summaryrefslogtreecommitdiffstats
path: root/meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch')
-rw-r--r--meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch127
1 files changed, 127 insertions, 0 deletions
diff --git a/meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch b/meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch
new file mode 100644
index 000000000..b4a2d74e8
--- /dev/null
+++ b/meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch
@@ -0,0 +1,127 @@
+From d919b110a2fbccdce084c651f4d7d7de66f2f869 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
+Date: Thu, 25 Jan 2018 13:47:37 +0100
+Subject: [PATCH 5/6] Allow to tune sockets
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Allow to change the directory of sockets
+through a true integration of SOCKET_DIR
+
+Allow to override the socket's group of
+ - /run/cynara/cynara-agent.socket
+ - /run/cynara/cynara-monitor-get.socket
+
+through the newly defined variable CYNARA_ADMIN_SOCKET_GROUP
+
+Change-Id: I7d58854c328e948e3d6d7fa3fc00569fd08f8aef
+Signed-off-by: José Bollo <jose.bollo@iot.bzh>
+---
+ systemd/CMakeLists.txt | 19 +++++++++++++++----
+ .../{cynara-admin.socket => cynara-admin.socket.in} | 2 +-
+ .../{cynara-agent.socket => cynara-agent.socket.in} | 4 ++--
+ ...onitor-get.socket => cynara-monitor-get.socket.in} | 4 ++--
+ systemd/{cynara.socket => cynara.socket.in} | 2 +-
+ 5 files changed, 21 insertions(+), 10 deletions(-)
+ rename systemd/{cynara-admin.socket => cynara-admin.socket.in} (78%)
+ rename systemd/{cynara-agent.socket => cynara-agent.socket.in} (66%)
+ rename systemd/{cynara-monitor-get.socket => cynara-monitor-get.socket.in} (64%)
+ rename systemd/{cynara.socket => cynara.socket.in} (80%)
+
+diff --git a/systemd/CMakeLists.txt b/systemd/CMakeLists.txt
+index 20accf0..1b75c12 100644
+--- a/systemd/CMakeLists.txt
++++ b/systemd/CMakeLists.txt
+@@ -16,13 +16,24 @@
+ # @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
+ #
+
++SET(CYNARA_ADMIN_SOCKET_GROUP
++ "security_fw"
++ CACHE STRING
++ "Group to apply on administrative sockets")
++
++
++CONFIGURE_FILE(cynara.socket.in cynara.socket @ONLY)
++CONFIGURE_FILE(cynara-admin.socket.in cynara-admin.socket @ONLY)
++CONFIGURE_FILE(cynara-agent.socket.in cynara-agent.socket @ONLY)
++CONFIGURE_FILE(cynara-monitor-get.socket.in cynara-monitor-get.socket @ONLY)
++
+ INSTALL(FILES
+ ${CMAKE_SOURCE_DIR}/systemd/cynara.service
+ ${CMAKE_SOURCE_DIR}/systemd/cynara.target
+- ${CMAKE_SOURCE_DIR}/systemd/cynara.socket
+- ${CMAKE_SOURCE_DIR}/systemd/cynara-admin.socket
+- ${CMAKE_SOURCE_DIR}/systemd/cynara-agent.socket
+- ${CMAKE_SOURCE_DIR}/systemd/cynara-monitor-get.socket
++ ${CMAKE_BINARY_DIR}/systemd/cynara.socket
++ ${CMAKE_BINARY_DIR}/systemd/cynara-admin.socket
++ ${CMAKE_BINARY_DIR}/systemd/cynara-agent.socket
++ ${CMAKE_BINARY_DIR}/systemd/cynara-monitor-get.socket
+ DESTINATION
+ ${SYSTEMD_UNIT_DIR}
+ )
+diff --git a/systemd/cynara-admin.socket b/systemd/cynara-admin.socket.in
+similarity index 78%
+rename from systemd/cynara-admin.socket
+rename to systemd/cynara-admin.socket.in
+index ed38386..2364c3e 100644
+--- a/systemd/cynara-admin.socket
++++ b/systemd/cynara-admin.socket.in
+@@ -1,5 +1,5 @@
+ [Socket]
+-ListenStream=/run/cynara/cynara-admin.socket
++ListenStream=@SOCKET_DIR@/cynara-admin.socket
+ SocketMode=0600
+ SmackLabelIPIn=@
+ SmackLabelIPOut=@
+diff --git a/systemd/cynara-agent.socket b/systemd/cynara-agent.socket.in
+similarity index 66%
+rename from systemd/cynara-agent.socket
+rename to systemd/cynara-agent.socket.in
+index 5a677e0..4f86c9d 100644
+--- a/systemd/cynara-agent.socket
++++ b/systemd/cynara-agent.socket.in
+@@ -1,6 +1,6 @@
+ [Socket]
+-ListenStream=/run/cynara/cynara-agent.socket
+-SocketGroup=security_fw
++ListenStream=@SOCKET_DIR@/cynara-agent.socket
++SocketGroup=@CYNARA_ADMIN_SOCKET_GROUP@
+ SocketMode=0060
+ SmackLabelIPIn=*
+ SmackLabelIPOut=@
+diff --git a/systemd/cynara-monitor-get.socket b/systemd/cynara-monitor-get.socket.in
+similarity index 64%
+rename from systemd/cynara-monitor-get.socket
+rename to systemd/cynara-monitor-get.socket.in
+index a50feeb..b88dbf7 100644
+--- a/systemd/cynara-monitor-get.socket
++++ b/systemd/cynara-monitor-get.socket.in
+@@ -1,6 +1,6 @@
+ [Socket]
+-ListenStream=/run/cynara/cynara-monitor-get.socket
+-SocketGroup=security_fw
++ListenStream=@SOCKET_DIR@/cynara-monitor-get.socket
++SocketGroup=@CYNARA_ADMIN_SOCKET_GROUP@
+ SocketMode=0060
+ SmackLabelIPIn=@
+ SmackLabelIPOut=@
+diff --git a/systemd/cynara.socket b/systemd/cynara.socket.in
+similarity index 80%
+rename from systemd/cynara.socket
+rename to systemd/cynara.socket.in
+index fad2745..ba76549 100644
+--- a/systemd/cynara.socket
++++ b/systemd/cynara.socket.in
+@@ -1,5 +1,5 @@
+ [Socket]
+-ListenStream=/run/cynara/cynara.socket
++ListenStream=@SOCKET_DIR@/cynara.socket
+ SocketMode=0666
+ SmackLabelIPIn=*
+ SmackLabelIPOut=@
+--
+2.14.3
+