From: Roy Li <rongqing...@windriver.com> Signed-off-by: Roy Li <rongqing...@windriver.com> --- .../audit/fix-auditd.conf-file-s-permission.patch | 41 ++++++++++++++++++++ recipes-security/audit/audit_2.3.2.bb | 4 +- 2 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
diff --git a/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch b/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch new file mode 100644 index 0000000..be3412b --- /dev/null +++ b/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch @@ -0,0 +1,41 @@ +From abeb7f0e35a4e77e914fea34ddaf8b30b51e49e3 Mon Sep 17 00:00:00 2001 +From: Roy Li <rongqing...@windriver.com> +Date: Thu, 20 Feb 2014 20:38:31 +0800 +Subject: [PATCH] fix auditd.conf file and path permission + +Upstream-Status: Pending + +A ordinary use should not to access auditd configuration files + +Signed-off-by: Roy Li <rongqing...@windriver.com> +--- + init.d/Makefile.am | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/init.d/Makefile.am b/init.d/Makefile.am +index 521dd1d..50728bc 100644 +--- a/init.d/Makefile.am ++++ b/init.d/Makefile.am +@@ -37,13 +37,17 @@ endif + + auditdir = $(sysconfdir)/audit + auditrdir = $(auditdir)/rules.d +-dist_audit_DATA = auditd.conf +-dist_auditr_DATA = audit.rules ++auditconfig = auditd.conf ++auditrconfig = audit.rules + sbin_SCRIPTS = augenrules + + install-data-hook: + $(INSTALL_DATA) -D -m 640 ${srcdir}/${dispconfig} ${DESTDIR}${dispconfigdir} + $(INSTALL_DATA) -D -m 640 ${srcdir}/${libconfig} ${DESTDIR}${sysconfdir} ++ $(INSTALL_DATA) -d -m 750 ${DESTDIR}${auditdir} ++ $(INSTALL_DATA) -d -m 750 ${DESTDIR}${auditrdir} ++ $(INSTALL_DATA) -m 640 ${srcdir}/${auditconfig} ${DESTDIR}${auditdir} ++ $(INSTALL_DATA) -m 640 ${srcdir}/${auditrconfig} ${DESTDIR}${auditrdir} + if ENABLE_SYSTEMD + else + $(INSTALL_DATA) -D -m 640 ${srcdir}/auditd.sysconfig ${DESTDIR}${sysconfigdir}/auditd +-- +1.7.10.4 + diff --git a/recipes-security/audit/audit_2.3.2.bb b/recipes-security/audit/audit_2.3.2.bb index edcb881..6e376f8 100644 --- a/recipes-security/audit/audit_2.3.2.bb +++ b/recipes-security/audit/audit_2.3.2.bb @@ -14,7 +14,9 @@ SRC_URI = "http://people.redhat.com/sgrubb/audit/audit-${PV}.tar.gz \ file://audit-python-configure.patch \ file://audit-for-cross-compiling.patch \ file://auditd \ - file://fix-swig-host-contamination.patch" + file://fix-swig-host-contamination.patch \ + file://fix-auditd.conf-file-s-permission.patch \ +" inherit autotools pythonnative update-rc.d -- 1.7.10.4 _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto