Merged, thanks. -J. [[yocto] [meta-selinux][PATCH] audit: Enable ARM System Call Audit in user space.] On 14.04.24 (Thu 16:34) Kai Kang wrote:
> From: Han Chao <c...@windriver.com> > > Audit System Call needs kernel and user space support. > > In user space it needs system call table for ARM. It also needs a > configure option --with-armeb for build audit. Audit system call also > needs enable kernel config CONFIG_AUDITSYSCALL. > > Signed-off-by: Han Chao <c...@windriver.com> > Signed-off-by: Kai Kang <kai.k...@windriver.com> > --- > .../audit/add-system-call-table-for-ARM.patch | 46 > ++++++++++++++++++++++ > recipes-security/audit/audit_2.3.2.bb | 2 + > 2 files changed, 48 insertions(+) > create mode 100644 > recipes-security/audit/audit/add-system-call-table-for-ARM.patch > > diff --git a/recipes-security/audit/audit/add-system-call-table-for-ARM.patch > b/recipes-security/audit/audit/add-system-call-table-for-ARM.patch > new file mode 100644 > index 0000000..ad94d11 > --- /dev/null > +++ b/recipes-security/audit/audit/add-system-call-table-for-ARM.patch > @@ -0,0 +1,46 @@ > +From 52ff74be2f01182ed9d4fcc3da059512fad63d72 Mon Sep 17 00:00:00 2001 > +From: Han Chao <c...@windriver.com> > +Date: Thu, 27 Feb 2014 14:58:57 +0800 > +Subject: [PATCH] add system call table for ARM. > + > +This change enable audit system call on ARM. > +Add arm System call table on machinetabs.h. > +Audit system call need enable kernel config CONFIG_AUDITSYSCALL. > + > +Signed-off-by: Han Chao <c...@windriver.com> > +--- > + lib/machinetabs.h | 11 ++++++----- > + 1 file changed, 6 insertions(+), 5 deletions(-) > + > +diff --git a/lib/machinetabs.h b/lib/machinetabs.h > +index ec2d033..1c2e284 100644 > +--- a/lib/machinetabs.h > ++++ b/lib/machinetabs.h > +@@ -1,10 +1,11 @@ > +-/* This is a generated file, see Makefile.am for its inputs. */ > +-static const char machine_strings[] = > "i386\0i486\0i586\0i686\0ia64\0ppc\0ppc64\0s390\0s390x\0x86_64"; > ++/* Such is aways generated file, see Makefile.am for its inputs. > ++ * But this version is not generated file, which is for ARM. */ > ++static const char machine_strings[] = > "armeb\0armv5tejl\0armv5tel\0armv6l\0armv7l"; > + static const unsigned machine_s2i_s[] = { > +- 0,5,10,15,20,25,29,35,40,46, > ++ 0,6,16,25,32, > + }; > + static const int machine_s2i_i[] = { > +- 0,0,0,0,2,4,3,6,5,1, > ++ 8,8,8,8,8, > + }; > + static int machine_s2i(const char *s, int *value) { > + size_t len, i; > +@@ -19,7 +20,7 @@ static int machine_s2i(const char *s, int *value) { > + } > + } > + static const unsigned machine_i2s_direct[] = { > +- 0,46,20,29,25,40,35, > ++ 39,85,59,68,64, > + }; > + static const char *machine_i2s(int v) { > + return i2s_direct__(machine_strings, machine_i2s_direct, 0, 6, v); > +-- > +1.7.9.5 > + > diff --git a/recipes-security/audit/audit_2.3.2.bb > b/recipes-security/audit/audit_2.3.2.bb > index ae6556f..4baf7a0 100644 > --- a/recipes-security/audit/audit_2.3.2.bb > +++ b/recipes-security/audit/audit_2.3.2.bb > @@ -18,6 +18,7 @@ SRC_URI = > "http://people.redhat.com/sgrubb/audit/audit-${PV}.tar.gz \ > file://auditd.service \ > file://audit-volatile.conf \ > " > +SRC_URI_append_arm = "file://add-system-call-table-for-ARM.patch" > > inherit autotools pythonnative update-rc.d systemd > > @@ -41,6 +42,7 @@ EXTRA_OECONF += "--without-prelude \ > --libdir=${base_libdir} \ > --sbindir=${base_sbindir} \ > " > +EXTRA_OECONF_append_arm = " --with-armeb=yes" > > EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' \ > PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \ > -- > 1.8.4 > -- -Joe MacDonald. :wq
signature.asc
Description: Digital signature
-- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto