于 14-2-21 下午3:42, Rongqing Li 写道:


On 02/21/2014 01:53 PM, Pascal Ouyang wrote:
于 14-2-20 下午8:59, rongqing...@windriver.com 写道:
From: Roy Li <rongqing...@windriver.com>

Signed-off-by: Roy Li <rongqing...@windriver.com>
---
  .../audit/fix-auditd.conf-file-s-permission.patch  |   41
++++++++++++++++++++
  recipes-security/audit/audit_2.3.2.bb              |    4 +-
  2 files changed, 44 insertions(+), 1 deletion(-)
  create mode 100644
recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch

diff --git
a/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
b/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
new file mode 100644
index 0000000..be3412b
--- /dev/null
+++
b/recipes-security/audit/audit/fix-auditd.conf-file-s-permission.patch
@@ -0,0 +1,41 @@
+From abeb7f0e35a4e77e914fea34ddaf8b30b51e49e3 Mon Sep 17 00:00:00 2001
+From: Roy Li <rongqing...@windriver.com>
+Date: Thu, 20 Feb 2014 20:38:31 +0800
+Subject: [PATCH] fix auditd.conf file and path permission
+
+Upstream-Status: Pending
+
+A ordinary use should not to access auditd configuration files
+
+Signed-off-by: Roy Li <rongqing...@windriver.com>
+---
+ init.d/Makefile.am |    8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/init.d/Makefile.am b/init.d/Makefile.am
+index 521dd1d..50728bc 100644
+--- a/init.d/Makefile.am
++++ b/init.d/Makefile.am
+@@ -37,13 +37,17 @@ endif
+
+ auditdir = $(sysconfdir)/audit
+ auditrdir = $(auditdir)/rules.d
+-dist_audit_DATA = auditd.conf
+-dist_auditr_DATA = audit.rules
++auditconfig = auditd.conf
++auditrconfig = audit.rules
+ sbin_SCRIPTS = augenrules
+
+ install-data-hook:
+     $(INSTALL_DATA) -D -m 640 ${srcdir}/${dispconfig}
${DESTDIR}${dispconfigdir}
+     $(INSTALL_DATA) -D -m 640 ${srcdir}/${libconfig}
${DESTDIR}${sysconfdir}
++    $(INSTALL_DATA) -d -m 750 ${DESTDIR}${auditdir}
++    $(INSTALL_DATA) -d -m 750 ${DESTDIR}${auditrdir}
++    $(INSTALL_DATA) -m 640 ${srcdir}/${auditconfig}
${DESTDIR}${auditdir}
++    $(INSTALL_DATA) -m 640 ${srcdir}/${auditrconfig}
${DESTDIR}${auditrdir}
+ if ENABLE_SYSTEMD
+ else
+     $(INSTALL_DATA) -D -m 640 ${srcdir}/auditd.sysconfig
${DESTDIR}${sysconfigdir}/auditd
+--
+1.7.10.4
+
diff --git a/recipes-security/audit/audit_2.3.2.bb
b/recipes-security/audit/audit_2.3.2.bb
index edcb881..6e376f8 100644
--- a/recipes-security/audit/audit_2.3.2.bb
+++ b/recipes-security/audit/audit_2.3.2.bb
@@ -14,7 +14,9 @@ SRC_URI =
"http://people.redhat.com/sgrubb/audit/audit-${PV}.tar.gz \
         file://audit-python-configure.patch \
         file://audit-for-cross-compiling.patch \
         file://auditd \
-       file://fix-swig-host-contamination.patch"
+       file://fix-swig-host-contamination.patch \
+       file://fix-auditd.conf-file-s-permission.patch \
+"

  inherit autotools pythonnative update-rc.d



chmod in do_install is enough, please do not use a patch.


Why ?

-Roy

Thanks. :)



Because more patches need more maintain work. It is not unnecessary if simple bb modify also work.

Thanks. :)

--
- Pascal
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Reply via email to