agl-basesystem

author: ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp> 2020-03-30 09:24:26 +0900
committer: ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp> 2020-03-30 09:24:26 +0900
commit: 5b80bfd7bffd4c20d80b7c70a7130529e9a755dd (patch)
tree: b4bb18dcd1487dbf1ea8127e5671b7bb2eded033 /meta-agl/meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch
parent: 706ad73eb02caf8532deaf5d38995bd258725cb8 (diff)
1 files changed, 237 insertions, 0 deletions
diff --git a/meta-agl/meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch b/meta-agl/meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch
new file mode 100644
index 00000000..e954c7f2
--- /dev/null
+++ b/meta-agl/meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch
@@ -0,0 +1,237 @@
+From ebde8e9fdba7bc1c8152f7e45c551030a36ece82 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
+Date: Thu, 25 Jan 2018 13:47:37 +0100
+Subject: [PATCH] Allow to tune sockets
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Allow to change the directory of sockets
+through a true integration of SOCKET_DIR
+
+Allow to override the socket's group of
+ - /run/cynara/cynara-agent.socket
+ - /run/cynara/cynara-monitor-get.socket
+
+through the newly defined variable CYNARA_ADMIN_SOCKET_GROUP
+
+Change-Id: I7d58854c328e948e3d6d7fa3fc00569fd08f8aef
+Signed-off-by: José Bollo <jose.bollo@iot.bzh>
+
+---
+ systemd/CMakeLists.txt               | 19 +++++++++++++++----
+ systemd/cynara-admin.socket          | 14 --------------
+ systemd/cynara-admin.socket.in       | 14 ++++++++++++++
+ systemd/cynara-agent.socket          | 15 ---------------
+ systemd/cynara-agent.socket.in       | 15 +++++++++++++++
+ systemd/cynara-monitor-get.socket    | 15 ---------------
+ systemd/cynara-monitor-get.socket.in | 15 +++++++++++++++
+ systemd/cynara.socket                | 14 --------------
+ systemd/cynara.socket.in             | 14 ++++++++++++++
+ 9 files changed, 73 insertions(+), 62 deletions(-)
+ delete mode 100644 systemd/cynara-admin.socket
+ create mode 100644 systemd/cynara-admin.socket.in
+ delete mode 100644 systemd/cynara-agent.socket
+ create mode 100644 systemd/cynara-agent.socket.in
+ delete mode 100644 systemd/cynara-monitor-get.socket
+ create mode 100644 systemd/cynara-monitor-get.socket.in
+ delete mode 100644 systemd/cynara.socket
+ create mode 100644 systemd/cynara.socket.in
+
+diff --git a/systemd/CMakeLists.txt b/systemd/CMakeLists.txt
+index 20accf0..1b75c12 100644
+--- a/systemd/CMakeLists.txt
++++ b/systemd/CMakeLists.txt
+@@ -16,13 +16,24 @@
+ # @author      Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
+ #
+ 
++SET(CYNARA_ADMIN_SOCKET_GROUP
++    "security_fw"
++    CACHE STRING
++    "Group to apply on administrative sockets")
++
++
++CONFIGURE_FILE(cynara.socket.in             cynara.socket @ONLY)
++CONFIGURE_FILE(cynara-admin.socket.in       cynara-admin.socket @ONLY)
++CONFIGURE_FILE(cynara-agent.socket.in       cynara-agent.socket @ONLY)
++CONFIGURE_FILE(cynara-monitor-get.socket.in cynara-monitor-get.socket @ONLY)
++
+ INSTALL(FILES
+     ${CMAKE_SOURCE_DIR}/systemd/cynara.service
+     ${CMAKE_SOURCE_DIR}/systemd/cynara.target
+-    ${CMAKE_SOURCE_DIR}/systemd/cynara.socket
+-    ${CMAKE_SOURCE_DIR}/systemd/cynara-admin.socket
+-    ${CMAKE_SOURCE_DIR}/systemd/cynara-agent.socket
+-    ${CMAKE_SOURCE_DIR}/systemd/cynara-monitor-get.socket
++    ${CMAKE_BINARY_DIR}/systemd/cynara.socket
++    ${CMAKE_BINARY_DIR}/systemd/cynara-admin.socket
++    ${CMAKE_BINARY_DIR}/systemd/cynara-agent.socket
++    ${CMAKE_BINARY_DIR}/systemd/cynara-monitor-get.socket
+     DESTINATION
+     ${SYSTEMD_UNIT_DIR}
+ )
+diff --git a/systemd/cynara-admin.socket b/systemd/cynara-admin.socket
+deleted file mode 100644
+index ed38386..0000000
+--- a/systemd/cynara-admin.socket
++++ /dev/null
+@@ -1,14 +0,0 @@
+-[Socket]
+-ListenStream=/run/cynara/cynara-admin.socket
+-SocketMode=0600
+-SmackLabelIPIn=@
+-SmackLabelIPOut=@
+-
+-Service=cynara.service
+-
+-[Unit]
+-Wants=cynara.target
+-Before=cynara.target
+-
+-[Install]
+-WantedBy=sockets.target
+diff --git a/systemd/cynara-admin.socket.in b/systemd/cynara-admin.socket.in
+new file mode 100644
+index 0000000..2364c3e
+--- /dev/null
++++ b/systemd/cynara-admin.socket.in
+@@ -0,0 +1,14 @@
++[Socket]
++ListenStream=@SOCKET_DIR@/cynara-admin.socket
++SocketMode=0600
++SmackLabelIPIn=@
++SmackLabelIPOut=@
++
++Service=cynara.service
++
++[Unit]
++Wants=cynara.target
++Before=cynara.target
++
++[Install]
++WantedBy=sockets.target
+diff --git a/systemd/cynara-agent.socket b/systemd/cynara-agent.socket
+deleted file mode 100644
+index 5a677e0..0000000
+--- a/systemd/cynara-agent.socket
++++ /dev/null
+@@ -1,15 +0,0 @@
+-[Socket]
+-ListenStream=/run/cynara/cynara-agent.socket
+-SocketGroup=security_fw
+-SocketMode=0060
+-SmackLabelIPIn=*
+-SmackLabelIPOut=@
+-
+-Service=cynara.service
+-
+-[Unit]
+-Wants=cynara.target
+-Before=cynara.target
+-
+-[Install]
+-WantedBy=sockets.target
+diff --git a/systemd/cynara-agent.socket.in b/systemd/cynara-agent.socket.in
+new file mode 100644
+index 0000000..4f86c9d
+--- /dev/null
++++ b/systemd/cynara-agent.socket.in
+@@ -0,0 +1,15 @@
++[Socket]
++ListenStream=@SOCKET_DIR@/cynara-agent.socket
++SocketGroup=@CYNARA_ADMIN_SOCKET_GROUP@
++SocketMode=0060
++SmackLabelIPIn=*
++SmackLabelIPOut=@
++
++Service=cynara.service
++
++[Unit]
++Wants=cynara.target
++Before=cynara.target
++
++[Install]
++WantedBy=sockets.target
+diff --git a/systemd/cynara-monitor-get.socket b/systemd/cynara-monitor-get.socket
+deleted file mode 100644
+index a50feeb..0000000
+--- a/systemd/cynara-monitor-get.socket
++++ /dev/null
+@@ -1,15 +0,0 @@
+-[Socket]
+-ListenStream=/run/cynara/cynara-monitor-get.socket
+-SocketGroup=security_fw
+-SocketMode=0060
+-SmackLabelIPIn=@
+-SmackLabelIPOut=@
+-
+-Service=cynara.service
+-
+-[Unit]
+-Wants=cynara.target
+-Before=cynara.target
+-
+-[Install]
+-WantedBy=sockets.target
+diff --git a/systemd/cynara-monitor-get.socket.in b/systemd/cynara-monitor-get.socket.in
+new file mode 100644
+index 0000000..b88dbf7
+--- /dev/null
++++ b/systemd/cynara-monitor-get.socket.in
+@@ -0,0 +1,15 @@
++[Socket]
++ListenStream=@SOCKET_DIR@/cynara-monitor-get.socket
++SocketGroup=@CYNARA_ADMIN_SOCKET_GROUP@
++SocketMode=0060
++SmackLabelIPIn=@
++SmackLabelIPOut=@
++
++Service=cynara.service
++
++[Unit]
++Wants=cynara.target
++Before=cynara.target
++
++[Install]
++WantedBy=sockets.target
+diff --git a/systemd/cynara.socket b/systemd/cynara.socket
+deleted file mode 100644
+index fad2745..0000000
+--- a/systemd/cynara.socket
++++ /dev/null
+@@ -1,14 +0,0 @@
+-[Socket]
+-ListenStream=/run/cynara/cynara.socket
+-SocketMode=0666
+-SmackLabelIPIn=*
+-SmackLabelIPOut=@
+-
+-Service=cynara.service
+-
+-[Unit]
+-Wants=cynara.target
+-Before=cynara.target
+-
+-[Install]
+-WantedBy=sockets.target
+diff --git a/systemd/cynara.socket.in b/systemd/cynara.socket.in
+new file mode 100644
+index 0000000..ba76549
+--- /dev/null
++++ b/systemd/cynara.socket.in
+@@ -0,0 +1,14 @@
++[Socket]
++ListenStream=@SOCKET_DIR@/cynara.socket
++SocketMode=0666
++SmackLabelIPIn=*
++SmackLabelIPOut=@
++
++Service=cynara.service
++
++[Unit]
++Wants=cynara.target
++Before=cynara.target
++
++[Install]
++WantedBy=sockets.target
author	ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp>	2020-03-30 09:24:26 +0900
committer	ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp>	2020-03-30 09:24:26 +0900
commit	5b80bfd7bffd4c20d80b7c70a7130529e9a755dd (patch)
tree	b4bb18dcd1487dbf1ea8127e5671b7bb2eded033 /meta-agl/meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch
parent	706ad73eb02caf8532deaf5d38995bd258725cb8 (diff)