summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYi Zhao <yi.zhao@windriver.com>2025-01-26 21:17:03 +0800
committerKhem Raj <raj.khem@gmail.com>2025-01-26 13:33:35 -0800
commiteaeef33683708bb9c743a69172f0e705949014a0 (patch)
treee657f17e4d2d5e2943155f74b74a9f24417a8483
parenta91f294b1e55cb6caa3c8b8b6c94b0d05ed9bc22 (diff)
downloadmeta-openembedded-eaeef33683708bb9c743a69172f0e705949014a0.tar.gz
audit: upgrade 4.0.2 -> 4.0.3
ChangeLog: - Remove a RHEL4 flag table since it's been unsupported for a while - Change dependency from Requires to Wants for audit-rules.service - Disable ProtectKernelModules by default in auditd.service - Skip plugin configs that do not have .conf suffix - audisp-filter: iterate records correctly when forwarding - Update syscall table for missing syscalls - Modify ausearch checkpoint code to address 64 inode and device numbers - Fix potential segfault interpreting relative paths - Add audit_set_enabled & audit_is_enabled back to the libaudit python bindings - Log runlevel changes to console during boot - Add audit-tmpfiles.conf to ensure /var/log/audit exists - Propagate event format to the audisp-af_unix plugin - Add support for RISC-V - riscv32, riscv64 * Enable riscv support * Use its own volatile file for systemd. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat
-rw-r--r--meta-oe/recipes-security/audit/audit/audit-volatile.conf1
-rw-r--r--meta-oe/recipes-security/audit/audit_4.0.3.bb (renamed from meta-oe/recipes-security/audit/audit_4.0.2.bb)18
2 files changed, 7 insertions, 12 deletions
diff --git a/meta-oe/recipes-security/audit/audit/audit-volatile.conf b/meta-oe/recipes-security/audit/audit/audit-volatile.conf
deleted file mode 100644
index 9cbe1547a3..0000000000
--- a/meta-oe/recipes-security/audit/audit/audit-volatile.conf
+++ /dev/null
@@ -1 +0,0 @@
1d /var/log/audit 0750 root root -
diff --git a/meta-oe/recipes-security/audit/audit_4.0.2.bb b/meta-oe/recipes-security/audit/audit_4.0.3.bb
index 4f1507923a..9501787e09 100644
--- a/meta-oe/recipes-security/audit/audit_4.0.2.bb
+++ b/meta-oe/recipes-security/audit/audit_4.0.3.bb
@@ -10,11 +10,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
10SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=master;protocol=https \ 10SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=master;protocol=https \
11 file://0001-Fixed-swig-host-contamination-issue.patch \ 11 file://0001-Fixed-swig-host-contamination-issue.patch \
12 file://auditd \ 12 file://auditd \
13 file://audit-volatile.conf \
14 " 13 "
15 14
16S = "${WORKDIR}/git" 15S = "${WORKDIR}/git"
17SRCREV = "4e6deae41d4646d28bb3ba9524a8a227a38ccd0b" 16SRCREV = "51d154c5b7ec91831cbb89fe6ca54d8eb7ba344c"
18 17
19inherit autotools python3targetconfig update-rc.d systemd 18inherit autotools python3targetconfig update-rc.d systemd
20 19
@@ -33,6 +32,7 @@ EXTRA_OECONF = " \
33 --with-python3 \ 32 --with-python3 \
34 --with-arm \ 33 --with-arm \
35 --with-aarch64 \ 34 --with-aarch64 \
35 --with-riscv \
36 --without-golang \ 36 --without-golang \
37 --disable-gssapi-krb5 \ 37 --disable-gssapi-krb5 \
38 --disable-zos-remote \ 38 --disable-zos-remote \
@@ -57,7 +57,9 @@ PACKAGES =+ "audispd-plugins"
57PACKAGES += "auditd ${PN}-python" 57PACKAGES += "auditd ${PN}-python"
58 58
59FILES:${PN} = "${sysconfdir}/libaudit.conf ${libdir}/libau*.so.*" 59FILES:${PN} = "${sysconfdir}/libaudit.conf ${libdir}/libau*.so.*"
60FILES:auditd = "${bindir}/* ${base_sbindir}/* ${sysconfdir}/* ${datadir}/audit-rules/* ${libexecdir}/*" 60FILES:auditd = "${bindir}/* ${base_sbindir}/* ${sysconfdir}/* \
61 ${datadir}/audit-rules/* ${libexecdir}/* \
62 ${nonarch_libdir}/tmpfiles.d/*.conf"
61FILES:audispd-plugins = "${sysconfdir}/audit/audisp-remote.conf \ 63FILES:audispd-plugins = "${sysconfdir}/audit/audisp-remote.conf \
62 ${sysconfdir}/audit/plugins.d/au-remote.conf \ 64 ${sysconfdir}/audit/plugins.d/au-remote.conf \
63 ${sysconfdir}/audit/plugins.d/syslog.conf \ 65 ${sysconfdir}/audit/plugins.d/syslog.conf \
@@ -87,19 +89,13 @@ do_install:append() {
87 # Based on the audit.spec "Copy default rules into place on new installation" 89 # Based on the audit.spec "Copy default rules into place on new installation"
88 install -m 0640 ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules 90 install -m 0640 ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules
89 91
90 if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
91 install -D -m 0644 ${UNPACKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/audit.conf
92 fi
93
94 if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then 92 if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
95 install -D -m 0755 ${UNPACKDIR}/auditd ${D}/etc/init.d/auditd 93 install -D -m 0755 ${UNPACKDIR}/auditd ${D}/etc/init.d/auditd
96 fi 94 fi
97 95
98 if ! ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then 96 if ! ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
99 rm -rf ${D}${libdir}/systemd 97 rm -rf ${D}${nonarch_libdir}/systemd
100 install -d ${D}${systemd_unitdir}/system 98 rm -rf ${D}${nonarch_libdir}/tmpfiles.d
101 install -m 0644 ${B}/init.d/auditd.service ${D}${systemd_unitdir}/system/
102 install -m 0644 ${B}/init.d/audit-rules.service ${D}${systemd_unitdir}/system/
103 fi 99 fi
104 100
105 # Create /var/spool/audit directory for audisp-remote 101 # Create /var/spool/audit directory for audisp-remote
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-11-01 21:21:59 +0000