summaryrefslogtreecommitdiffstats
path: root/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-tmp-symlink.patch
diff options
context:
space:
mode:
Diffstat (limited to 'recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-tmp-symlink.patch')
-rw-r--r--recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-tmp-symlink.patch19
1 files changed, 10 insertions, 9 deletions
diff --git a/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-tmp-symlink.patch b/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-tmp-symlink.patch
index 7a30460..d3c1ee5 100644
--- a/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-tmp-symlink.patch
+++ b/recipes-security/refpolicy/refpolicy-git/poky-policy-add-rules-for-tmp-symlink.patch
@@ -9,6 +9,7 @@ lnk_file while doing search/list/delete/rw.. in /tmp/ directory.
9Upstream-Status: Inappropriate [only for Poky] 9Upstream-Status: Inappropriate [only for Poky]
10 10
11Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com> 11Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
12Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
12--- 13---
13 policy/modules/kernel/files.fc | 1 + 14 policy/modules/kernel/files.fc | 1 +
14 policy/modules/kernel/files.if | 8 ++++++++ 15 policy/modules/kernel/files.if | 8 ++++++++
@@ -16,7 +17,7 @@ Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
16 17
17--- a/policy/modules/kernel/files.fc 18--- a/policy/modules/kernel/files.fc
18+++ b/policy/modules/kernel/files.fc 19+++ b/policy/modules/kernel/files.fc
19@@ -191,10 +191,11 @@ ifdef(`distro_debian',` 20@@ -172,10 +172,11 @@ HOME_ROOT/lost\+found/.* <<none>>
20 21
21 # 22 #
22 # /tmp 23 # /tmp
@@ -30,7 +31,7 @@ Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
30 /tmp/lost\+found/.* <<none>> 31 /tmp/lost\+found/.* <<none>>
31--- a/policy/modules/kernel/files.if 32--- a/policy/modules/kernel/files.if
32+++ b/policy/modules/kernel/files.if 33+++ b/policy/modules/kernel/files.if
33@@ -4471,10 +4471,11 @@ interface(`files_search_tmp',` 34@@ -4579,10 +4579,11 @@ interface(`files_search_tmp',`
34 gen_require(` 35 gen_require(`
35 type tmp_t; 36 type tmp_t;
36 ') 37 ')
@@ -42,7 +43,7 @@ Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
42 ######################################## 43 ########################################
43 ## <summary> 44 ## <summary>
44 ## Do not audit attempts to search the tmp directory (/tmp). 45 ## Do not audit attempts to search the tmp directory (/tmp).
45@@ -4507,10 +4508,11 @@ interface(`files_list_tmp',` 46@@ -4615,10 +4616,11 @@ interface(`files_list_tmp',`
46 gen_require(` 47 gen_require(`
47 type tmp_t; 48 type tmp_t;
48 ') 49 ')
@@ -54,7 +55,7 @@ Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
54 ######################################## 55 ########################################
55 ## <summary> 56 ## <summary>
56 ## Do not audit listing of the tmp directory (/tmp). 57 ## Do not audit listing of the tmp directory (/tmp).
57@@ -4543,10 +4545,11 @@ interface(`files_delete_tmp_dir_entry',` 58@@ -4651,10 +4653,11 @@ interface(`files_delete_tmp_dir_entry',`
58 gen_require(` 59 gen_require(`
59 type tmp_t; 60 type tmp_t;
60 ') 61 ')
@@ -66,7 +67,7 @@ Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
66 ######################################## 67 ########################################
67 ## <summary> 68 ## <summary>
68 ## Read files in the tmp directory (/tmp). 69 ## Read files in the tmp directory (/tmp).
69@@ -4561,10 +4564,11 @@ interface(`files_read_generic_tmp_files' 70@@ -4669,10 +4672,11 @@ interface(`files_read_generic_tmp_files'
70 gen_require(` 71 gen_require(`
71 type tmp_t; 72 type tmp_t;
72 ') 73 ')
@@ -78,7 +79,7 @@ Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
78 ######################################## 79 ########################################
79 ## <summary> 80 ## <summary>
80 ## Manage temporary directories in /tmp. 81 ## Manage temporary directories in /tmp.
81@@ -4579,10 +4583,11 @@ interface(`files_manage_generic_tmp_dirs 82@@ -4687,10 +4691,11 @@ interface(`files_manage_generic_tmp_dirs
82 gen_require(` 83 gen_require(`
83 type tmp_t; 84 type tmp_t;
84 ') 85 ')
@@ -90,7 +91,7 @@ Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
90 ######################################## 91 ########################################
91 ## <summary> 92 ## <summary>
92 ## Manage temporary files and directories in /tmp. 93 ## Manage temporary files and directories in /tmp.
93@@ -4597,10 +4602,11 @@ interface(`files_manage_generic_tmp_file 94@@ -4705,10 +4710,11 @@ interface(`files_manage_generic_tmp_file
94 gen_require(` 95 gen_require(`
95 type tmp_t; 96 type tmp_t;
96 ') 97 ')
@@ -102,7 +103,7 @@ Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
102 ######################################## 103 ########################################
103 ## <summary> 104 ## <summary>
104 ## Read symbolic links in the tmp directory (/tmp). 105 ## Read symbolic links in the tmp directory (/tmp).
105@@ -4633,10 +4639,11 @@ interface(`files_rw_generic_tmp_sockets' 106@@ -4741,10 +4747,11 @@ interface(`files_rw_generic_tmp_sockets'
106 gen_require(` 107 gen_require(`
107 type tmp_t; 108 type tmp_t;
108 ') 109 ')
@@ -114,7 +115,7 @@ Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
114 ######################################## 115 ########################################
115 ## <summary> 116 ## <summary>
116 ## Mount filesystems in the tmp directory (/tmp) 117 ## Mount filesystems in the tmp directory (/tmp)
117@@ -4840,10 +4847,11 @@ interface(`files_tmp_filetrans',` 118@@ -4948,10 +4955,11 @@ interface(`files_tmp_filetrans',`
118 gen_require(` 119 gen_require(`
119 type tmp_t; 120 type tmp_t;
120 ') 121 ')
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-12 18:12:49 +0000