diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0001-fc-subs-volatile-alias-common-var-volatile-paths.patch')
| -rw-r--r-- | recipes-security/refpolicy/refpolicy/0001-fc-subs-volatile-alias-common-var-volatile-paths.patch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0001-fc-subs-volatile-alias-common-var-volatile-paths.patch b/recipes-security/refpolicy/refpolicy/0001-fc-subs-volatile-alias-common-var-volatile-paths.patch new file mode 100644 index 0000000..59169cb --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0001-fc-subs-volatile-alias-common-var-volatile-paths.patch @@ -0,0 +1,33 @@ +From 9fdb576862d6a373b4a50e149fcfd4571e01dd1a Mon Sep 17 00:00:00 2001 +From: Joe MacDonald <joe_macdonald@mentor.com> +Date: Thu, 28 Mar 2019 16:14:09 -0400 +Subject: [PATCH] fc/subs/volatile: alias common /var/volatile paths + +Ensure /var/volatile paths get the appropriate base file context. + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com> +Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + config/file_contexts.subs_dist | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/config/file_contexts.subs_dist b/config/file_contexts.subs_dist +index ba22ce7e7..23d4328f7 100644 +--- a/config/file_contexts.subs_dist ++++ b/config/file_contexts.subs_dist +@@ -33,3 +33,9 @@ + # not for refpolicy intern, but for /var/run using applications, + # like systemd tmpfiles or systemd socket configurations + /var/run /run ++ ++# volatile aliases ++# ensure the policy applied to the base filesystem objects are reflected in the ++# volatile hierarchy. ++/var/volatile/log /var/log ++/var/volatile/tmp /var/tmp +-- +2.25.1 + |