[meta-selinux] refpolicy: update file context for ifconfig

Submitted by Yi Zhao on Aug. 6, 2020, 5:02 a.m. | Patch ID: 175074

Details

Message ID 20200806050206.32003-1-yi.zhao@windriver.com
State New
Headers show

Commit Message

Yi Zhao Aug. 6, 2020, 5:02 a.m.
The ifconfig was moved from sbin to bin with oe-core commit:
c9caff40ff61c08e24a84922f8d7c8e9cdf8883e. Update the file context for
it.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 ...ork-update-file-context-for-ifconfig.patch | 31 +++++++++++++++++++
 .../refpolicy/refpolicy_common.inc            |  1 +
 2 files changed, 32 insertions(+)
 create mode 100644 recipes-security/refpolicy/refpolicy/0081-fc-sysnetwork-update-file-context-for-ifconfig.patch

Patch hide | download patch | download mbox

diff --git a/recipes-security/refpolicy/refpolicy/0081-fc-sysnetwork-update-file-context-for-ifconfig.patch b/recipes-security/refpolicy/refpolicy/0081-fc-sysnetwork-update-file-context-for-ifconfig.patch
new file mode 100644
index 0000000..eaecf40
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0081-fc-sysnetwork-update-file-context-for-ifconfig.patch
@@ -0,0 +1,31 @@ 
+From e6b303444988717c725a71db7b21417839321463 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Tue, 4 Aug 2020 16:48:12 +0800
+Subject: [PATCH] fc/sysnetwork: update file context for ifconfig
+
+The ifconfig was moved from sbin to bin with oe-core commit:
+c9caff40ff61c08e24a84922f8d7c8e9cdf8883e. Update the file context for
+it.
+
+Upstream-Status: Inappropriate [embedded specific]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ policy/modules/system/sysnetwork.fc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc
+index d8902d725..9ec4eefb7 100644
+--- a/policy/modules/system/sysnetwork.fc
++++ b/policy/modules/system/sysnetwork.fc
+@@ -43,6 +43,7 @@ ifdef(`distro_redhat',`
+ /usr/bin/dhcpcd		        --	gen_context(system_u:object_r:dhcpc_exec_t,s0)
+ /usr/bin/ethtool		    --	gen_context(system_u:object_r:ifconfig_exec_t,s0)
+ /usr/bin/ifconfig		    --	gen_context(system_u:object_r:ifconfig_exec_t,s0)
++/usr/bin/ifconfig\.net-tools		--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
+ /usr/bin/ip			        --	gen_context(system_u:object_r:ifconfig_exec_t,s0)
+ /usr/bin/ipx_configure		--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
+ /usr/bin/ipx_interface		--	gen_context(system_u:object_r:ifconfig_exec_t,s0)
+-- 
+2.17.1
+
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index 46cbfa3..6600af5 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -98,6 +98,7 @@  SRC_URI += " \
         file://0078-policy-modules-system-systemd-systemd-gpt-auto-gener.patch \
         file://0079-policy-modules-services-ntp-make-nptd_t-MLS-trusted-.patch \
         file://0080-policy-modules-services-avahi-make-avahi_t-MLS-trust.patch \
+        file://0081-fc-sysnetwork-update-file-context-for-ifconfig.patch \
         "
 
 S = "${WORKDIR}/refpolicy"