From 98637b7b01106de98aacc2b531f92c0883b381ee Mon Sep 17 00:00:00 2001 From: José Bollo Date: Thu, 25 Jan 2018 16:39:28 +0100 Subject: cynara: upgrade to 0.14.10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: I33caaa8a435e0b36afff43c4199428ae9336d612 Signed-off-by: José Bollo --- .../cynara/cynara/0005-Allow-to-tune-sockets.patch | 127 +++++++++++++++++++++ 1 file changed, 127 insertions(+) create mode 100644 meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch (limited to 'meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch') diff --git a/meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch b/meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch new file mode 100644 index 000000000..b4a2d74e8 --- /dev/null +++ b/meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch @@ -0,0 +1,127 @@ +From d919b110a2fbccdce084c651f4d7d7de66f2f869 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Bollo?= +Date: Thu, 25 Jan 2018 13:47:37 +0100 +Subject: [PATCH 5/6] Allow to tune sockets +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Allow to change the directory of sockets +through a true integration of SOCKET_DIR + +Allow to override the socket's group of + - /run/cynara/cynara-agent.socket + - /run/cynara/cynara-monitor-get.socket + +through the newly defined variable CYNARA_ADMIN_SOCKET_GROUP + +Change-Id: I7d58854c328e948e3d6d7fa3fc00569fd08f8aef +Signed-off-by: José Bollo +--- + systemd/CMakeLists.txt | 19 +++++++++++++++---- + .../{cynara-admin.socket => cynara-admin.socket.in} | 2 +- + .../{cynara-agent.socket => cynara-agent.socket.in} | 4 ++-- + ...onitor-get.socket => cynara-monitor-get.socket.in} | 4 ++-- + systemd/{cynara.socket => cynara.socket.in} | 2 +- + 5 files changed, 21 insertions(+), 10 deletions(-) + rename systemd/{cynara-admin.socket => cynara-admin.socket.in} (78%) + rename systemd/{cynara-agent.socket => cynara-agent.socket.in} (66%) + rename systemd/{cynara-monitor-get.socket => cynara-monitor-get.socket.in} (64%) + rename systemd/{cynara.socket => cynara.socket.in} (80%) + +diff --git a/systemd/CMakeLists.txt b/systemd/CMakeLists.txt +index 20accf0..1b75c12 100644 +--- a/systemd/CMakeLists.txt ++++ b/systemd/CMakeLists.txt +@@ -16,13 +16,24 @@ + # @author Lukasz Wojciechowski + # + ++SET(CYNARA_ADMIN_SOCKET_GROUP ++ "security_fw" ++ CACHE STRING ++ "Group to apply on administrative sockets") ++ ++ ++CONFIGURE_FILE(cynara.socket.in cynara.socket @ONLY) ++CONFIGURE_FILE(cynara-admin.socket.in cynara-admin.socket @ONLY) ++CONFIGURE_FILE(cynara-agent.socket.in cynara-agent.socket @ONLY) ++CONFIGURE_FILE(cynara-monitor-get.socket.in cynara-monitor-get.socket @ONLY) ++ + INSTALL(FILES + ${CMAKE_SOURCE_DIR}/systemd/cynara.service + ${CMAKE_SOURCE_DIR}/systemd/cynara.target +- ${CMAKE_SOURCE_DIR}/systemd/cynara.socket +- ${CMAKE_SOURCE_DIR}/systemd/cynara-admin.socket +- ${CMAKE_SOURCE_DIR}/systemd/cynara-agent.socket +- ${CMAKE_SOURCE_DIR}/systemd/cynara-monitor-get.socket ++ ${CMAKE_BINARY_DIR}/systemd/cynara.socket ++ ${CMAKE_BINARY_DIR}/systemd/cynara-admin.socket ++ ${CMAKE_BINARY_DIR}/systemd/cynara-agent.socket ++ ${CMAKE_BINARY_DIR}/systemd/cynara-monitor-get.socket + DESTINATION + ${SYSTEMD_UNIT_DIR} + ) +diff --git a/systemd/cynara-admin.socket b/systemd/cynara-admin.socket.in +similarity index 78% +rename from systemd/cynara-admin.socket +rename to systemd/cynara-admin.socket.in +index ed38386..2364c3e 100644 +--- a/systemd/cynara-admin.socket ++++ b/systemd/cynara-admin.socket.in +@@ -1,5 +1,5 @@ + [Socket] +-ListenStream=/run/cynara/cynara-admin.socket ++ListenStream=@SOCKET_DIR@/cynara-admin.socket + SocketMode=0600 + SmackLabelIPIn=@ + SmackLabelIPOut=@ +diff --git a/systemd/cynara-agent.socket b/systemd/cynara-agent.socket.in +similarity index 66% +rename from systemd/cynara-agent.socket +rename to systemd/cynara-agent.socket.in +index 5a677e0..4f86c9d 100644 +--- a/systemd/cynara-agent.socket ++++ b/systemd/cynara-agent.socket.in +@@ -1,6 +1,6 @@ + [Socket] +-ListenStream=/run/cynara/cynara-agent.socket +-SocketGroup=security_fw ++ListenStream=@SOCKET_DIR@/cynara-agent.socket ++SocketGroup=@CYNARA_ADMIN_SOCKET_GROUP@ + SocketMode=0060 + SmackLabelIPIn=* + SmackLabelIPOut=@ +diff --git a/systemd/cynara-monitor-get.socket b/systemd/cynara-monitor-get.socket.in +similarity index 64% +rename from systemd/cynara-monitor-get.socket +rename to systemd/cynara-monitor-get.socket.in +index a50feeb..b88dbf7 100644 +--- a/systemd/cynara-monitor-get.socket ++++ b/systemd/cynara-monitor-get.socket.in +@@ -1,6 +1,6 @@ + [Socket] +-ListenStream=/run/cynara/cynara-monitor-get.socket +-SocketGroup=security_fw ++ListenStream=@SOCKET_DIR@/cynara-monitor-get.socket ++SocketGroup=@CYNARA_ADMIN_SOCKET_GROUP@ + SocketMode=0060 + SmackLabelIPIn=@ + SmackLabelIPOut=@ +diff --git a/systemd/cynara.socket b/systemd/cynara.socket.in +similarity index 80% +rename from systemd/cynara.socket +rename to systemd/cynara.socket.in +index fad2745..ba76549 100644 +--- a/systemd/cynara.socket ++++ b/systemd/cynara.socket.in +@@ -1,5 +1,5 @@ + [Socket] +-ListenStream=/run/cynara/cynara.socket ++ListenStream=@SOCKET_DIR@/cynara.socket + SocketMode=0666 + SmackLabelIPIn=* + SmackLabelIPOut=@ +-- +2.14.3 + -- cgit 1.2.3-korg