1 files changed, 33 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0001-fc-subs-volatile-alias-common-var-volatile-paths.patch b/recipes-security/refpolicy/refpolicy/0001-fc-subs-volatile-alias-common-var-volatile-paths.patch
new file mode 100644
index 0000000..be802ec
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0001-fc-subs-volatile-alias-common-var-volatile-paths.patch
@@ -0,0 +1,33 @@
+From 7dc492abc2918e770b36099cf079ca9be10598c8 Mon Sep 17 00:00:00 2001
+From: Joe MacDonald <joe_macdonald@mentor.com>
+Date: Thu, 28 Mar 2019 16:14:09 -0400
+Subject: [PATCH] fc/subs/volatile: alias common /var/volatile paths
+Ensure /var/volatile paths get the appropriate base file context.
+Upstream-Status: Inappropriate [embedded specific]
+Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
+Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ config/file_contexts.subs_dist | 6 ++++++
+ 1 file changed, 6 insertions(+)
+diff --git a/config/file_contexts.subs_dist b/config/file_contexts.subs_dist
+index 346d920e3..aeb25a5bb 100644
+--- a/config/file_contexts.subs_dist
+++ b/config/file_contexts.subs_dist
+@@ -31,3 +31,9 @@
+ # not for refpolicy intern, but for /var/run using applications,
+ # like systemd tmpfiles or systemd socket configurations
+ /var/run /run
+
+# volatile aliases
+# ensure the policy applied to the base filesystem objects are reflected in the
+# volatile hierarchy.
+/var/volatile/log /var/log
+/var/volatile/tmp /var/tmp
+-- 
+2.17.1

diff --git a/recipes-security/refpolicy/refpolicy/0001-fc-subs-volatile-alias-common-var-volatile-paths.patch b/recipes-security/refpolicy/refpolicy/0001-fc-subs-volatile-alias-common-var-volatile-paths.patch new file mode 100644 index 0000000..be802ec --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0001-fc-subs-volatile-alias-common-var-volatile-paths.patch
@@ -0,0 +1,33 @@
	1	From 7dc492abc2918e770b36099cf079ca9be10598c8 Mon Sep 17 00:00:00 2001
	2	From: Joe MacDonald <joe_macdonald@mentor.com>
	3	Date: Thu, 28 Mar 2019 16:14:09 -0400
	4	Subject: [PATCH] fc/subs/volatile: alias common /var/volatile paths
	5
	6	Ensure /var/volatile paths get the appropriate base file context.
	7
	8	Upstream-Status: Inappropriate [embedded specific]
	9
	10	Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
	11	Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
	12	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
	13	---
	14	config/file_contexts.subs_dist \| 6 ++++++
	15	1 file changed, 6 insertions(+)
	16
	17	diff --git a/config/file_contexts.subs_dist b/config/file_contexts.subs_dist
	18	index 346d920e3..aeb25a5bb 100644
	19	--- a/config/file_contexts.subs_dist
	20	+++ b/config/file_contexts.subs_dist
	21	@@ -31,3 +31,9 @@
	22	# not for refpolicy intern, but for /var/run using applications,
	23	# like systemd tmpfiles or systemd socket configurations
	24	/var/run /run
	25	+
	26	+# volatile aliases
	27	+# ensure the policy applied to the base filesystem objects are reflected in the
	28	+# volatile hierarchy.
	29	+/var/volatile/log /var/log
	30	+/var/volatile/tmp /var/tmp
	31	--
	32	2.17.1
	33