The util-linux has provided chfn and chsh since oe-core commit 804c6b5bd3d398d5ea2a45d6bcc23c76e328ea3f. Update the file context for them.
Signed-off-by: Yi Zhao <[email protected]> --- ...ge-update-file-context-for-chfn-chsh.patch | 34 +++++++++++++++++++ .../refpolicy/refpolicy_common.inc | 1 + 2 files changed, 35 insertions(+) create mode 100644 recipes-security/refpolicy/refpolicy/0091-fc-usermanage-update-file-context-for-chfn-chsh.patch diff --git a/recipes-security/refpolicy/refpolicy/0091-fc-usermanage-update-file-context-for-chfn-chsh.patch b/recipes-security/refpolicy/refpolicy/0091-fc-usermanage-update-file-context-for-chfn-chsh.patch new file mode 100644 index 0000000..370bc64 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy/0091-fc-usermanage-update-file-context-for-chfn-chsh.patch @@ -0,0 +1,34 @@ +From 311d4759340f2af1e1e157d571802e4367e0a46b Mon Sep 17 00:00:00 2001 +From: Yi Zhao <[email protected]> +Date: Mon, 2 Aug 2021 09:38:39 +0800 +Subject: [PATCH] fc/usermanage: update file context for chfn/chsh + +The util-linux has provided chfn and chsh since oe-core commit +804c6b5bd3d398d5ea2a45d6bcc23c76e328ea3f. Update the file context for +them. + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Yi Zhao <[email protected]> +--- + policy/modules/admin/usermanage.fc | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/policy/modules/admin/usermanage.fc b/policy/modules/admin/usermanage.fc +index 6a051f8a5..bf1ff09ab 100644 +--- a/policy/modules/admin/usermanage.fc ++++ b/policy/modules/admin/usermanage.fc +@@ -5,8 +5,10 @@ ifdef(`distro_debian',` + /usr/bin/chage -- gen_context(system_u:object_r:passwd_exec_t,s0) + /usr/bin/chfn -- gen_context(system_u:object_r:chfn_exec_t,s0) + /usr/bin/chfn\.shadow -- gen_context(system_u:object_r:chfn_exec_t,s0) ++/usr/bin/chfn\.util-linux -- gen_context(system_u:object_r:chfn_exec_t,s0) + /usr/bin/chsh -- gen_context(system_u:object_r:chfn_exec_t,s0) + /usr/bin/chsh\.shadow -- gen_context(system_u:object_r:chfn_exec_t,s0) ++/usr/bin/chsh\.util-linux -- gen_context(system_u:object_r:chfn_exec_t,s0) + /usr/bin/crack_[a-z]* -- gen_context(system_u:object_r:crack_exec_t,s0) + /usr/bin/cracklib-[a-z]* -- gen_context(system_u:object_r:crack_exec_t,s0) + /usr/bin/gpasswd -- gen_context(system_u:object_r:groupadd_exec_t,s0) +-- +2.17.1 + diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc index 6e460cb..1bacaa9 100644 --- a/recipes-security/refpolicy/refpolicy_common.inc +++ b/recipes-security/refpolicy/refpolicy_common.inc @@ -108,6 +108,7 @@ SRC_URI += " \ file://0088-policy-modules-services-bind-make-named_t-domain-MLS.patch \ file://0089-policy-modules-services-rpc-make-rpcd_t-MLS-trusted-.patch \ file://0090-policy-modules-system-systemd-make-_systemd_t-MLS-tr.patch \ + file://0091-fc-usermanage-update-file-context-for-chfn-chsh.patch \ " S = "${WORKDIR}/refpolicy" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#54299): https://lists.yoctoproject.org/g/yocto/message/54299 Mute This Topic: https://lists.yoctoproject.org/mt/84656913/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
