From f11a3e7653777ad4342e615f47ec4a5417a2fa96 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Wed, 12 Dec 2018 12:03:43 +0100 Subject: systemd: Refactor build using smack-system-setup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This changes introduces the new recipe meta-security/recipes-core/smack-system-setup/smack-system-setup_1.bb The purpose is to split the recipe of systemd in two parts: - A part specific to systemd and only systemd It actually includes Smack patches for systemd and a renaming of udev-rules. - A part more oriented on putting the system in order to run with Smack activated. At the end, it will probably save many rebuilds as systemd recipe will evolve less in relation with the setup of the system. As example, the udev rule file "55-udev-smack-default.rules" that setup udev rules specific to smack is no more brought by systemd but by smack-system-setup. Also at the same time, some cleanup and refactoring is done. Note that the ".bbappend" file for systemd is now fixed in version and is including a common file file that records the several known versions. No cleanup was made on the versioned patch for the sake of memory. The cleanup of the history is to be achieved later... Bug-AGL: SPEC-2045 Change-Id: Iacf772142a381729dfdbe98d133a3effc4d6cf68 Signed-off-by: José Bollo --- .../systemd/0001-Switch-Smack-label-earlier.patch | 52 ---------------------- .../recipes-core/systemd/systemd_234.bbappend | 6 --- 2 files changed, 58 deletions(-) delete mode 100644 meta-agl-profile-core/recipes-core/systemd/systemd/0001-Switch-Smack-label-earlier.patch delete mode 100644 meta-agl-profile-core/recipes-core/systemd/systemd_234.bbappend (limited to 'meta-agl-profile-core/recipes-core') diff --git a/meta-agl-profile-core/recipes-core/systemd/systemd/0001-Switch-Smack-label-earlier.patch b/meta-agl-profile-core/recipes-core/systemd/systemd/0001-Switch-Smack-label-earlier.patch deleted file mode 100644 index 46445be73..000000000 --- a/meta-agl-profile-core/recipes-core/systemd/systemd/0001-Switch-Smack-label-earlier.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 6cc74075797edb6f698cb7f312bb1c3d8cc6cb28 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jos=C3=A9=20Bollo?= -Date: Thu, 12 Oct 2017 17:17:56 +0200 -Subject: [PATCH] Switch Smack label earlier -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Switching label after removing capability isn't -possible. - -Change-Id: Ib7dac8f071f36119520ed3205d743c1e3df3cd5e -Signed-off-by: José Bollo ---- - src/core/execute.c | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/src/core/execute.c b/src/core/execute.c -index d72e5bf08..0abffd569 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -2707,6 +2707,13 @@ static int exec_child( - } - } - -+ r = setup_smack(context, command); -+ if (r < 0) { -+ *exit_status = EXIT_SMACK_PROCESS_LABEL; -+ *error_message = strdup("Failed to set SMACK process label"); -+ return r; -+ } -+ - if (!cap_test_all(context->capability_bounding_set)) { - r = capability_bounding_set_drop(context->capability_bounding_set, false); - if (r < 0) { -@@ -2775,13 +2782,6 @@ static int exec_child( - } - #endif - -- r = setup_smack(context, command); -- if (r < 0) { -- *exit_status = EXIT_SMACK_PROCESS_LABEL; -- *error_message = strdup("Failed to set SMACK process label"); -- return r; -- } -- - #ifdef HAVE_APPARMOR - if (context->apparmor_profile && mac_apparmor_use()) { - r = aa_change_onexec(context->apparmor_profile); --- -2.14.3 - diff --git a/meta-agl-profile-core/recipes-core/systemd/systemd_234.bbappend b/meta-agl-profile-core/recipes-core/systemd/systemd_234.bbappend deleted file mode 100644 index 4df7684d0..000000000 --- a/meta-agl-profile-core/recipes-core/systemd/systemd_234.bbappend +++ /dev/null @@ -1,6 +0,0 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" - -SRC_URI += "\ - file://0001-Switch-Smack-label-earlier.patch \ -" - -- cgit 1.2.3-korg