Re: [yocto] [meta-selinux][PATCH] audit: Fix lack of a default audit.rules

Joe MacDonald Mon, 07 Apr 2014 06:56:07 -0700

[[meta-selinux][PATCH] audit: Fix lack of a default audit.rules] On 14.04.04 
(Fri 18:09) Mark Hatle wrote:


> Various components were failing, and upon investigation it was noted
> that the audit.rules file referenced by the initscript wasn't available.
> 
> There was however a copy under the rules.d directory.  Investigating
> the audit.spec file (which in the upstream source) showed that it was
> expected that the version in the rules.d should be copied into
> /etc/audit.

It's expected that you'd actually generate the audit.rules file using
augenrules, but this is a reasonable approximation of that.  :-)

> Do this and correct the systemd services file to use the same file.

Also the right thing to do here.

Merging.
-J.

> 
> Signed-off-by: Mark Hatle <mark.ha...@windriver.com>
> ---
>  recipes-security/audit/audit/auditd.service | 2 +-
>  recipes-security/audit/audit_2.3.2.bb       | 5 +++++
>  2 files changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/recipes-security/audit/audit/auditd.service 
> b/recipes-security/audit/audit/auditd.service
> index 6daa056..adf4d3b 100644
> --- a/recipes-security/audit/audit/auditd.service
> +++ b/recipes-security/audit/audit/auditd.service
> @@ -14,7 +14,7 @@ ExecStart=/sbin/auditd -n
>  ## Then copy existing rules to /etc/audit/rules.d/
>  ## Not doing this last step can cause loss of existing rules
>  #ExecStartPost=-/sbin/augenrules --load
> -ExecStartPost=-/sbin/auditctl -R /etc/audit/rules.d/audit.rules
> +ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
>  ExecReload=/bin/kill -HUP $MAINPID
>  
>  [Install]
> diff --git a/recipes-security/audit/audit_2.3.2.bb 
> b/recipes-security/audit/audit_2.3.2.bb
> index 4a9c954..ae6556f 100644
> --- a/recipes-security/audit/audit_2.3.2.bb
> +++ b/recipes-security/audit/audit_2.3.2.bb
> @@ -67,6 +67,8 @@ FILES_${PN}-dbg += 
> "${libdir}/python${PYTHON_BASEVERSION}/*/.debug"
>  FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
>  FILES_${PN}-dev += "${base_libdir}/*.so ${base_libdir}/*.la"
>  
> +CONFFILES_auditd += "${sysconfdir}/audit/audit.rules"
> +
>  do_install_append() {
>       rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a
>       rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la
> @@ -91,4 +93,7 @@ do_install_append() {
>  
>       chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d
>       chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules
> +
> +     # Based on the audit.spec "Copy default rules into place on new 
> installation"
> +     cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules
>  }
-- 
-Joe MacDonald.
:wq

signature.asc
Description: Digital signature

-- 
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-selinux][PATCH] audit: Fix lack of a default audit.rules

Reply via email to