[[meta-selinux][PATCH] audit: Fix lack of a default audit.rules] On 14.04.04 (Fri 18:09) Mark Hatle wrote:
> Various components were failing, and upon investigation it was noted > that the audit.rules file referenced by the initscript wasn't available. > > There was however a copy under the rules.d directory. Investigating > the audit.spec file (which in the upstream source) showed that it was > expected that the version in the rules.d should be copied into > /etc/audit. It's expected that you'd actually generate the audit.rules file using augenrules, but this is a reasonable approximation of that. :-) > Do this and correct the systemd services file to use the same file. Also the right thing to do here. Merging. -J. > > Signed-off-by: Mark Hatle <mark.ha...@windriver.com> > --- > recipes-security/audit/audit/auditd.service | 2 +- > recipes-security/audit/audit_2.3.2.bb | 5 +++++ > 2 files changed, 6 insertions(+), 1 deletion(-) > > diff --git a/recipes-security/audit/audit/auditd.service > b/recipes-security/audit/audit/auditd.service > index 6daa056..adf4d3b 100644 > --- a/recipes-security/audit/audit/auditd.service > +++ b/recipes-security/audit/audit/auditd.service > @@ -14,7 +14,7 @@ ExecStart=/sbin/auditd -n > ## Then copy existing rules to /etc/audit/rules.d/ > ## Not doing this last step can cause loss of existing rules > #ExecStartPost=-/sbin/augenrules --load > -ExecStartPost=-/sbin/auditctl -R /etc/audit/rules.d/audit.rules > +ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules > ExecReload=/bin/kill -HUP $MAINPID > > [Install] > diff --git a/recipes-security/audit/audit_2.3.2.bb > b/recipes-security/audit/audit_2.3.2.bb > index 4a9c954..ae6556f 100644 > --- a/recipes-security/audit/audit_2.3.2.bb > +++ b/recipes-security/audit/audit_2.3.2.bb > @@ -67,6 +67,8 @@ FILES_${PN}-dbg += > "${libdir}/python${PYTHON_BASEVERSION}/*/.debug" > FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" > FILES_${PN}-dev += "${base_libdir}/*.so ${base_libdir}/*.la" > > +CONFFILES_auditd += "${sysconfdir}/audit/audit.rules" > + > do_install_append() { > rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a > rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la > @@ -91,4 +93,7 @@ do_install_append() { > > chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d > chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules > + > + # Based on the audit.spec "Copy default rules into place on new > installation" > + cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules > } -- -Joe MacDonald. :wq
signature.asc
Description: Digital signature
-- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto