- gen_context(system_u:object_r:shadow_t,s0)	15	/etc/passwd\.lock -- gen_context(system_u:object_r:shadow_t,s0)
22	/etc/shadow.* -- gen_context(system_u:object_r:shadow_t,s0)	16	/etc/shadow.* -- gen_context(system_u:object_r:shadow_t,s0)
23		17
24	/sbin/pam_console_apply -- gen_context(system_u:object_r:pam_console_exec_t,s0)	18	/usr/bin/login -- gen_context(system_u:object_r:login_exec_t,s0)
25	/sbin/pam_timestamp_check -- gen_context(system_u:object_r:pam_exec_t,s0)	19	+/usr/bin/login\.shadow -- gen_context(system_u:object_r:login_exec_t,s0)
26	-/sbin/unix_chkpwd -- gen_context(system_u:object_r:chkpwd_exec_t,s0)	20	+/usr/bin/login\.tinylogin -- gen_context(system_u:object_r:login_exec_t,s0)
27	-/sbin/unix_update -- gen_context(system_u:object_r:updpwd_exec_t,s0)	21
28	-/sbin/unix_verify -- gen_context(system_u:object_r:chkpwd_exec_t,s0)	22	/usr/kerberos/sbin/login\.krb5 -- gen_context(system_u:object_r:login_exec_t,s0)
		23
		24	/usr/lib/utempter/utempter -- gen_context(system_u:object_r:utempter_exec_t,s0)
		25
		26	/usr/sbin/pam_console_apply -- gen_context(system_u:object_r:pam_console_exec_t,s0)
		27	/usr/sbin/pam_timestamp_check -- gen_context(system_u:object_r:pam_exec_t,s0)
		28	-/usr/sbin/unix_chkpwd -- gen_context(system_u:object_r:chkpwd_exec_t,s0)
		29	-/usr/sbin/unix_update -- gen_context(system_u:object_r:updpwd_exec_t,s0)
		30	-/usr/sbin/unix_verify -- gen_context(system_u:object_r:chkpwd_exec_t,s0)
		31	/usr/sbin/utempter -- gen_context(system_u:object_r:utempter_exec_t,s0)
		32	/usr/sbin/validate -- gen_context(system_u:object_r:chkpwd_exec_t,s0)
29	ifdef(`distro_suse', `	33	ifdef(`distro_suse', `
30	/sbin/unix2_chkpwd -- gen_context(system_u:object_r:chkpwd_exec_t,s0)	34	/usr/sbin/unix2_chkpwd -- gen_context(system_u:object_r:chkpwd_exec_t,s0)
31	')	35	')
32
33	/usr/bin/login -- gen_context(system_u:object_r:login_exec_t,s0)