diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0002-refpolicy-minimum-make-xdg-module-optional.patch')
-rw-r--r-- | recipes-security/refpolicy/refpolicy/0002-refpolicy-minimum-make-xdg-module-optional.patch | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0002-refpolicy-minimum-make-xdg-module-optional.patch b/recipes-security/refpolicy/refpolicy/0002-refpolicy-minimum-make-xdg-module-optional.patch new file mode 100644 index 0000000..cc8c0b7 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0002-refpolicy-minimum-make-xdg-module-optional.patch @@ -0,0 +1,40 @@ +From 39b825d24a34864c3d9bae684b083a9b656f641a Mon Sep 17 00:00:00 2001 +From: Yi Zhao <yi.zhao@windriver.com> +Date: Wed, 29 Sep 2021 11:08:49 +0800 +Subject: [PATCH] refpolicy-minimum: make xdg module optional + +The systemd module invokes xdg_config_content and xdg_data_content +interfaces which are from xdg module. Since xdg is not a core module, we +could make it optional in minimum policy. + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + policy/modules/system/systemd.te | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te +index a0e6bb405..b1fc414ea 100644 +--- a/policy/modules/system/systemd.te ++++ b/policy/modules/system/systemd.te +@@ -313,10 +313,14 @@ init_unit_file(systemd_user_manager_unit_t) + + type systemd_conf_home_t; + init_unit_file(systemd_conf_home_t) +-xdg_config_content(systemd_conf_home_t) ++optional_policy(` ++ xdg_config_content(systemd_conf_home_t) ++') + + type systemd_data_home_t; +-xdg_data_content(systemd_data_home_t) ++optional_policy(` ++ xdg_data_content(systemd_data_home_t) ++') + + type systemd_user_runtime_notify_t; + userdom_user_runtime_content(systemd_user_runtime_notify_t) +-- +2.25.1 + |