From: Wenzong Fan <wenzong....@windriver.com> Update patch to fix build error with systemd:
* replace below statements with 'init_dbus_chat(initrc_t)': allow initrc_t init_t:dbus send_msg; allow init_t initrc_t:dbus send_msg; * declare class 'dbus' and 'acquire_svc' for: allow init_t initrc_t:dbus { acquire_svc }; This fixes build errors: | policy/modules/system/init.te:1120:ERROR 'class dbus is not within scope' at token ';' on line 40246: | allow initrc_t init_t:dbus send_msg; | allow init_t initrc_t:dbus { send_msg acquire_svc }; Signed-off-by: Wenzong Fan <wenzong....@windriver.com> --- ...07-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/recipes-security/refpolicy/refpolicy-minimum/0007-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch b/recipes-security/refpolicy/refpolicy-minimum/0007-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch index 50e3c64..a4084d7 100644 --- a/recipes-security/refpolicy/refpolicy-minimum/0007-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch +++ b/recipes-security/refpolicy/refpolicy-minimum/0007-refpolicy-minimum-systemd-fix-for-login-journal-serv.patch @@ -49,15 +49,18 @@ diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index 19a7a20..cefa59d 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te -@@ -1105,3 +1105,8 @@ allow init_t self:capability2 audit_read; +@@ -1105,3 +1105,11 @@ allow init_t self:capability2 audit_read; allow initrc_t init_t:system { start status reboot }; allow initrc_t init_var_run_t:service { start status }; + +allow initrc_t init_var_run_t:service stop; -+allow initrc_t init_t:dbus send_msg; ++init_dbus_chat(initrc_t) + -+allow init_t initrc_t:dbus { send_msg acquire_svc }; ++gen_require(` ++ class dbus acquire_svc; ++') ++allow init_t initrc_t:dbus { acquire_svc }; diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te index 09ec33f..be25c82 100644 --- a/policy/modules/system/locallogin.te -- 2.13.0 -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto