summaryrefslogtreecommitdiffstats
path: root/meta-security/recipes-core/smack-system-setup/files
diff options
context:
space:
mode:
Diffstat (limited to 'meta-security/recipes-core/smack-system-setup/files')
-rw-r--r--meta-security/recipes-core/smack-system-setup/files/55-udev-smack-default.rules27
-rw-r--r--meta-security/recipes-core/smack-system-setup/files/systemd-journald.service.conf16
-rw-r--r--meta-security/recipes-core/smack-system-setup/files/systemd-tmpfiles-setup.service.conf2
-rw-r--r--meta-security/recipes-core/smack-system-setup/files/tmp.mount.conf12
4 files changed, 0 insertions, 57 deletions
diff --git a/meta-security/recipes-core/smack-system-setup/files/55-udev-smack-default.rules b/meta-security/recipes-core/smack-system-setup/files/55-udev-smack-default.rules
deleted file mode 100644
index eca65292f..000000000
--- a/meta-security/recipes-core/smack-system-setup/files/55-udev-smack-default.rules
+++ /dev/null
@@ -1,27 +0,0 @@
-# do not edit this file, it will be overwritten on update
-
-KERNEL=="null", SECLABEL{smack}="*"
-KERNEL=="zero", SECLABEL{smack}="*"
-KERNEL=="console", SECLABEL{smack}="*"
-KERNEL=="kmsg", SECLABEL{smack}="*"
-KERNEL=="video*", SECLABEL{smack}="*"
-KERNEL=="card*", SECLABEL{smack}="*"
-KERNEL=="ptmx", SECLABEL{smack}="*"
-KERNEL=="tty", SECLABEL{smack}="*"
-KERNEL=="rfkill", SECLABEL{smack}="*"
-
-SUBSYSTEM=="most_cdev_aim", SECLABEL{smack}="*"
-
-SUBSYSTEM=="graphics", GROUP="video", SECLABEL{smack}="*"
-SUBSYSTEM=="drm", GROUP="video", SECLABEL{smack}="*"
-SUBSYSTEM=="dvb", GROUP="video", SECLABEL{smack}="*"
-SUBSYSTEM=="sound", GROUP="audio", SECLABEL{smack}="*"
-
-SUBSYSTEM=="tty", KERNEL=="ptmx", GROUP="tty", MODE="0666", SECLABEL{smack}="*"
-SUBSYSTEM=="tty", KERNEL=="tty", GROUP="tty", MODE="0666", SECLABEL{smack}="*"
-SUBSYSTEM=="tty", KERNEL=="tty[0-9]*", GROUP="tty", MODE="0620", SECLABEL{smack}="*"
-SUBSYSTEM=="vc", KERNEL=="vcs*|vcsa*", GROUP="tty", SECLABEL{smack}="*"
-KERNEL=="tty[A-Z]*[0-9]|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", GROUP="dialout", SECLABEL{smack}="*"
-
-SUBSYSTEM=="input", KERNEL=="mouse*|mice|event*", MODE="0640", SECLABEL{smack}="*"
-SUBSYSTEM=="input", KERNEL=="ts[0-9]*|uinput", MODE="0640", SECLABEL{smack}="*"
diff --git a/meta-security/recipes-core/smack-system-setup/files/systemd-journald.service.conf b/meta-security/recipes-core/smack-system-setup/files/systemd-journald.service.conf
deleted file mode 100644
index 7035a1410..000000000
--- a/meta-security/recipes-core/smack-system-setup/files/systemd-journald.service.conf
+++ /dev/null
@@ -1,16 +0,0 @@
-# Run systemd-journald with the hat ("^") Smack label.
-#
-# The journal daemon needs global read access to gather information
-# about the services spawned by systemd. The hat label is intended
-# for this purpose. The journal daemon is the only part of the
-# System domain that needs read access to the User domain. Giving
-# the journal daemon the hat label means that we can remove the
-# System domain's read access to the User domain and we can avoid
-# hard-coding a specific label name for that domain.
-#
-# Original author: Casey Schaufler <casey@schaufler-ca.com>
-#
-# This is considered a configuration change and thus distro specific.
-[Service]
-SmackProcessLabel=^
-
diff --git a/meta-security/recipes-core/smack-system-setup/files/systemd-tmpfiles-setup.service.conf b/meta-security/recipes-core/smack-system-setup/files/systemd-tmpfiles-setup.service.conf
deleted file mode 100644
index db43c8c51..000000000
--- a/meta-security/recipes-core/smack-system-setup/files/systemd-tmpfiles-setup.service.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-[Service]
-ExecStartPost=/bin/sh -c '([ ! -d /var/tmp ] || chsmack -L -a \"*\" /var/tmp) && ([ ! -d /var/log ] || chsmack -L -a System::Log /var/log && chsmack -L -t /var/log)'
diff --git a/meta-security/recipes-core/smack-system-setup/files/tmp.mount.conf b/meta-security/recipes-core/smack-system-setup/files/tmp.mount.conf
deleted file mode 100644
index 388986e82..000000000
--- a/meta-security/recipes-core/smack-system-setup/files/tmp.mount.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-# Mount /tmp publicly accessable. Based on patch by Michael Demeter <michael.demeter@intel.com>.
-# Upstream systemd temporarily had SmackFileSystemRoot for this (https://github.com/systemd/systemd/pull/1664),
-# but it was removed again (https://github.com/systemd/systemd/issues/1696) because
-# util-linux mount will ignore smackfsroot when Smack is not active. However,
-# busybox is not that intelligent.
-#
-# When using busybox mount, adding smackfsroot=* and booting without
-# Smack (i.e. security=none), tmp.mount will fail with an error about
-# "Bad mount option smackfsroot".
-[Mount]
-Options=smackfsroot=*
-