[yocto] [meta-selinux][PATCH] audit: Fix lack of a default audit.rules

Fri, 04 Apr 2014 16:11:17 -0700 

Various components were failing, and upon investigation it was noted
that the audit.rules file referenced by the initscript wasn't available.

There was however a copy under the rules.d directory.  Investigating
the audit.spec file (which in the upstream source) showed that it was
expected that the version in the rules.d should be copied into
/etc/audit.

Do this and correct the systemd services file to use the same file.

Signed-off-by: Mark Hatle <mark.ha...@windriver.com>
---
 recipes-security/audit/audit/auditd.service | 2 +-
 recipes-security/audit/audit_2.3.2.bb       | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/recipes-security/audit/audit/auditd.service 
b/recipes-security/audit/audit/auditd.service
index 6daa056..adf4d3b 100644
--- a/recipes-security/audit/audit/auditd.service
+++ b/recipes-security/audit/audit/auditd.service
@@ -14,7 +14,7 @@ ExecStart=/sbin/auditd -n
 ## Then copy existing rules to /etc/audit/rules.d/
 ## Not doing this last step can cause loss of existing rules
 #ExecStartPost=-/sbin/augenrules --load
-ExecStartPost=-/sbin/auditctl -R /etc/audit/rules.d/audit.rules
+ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
 ExecReload=/bin/kill -HUP $MAINPID
 
 [Install]
diff --git a/recipes-security/audit/audit_2.3.2.bb 
b/recipes-security/audit/audit_2.3.2.bb
index 4a9c954..ae6556f 100644
--- a/recipes-security/audit/audit_2.3.2.bb
+++ b/recipes-security/audit/audit_2.3.2.bb
@@ -67,6 +67,8 @@ FILES_${PN}-dbg += 
"${libdir}/python${PYTHON_BASEVERSION}/*/.debug"
 FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
 FILES_${PN}-dev += "${base_libdir}/*.so ${base_libdir}/*.la"
 
+CONFFILES_auditd += "${sysconfdir}/audit/audit.rules"
+
 do_install_append() {
        rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a
        rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la
@@ -91,4 +93,7 @@ do_install_append() {
 
        chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d
        chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules
+
+       # Based on the audit.spec "Copy default rules into place on new 
installation"
+       cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules
 }
-- 
1.8.5.3

-- 
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Reply via email to