From f238cc2cfe5423d806c874ae5456077e3e4f1112 Mon Sep 17 00:00:00 2001 From: Xin Ouyang Date: Tue, 19 Mar 2013 11:06:14 +0800 Subject: [PATCH] refpolicy: oe-core /var/log symlink policy for apache Signed-off-by: Xin Ouyang --- ...add-rules-for-var-log-symlink-apache.patch | 28 +++++++++++++++++++ .../refpolicy/refpolicy_2.20120725.inc | 1 + .../refpolicy/refpolicy_common.inc | 2 +- 3 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-add-rules-for-var-log-symlink-apache.patch diff --git a/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-add-rules-for-var-log-symlink-apache.patch b/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-add-rules-for-var-log-symlink-apache.patch new file mode 100644 index 0000000..91492c4 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy-2.20120725/poky-policy-add-rules-for-var-log-symlink-apache.patch @@ -0,0 +1,28 @@ +Subject: [PATCH] add rules for the symlink of /var/log - apache2 + +We have added rules for the symlink of /var/log in logging.if, +while apache.te uses /var/log but does not use the interfaces in +logging.if. So still need add a individual rule for apache.te. + +Upstream-Status: Inappropriate [only for Poky] + +Signed-off-by: Xin Ouyang +--- + policy/modules/contrib/apache.te | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te +index 1115d37..4c6316d 100644 +--- a/policy/modules/contrib/apache.te ++++ b/policy/modules/contrib/apache.te +@@ -310,6 +310,7 @@ create_files_pattern(httpd_t, httpd_log_t, httpd_log_t) + append_files_pattern(httpd_t, httpd_log_t, httpd_log_t) + read_files_pattern(httpd_t, httpd_log_t, httpd_log_t) + read_lnk_files_pattern(httpd_t, httpd_log_t, httpd_log_t) ++read_lnk_files_pattern(httpd_t, var_log_t, var_log_t) + # cjp: need to refine create interfaces to + # cut this back to add_name only + logging_log_filetrans(httpd_t, httpd_log_t, file) +-- +1.7.9.5 + diff --git a/recipes-security/refpolicy/refpolicy_2.20120725.inc b/recipes-security/refpolicy/refpolicy_2.20120725.inc index 7c01e89..5d1868d 100644 --- a/recipes-security/refpolicy/refpolicy_2.20120725.inc +++ b/recipes-security/refpolicy/refpolicy_2.20120725.inc @@ -35,6 +35,7 @@ SRC_URI += "file://poky-fc-subs_dist.patch \ # Specific policy for Poky SRC_URI += "file://poky-policy-add-syslogd_t-to-trusted-object.patch \ file://poky-policy-add-rules-for-var-log-symlink.patch \ + file://poky-policy-add-rules-for-var-log-symlink-apache.patch \ file://poky-policy-add-rules-for-var-cache-symlink.patch \ file://poky-policy-add-rules-for-tmp-symlink.patch \ file://poky-policy-add-rules-for-bsdpty_device_t.patch \ diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc index 4d31a7a..2c8891a 100644 --- a/recipes-security/refpolicy/refpolicy_common.inc +++ b/recipes-security/refpolicy/refpolicy_common.inc @@ -1,4 +1,4 @@ -PRINC = "3" +PRINC = "4" SECTION = "base" LICENSE = "GPLv2"