1 files changed, 0 insertions, 37 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0051-policy-modules-system-init-add-capability2-bpf-and-p.patch b/recipes-security/refpolicy/refpolicy/0051-policy-modules-system-init-add-capability2-bpf-and-p.patch
deleted file mode 100644
index f7758c5..0000000
--- a/recipes-security/refpolicy/refpolicy/0051-policy-modules-system-init-add-capability2-bpf-and-p.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 2d932ba7140d91cf2a8386b0240f4f1014124746 Mon Sep 17 00:00:00 2001
-From: Yi Zhao <yi.zhao@windriver.com>
-Date: Wed, 3 Feb 2021 09:47:59 +0800
-Subject: [PATCH] policy/modules/system/init: add capability2 bpf and perfmon
- for init_t
-Fixes:
-avc:  denied  { bpf } for  pid=1 comm="systemd" capability=39
-scontext=system_u:system_r:init_t tcontext=system_u:system_r:init_t
-tclass=capability2 permissive=0
-avc:  denied  { perfmon } for  pid=1 comm="systemd" capability=38
-scontext=system_u:system_r:init_t tcontext=system_u:system_r:init_t
-tclass=capability2 permissive=0
-Upstream-Status: Inappropriate [embedded specific]
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
- policy/modules/system/init.te | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
-index e82177938..b7d494398 100644
--- a/policy/modules/system/init.te
-+++ b/policy/modules/system/init.te
-@@ -134,7 +134,7 @@ ifdef(`enable_mls',`
- 
- # Use capabilities. old rule:
- allow init_t self:capability { chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap };
-allow init_t self:capability2 { wake_alarm block_suspend };
-+allow init_t self:capability2 { wake_alarm block_suspend bpf perfmon };
- # is ~sys_module really needed? observed:
- # sys_boot
- # sys_tty_config
-- 
-2.17.1

diff --git a/recipes-security/refpolicy/refpolicy/0051-policy-modules-system-init-add-capability2-bpf-and-p.patch b/recipes-security/refpolicy/refpolicy/0051-policy-modules-system-init-add-capability2-bpf-and-p.patch deleted file mode 100644 index f7758c5..0000000 --- a/recipes-security/refpolicy/refpolicy/0051-policy-modules-system-init-add-capability2-bpf-and-p.patch +++ /dev/null
@@ -1,37 +0,0 @@
1	From 2d932ba7140d91cf2a8386b0240f4f1014124746 Mon Sep 17 00:00:00 2001
2	From: Yi Zhao <yi.zhao@windriver.com>
3	Date: Wed, 3 Feb 2021 09:47:59 +0800
4	Subject: [PATCH] policy/modules/system/init: add capability2 bpf and perfmon
5	for init_t
6
7	Fixes:
8	avc: denied { bpf } for pid=1 comm="systemd" capability=39
9	scontext=system_u:system_r:init_t tcontext=system_u:system_r:init_t
10	tclass=capability2 permissive=0
11	avc: denied { perfmon } for pid=1 comm="systemd" capability=38
12	scontext=system_u:system_r:init_t tcontext=system_u:system_r:init_t
13	tclass=capability2 permissive=0
14
15	Upstream-Status: Inappropriate [embedded specific]
16
17	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
18	---
19	policy/modules/system/init.te \| 2 +-
20	1 file changed, 1 insertion(+), 1 deletion(-)
21
22	diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
23	index e82177938..b7d494398 100644
24	--- a/policy/modules/system/init.te
25	+++ b/policy/modules/system/init.te
26	@@ -134,7 +134,7 @@ ifdef(`enable_mls',`
27
28	# Use capabilities. old rule:
29	allow init_t self:capability { chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap };
30	-allow init_t self:capability2 { wake_alarm block_suspend };
31	+allow init_t self:capability2 { wake_alarm block_suspend bpf perfmon };
32	# is ~sys_module really needed? observed:
33	# sys_boot
34	# sys_tty_config
35	--
36	2.17.1
37