1 files changed, 36 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0003-refpolicy-minimum-make-dbus-module-optional.patch b/recipes-security/refpolicy/refpolicy/0003-refpolicy-minimum-make-dbus-module-optional.patch
new file mode 100644
index 0000000..d545d2a
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0003-refpolicy-minimum-make-dbus-module-optional.patch
@@ -0,0 +1,36 @@
+From e28807393f105a16528cb5304283bde0b771fc4e Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Wed, 9 Nov 2022 10:53:26 +0800
+Subject: [PATCH] refpolicy-minimum: make dbus module optional
+The mount module invokes interface
+dbus_dontaudit_write_system_bus_runtime_named_sockets which is from dbus
+module. Since dbus is not a core moudle in sysvinit system, we could
+make this interface optional in mount module by optional_policy. Then we
+could make the minimum policy without dbus module.
+Upstream-Status: Inappropriate [embedded specific]
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ policy/modules/system/mount.te | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
+index 97f49e58e..b59529a01 100644
+--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
+@@ -146,7 +146,9 @@ selinux_getattr_fs(mount_t)
+ 
+ userdom_use_all_users_fds(mount_t)
+ 
+-dbus_dontaudit_write_system_bus_runtime_named_sockets(mount_t)
+optional_policy(`
+       dbus_dontaudit_write_system_bus_runtime_named_sockets(mount_t)
+')
+ 
+ ifdef(`distro_redhat',`
+        optional_policy(`
+-- 
+2.25.1

diff --git a/recipes-security/refpolicy/refpolicy/0003-refpolicy-minimum-make-dbus-module-optional.patch b/recipes-security/refpolicy/refpolicy/0003-refpolicy-minimum-make-dbus-module-optional.patch new file mode 100644 index 0000000..d545d2a --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0003-refpolicy-minimum-make-dbus-module-optional.patch
@@ -0,0 +1,36 @@
	1	From e28807393f105a16528cb5304283bde0b771fc4e Mon Sep 17 00:00:00 2001
	2	From: Yi Zhao <yi.zhao@windriver.com>
	3	Date: Wed, 9 Nov 2022 10:53:26 +0800
	4	Subject: [PATCH] refpolicy-minimum: make dbus module optional
	5
	6	The mount module invokes interface
	7	dbus_dontaudit_write_system_bus_runtime_named_sockets which is from dbus
	8	module. Since dbus is not a core moudle in sysvinit system, we could
	9	make this interface optional in mount module by optional_policy. Then we
	10	could make the minimum policy without dbus module.
	11
	12	Upstream-Status: Inappropriate [embedded specific]
	13
	14	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
	15	---
	16	policy/modules/system/mount.te \| 4 +++-
	17	1 file changed, 3 insertions(+), 1 deletion(-)
	18
	19	diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
	20	index 97f49e58e..b59529a01 100644
	21	--- a/policy/modules/system/mount.te
	22	+++ b/policy/modules/system/mount.te
	23	@@ -146,7 +146,9 @@ selinux_getattr_fs(mount_t)
	24
	25	userdom_use_all_users_fds(mount_t)
	26
	27	-dbus_dontaudit_write_system_bus_runtime_named_sockets(mount_t)
	28	+optional_policy(`
	29	+ dbus_dontaudit_write_system_bus_runtime_named_sockets(mount_t)
	30	+')
	31
	32	ifdef(`distro_redhat',`
	33	optional_policy(`
	34	--
	35	2.25.1
	36