diff options
Diffstat (limited to 'meta-security/recipes-core/smack-system-setup/files')
4 files changed, 0 insertions, 57 deletions
diff --git a/meta-security/recipes-core/smack-system-setup/files/55-udev-smack-default.rules b/meta-security/recipes-core/smack-system-setup/files/55-udev-smack-default.rules deleted file mode 100644 index eca65292f..000000000 --- a/meta-security/recipes-core/smack-system-setup/files/55-udev-smack-default.rules +++ /dev/null @@ -1,27 +0,0 @@ -# do not edit this file, it will be overwritten on update - -KERNEL=="null", SECLABEL{smack}="*" -KERNEL=="zero", SECLABEL{smack}="*" -KERNEL=="console", SECLABEL{smack}="*" -KERNEL=="kmsg", SECLABEL{smack}="*" -KERNEL=="video*", SECLABEL{smack}="*" -KERNEL=="card*", SECLABEL{smack}="*" -KERNEL=="ptmx", SECLABEL{smack}="*" -KERNEL=="tty", SECLABEL{smack}="*" -KERNEL=="rfkill", SECLABEL{smack}="*" - -SUBSYSTEM=="most_cdev_aim", SECLABEL{smack}="*" - -SUBSYSTEM=="graphics", GROUP="video", SECLABEL{smack}="*" -SUBSYSTEM=="drm", GROUP="video", SECLABEL{smack}="*" -SUBSYSTEM=="dvb", GROUP="video", SECLABEL{smack}="*" -SUBSYSTEM=="sound", GROUP="audio", SECLABEL{smack}="*" - -SUBSYSTEM=="tty", KERNEL=="ptmx", GROUP="tty", MODE="0666", SECLABEL{smack}="*" -SUBSYSTEM=="tty", KERNEL=="tty", GROUP="tty", MODE="0666", SECLABEL{smack}="*" -SUBSYSTEM=="tty", KERNEL=="tty[0-9]*", GROUP="tty", MODE="0620", SECLABEL{smack}="*" -SUBSYSTEM=="vc", KERNEL=="vcs*|vcsa*", GROUP="tty", SECLABEL{smack}="*" -KERNEL=="tty[A-Z]*[0-9]|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", GROUP="dialout", SECLABEL{smack}="*" - -SUBSYSTEM=="input", KERNEL=="mouse*|mice|event*", MODE="0640", SECLABEL{smack}="*" -SUBSYSTEM=="input", KERNEL=="ts[0-9]*|uinput", MODE="0640", SECLABEL{smack}="*" diff --git a/meta-security/recipes-core/smack-system-setup/files/systemd-journald.service.conf b/meta-security/recipes-core/smack-system-setup/files/systemd-journald.service.conf deleted file mode 100644 index 7035a1410..000000000 --- a/meta-security/recipes-core/smack-system-setup/files/systemd-journald.service.conf +++ /dev/null @@ -1,16 +0,0 @@ -# Run systemd-journald with the hat ("^") Smack label. -# -# The journal daemon needs global read access to gather information -# about the services spawned by systemd. The hat label is intended -# for this purpose. The journal daemon is the only part of the -# System domain that needs read access to the User domain. Giving -# the journal daemon the hat label means that we can remove the -# System domain's read access to the User domain and we can avoid -# hard-coding a specific label name for that domain. -# -# Original author: Casey Schaufler <casey@schaufler-ca.com> -# -# This is considered a configuration change and thus distro specific. -[Service] -SmackProcessLabel=^ - diff --git a/meta-security/recipes-core/smack-system-setup/files/systemd-tmpfiles-setup.service.conf b/meta-security/recipes-core/smack-system-setup/files/systemd-tmpfiles-setup.service.conf deleted file mode 100644 index db43c8c51..000000000 --- a/meta-security/recipes-core/smack-system-setup/files/systemd-tmpfiles-setup.service.conf +++ /dev/null @@ -1,2 +0,0 @@ -[Service] -ExecStartPost=/bin/sh -c '([ ! -d /var/tmp ] || chsmack -L -a \"*\" /var/tmp) && ([ ! -d /var/log ] || chsmack -L -a System::Log /var/log && chsmack -L -t /var/log)' diff --git a/meta-security/recipes-core/smack-system-setup/files/tmp.mount.conf b/meta-security/recipes-core/smack-system-setup/files/tmp.mount.conf deleted file mode 100644 index 388986e82..000000000 --- a/meta-security/recipes-core/smack-system-setup/files/tmp.mount.conf +++ /dev/null @@ -1,12 +0,0 @@ -# Mount /tmp publicly accessable. Based on patch by Michael Demeter <michael.demeter@intel.com>. -# Upstream systemd temporarily had SmackFileSystemRoot for this (https://github.com/systemd/systemd/pull/1664), -# but it was removed again (https://github.com/systemd/systemd/issues/1696) because -# util-linux mount will ignore smackfsroot when Smack is not active. However, -# busybox is not that intelligent. -# -# When using busybox mount, adding smackfsroot=* and booting without -# Smack (i.e. security=none), tmp.mount will fail with an error about -# "Bad mount option smackfsroot". -[Mount] -Options=smackfsroot=* - |