[yocto] [meta-selinux][master][kirkstone][PATCH 2/2] refpolicy: add file context for findfs alternative

Tue, 24 May 2022 08:53:22 -0700 

Add file context for findfs alternative which is provided by util-linux.

Signed-off-by: Yi Zhao <yi.z...@windriver.com>
---
 ...s-apply-policy-to-findfs-alternative.patch | 29 +++++++++++++++++++
 .../refpolicy/refpolicy_common.inc            |  1 +
 2 files changed, 30 insertions(+)
 create mode 100644 
recipes-security/refpolicy/refpolicy/0069-fc-fstools-apply-policy-to-findfs-alternative.patch

diff --git 
a/recipes-security/refpolicy/refpolicy/0069-fc-fstools-apply-policy-to-findfs-alternative.patch
 
b/recipes-security/refpolicy/refpolicy/0069-fc-fstools-apply-policy-to-findfs-alternative.patch
new file mode 100644
index 0000000..6535a4b
--- /dev/null
+++ 
b/recipes-security/refpolicy/refpolicy/0069-fc-fstools-apply-policy-to-findfs-alternative.patch
@@ -0,0 +1,29 @@
+From 3e3ec39659ae068d20efbb5f13054d90960c3c3f Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.z...@windriver.com>
+Date: Thu, 19 May 2022 16:51:49 +0800
+Subject: [PATCH] fc/fstools: apply policy to findfs alternative
+
+Add file context for findfs alternative which is provided by util-linux.
+
+Upstream-Status: Inappropriate [embedded specific]
+
+Signed-off-by: Yi Zhao <yi.z...@windriver.com>
+---
+ policy/modules/system/fstools.fc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/policy/modules/system/fstools.fc 
b/policy/modules/system/fstools.fc
+index bef711850..91be0ef3d 100644
+--- a/policy/modules/system/fstools.fc
++++ b/policy/modules/system/fstools.fc
+@@ -77,6 +77,7 @@
+ /usr/sbin/fdisk                       --      
gen_context(system_u:object_r:fsadm_exec_t,s0)
+ /usr/sbin/fdisk\.util-linux                   --      
gen_context(system_u:object_r:fsadm_exec_t,s0)
+ /usr/sbin/findfs              --      
gen_context(system_u:object_r:fsadm_exec_t,s0)
++/usr/sbin/findfs\.util-linux          --      
gen_context(system_u:object_r:fsadm_exec_t,s0)
+ /usr/sbin/fsck.*              --      
gen_context(system_u:object_r:fsadm_exec_t,s0)
+ /usr/sbin/gdisk                       --      
gen_context(system_u:object_r:fsadm_exec_t,s0)
+ /usr/sbin/hdparm              --      
gen_context(system_u:object_r:fsadm_exec_t,s0)
+-- 
+2.25.1
+
diff --git a/recipes-security/refpolicy/refpolicy_common.inc 
b/recipes-security/refpolicy/refpolicy_common.inc
index 1d5a5c0..bb0c0dd 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -84,6 +84,7 @@ SRC_URI += " \
         file://0066-systemd-add-missing-file-context-for-run-systemd-net.patch 
\
         file://0067-systemd-add-file-contexts-for-systemd-network-genera.patch 
\
         file://0068-systemd-udev-allow-udev-to-read-systemd-networkd-run.patch 
\
+        file://0069-fc-fstools-apply-policy-to-findfs-alternative.patch \
         "
 
 S = "${WORKDIR}/refpolicy"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#57180): https://lists.yoctoproject.org/g/yocto/message/57180
Mute This Topic: https://lists.yoctoproject.org/mt/91314013/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to