diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy-2.20190201/0003-fc-sysklogd-apply-policy-to-sysklogd-symlink.patch')
| -rw-r--r-- | recipes-security/refpolicy/refpolicy-2.20190201/0003-fc-sysklogd-apply-policy-to-sysklogd-symlink.patch | 57 |
1 files changed, 0 insertions, 57 deletions
diff --git a/recipes-security/refpolicy/refpolicy-2.20190201/0003-fc-sysklogd-apply-policy-to-sysklogd-symlink.patch b/recipes-security/refpolicy/refpolicy-2.20190201/0003-fc-sysklogd-apply-policy-to-sysklogd-symlink.patch deleted file mode 100644 index ad94252..0000000 --- a/recipes-security/refpolicy/refpolicy-2.20190201/0003-fc-sysklogd-apply-policy-to-sysklogd-symlink.patch +++ /dev/null @@ -1,57 +0,0 @@ -From fdbd4461bbd6ce8a7f2b2702f7801ed07c41d5a9 Mon Sep 17 00:00:00 2001 -From: Xin Ouyang <Xin.Ouyang@windriver.com> -Date: Thu, 22 Aug 2013 13:39:41 +0800 -Subject: [PATCH 03/34] fc/sysklogd: apply policy to sysklogd symlink - -/etc/syslog.conf is a symlink to /etc/syslog.conf.sysklogd, so a allow -rule for syslogd_t to read syslog_conf_t lnk_file is needed. - -Upstream-Status: Inappropriate [only for Poky] - -Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com> -Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> ---- - policy/modules/system/logging.fc | 3 +++ - policy/modules/system/logging.te | 1 + - 2 files changed, 4 insertions(+) - -diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc -index 6693d87b..0cf108e0 100644 ---- a/policy/modules/system/logging.fc -+++ b/policy/modules/system/logging.fc -@@ -2,6 +2,7 @@ - - /etc/rsyslog\.conf -- gen_context(system_u:object_r:syslog_conf_t,s0) - /etc/syslog\.conf -- gen_context(system_u:object_r:syslog_conf_t,s0) -+/etc/syslog\.conf\.sysklogd gen_context(system_u:object_r:syslog_conf_t,s0) - /etc/rsyslog\.d(/.*)? gen_context(system_u:object_r:syslog_conf_t,s0) - /etc/audit(/.*)? gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh) - /etc/systemd/journal.*\.conf -- gen_context(system_u:object_r:syslog_conf_t,s0) -@@ -32,10 +33,12 @@ - /usr/sbin/auditctl -- gen_context(system_u:object_r:auditctl_exec_t,s0) - /usr/sbin/auditd -- gen_context(system_u:object_r:auditd_exec_t,s0) - /usr/sbin/klogd -- gen_context(system_u:object_r:klogd_exec_t,s0) -+/usr/sbin/klogd\.sysklogd -- gen_context(system_u:object_r:klogd_exec_t,s0) - /usr/sbin/metalog -- gen_context(system_u:object_r:syslogd_exec_t,s0) - /usr/sbin/minilogd -- gen_context(system_u:object_r:syslogd_exec_t,s0) - /usr/sbin/rklogd -- gen_context(system_u:object_r:klogd_exec_t,s0) - /usr/sbin/rsyslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0) -+/usr/sbin/syslogd\.sysklogd -- gen_context(system_u:object_r:syslogd_exec_t,s0) - /usr/sbin/syslog-ng -- gen_context(system_u:object_r:syslogd_exec_t,s0) - /usr/sbin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0) - -diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te -index adc628f8..07ed546d 100644 ---- a/policy/modules/system/logging.te -+++ b/policy/modules/system/logging.te -@@ -399,6 +399,7 @@ allow syslogd_t self:udp_socket create_socket_perms; - allow syslogd_t self:tcp_socket create_stream_socket_perms; - - allow syslogd_t syslog_conf_t:file read_file_perms; -+allow syslogd_t syslog_conf_t:lnk_file read_file_perms; - allow syslogd_t syslog_conf_t:dir list_dir_perms; - - # Create and bind to /dev/log or /var/run/log. --- -2.19.1 - |