diff options
Diffstat (limited to 'meta-agl/meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch')
-rw-r--r-- | meta-agl/meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch | 237 |
1 files changed, 237 insertions, 0 deletions
diff --git a/meta-agl/meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch b/meta-agl/meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch new file mode 100644 index 00000000..e954c7f2 --- /dev/null +++ b/meta-agl/meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch @@ -0,0 +1,237 @@ +From ebde8e9fdba7bc1c8152f7e45c551030a36ece82 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh> +Date: Thu, 25 Jan 2018 13:47:37 +0100 +Subject: [PATCH] Allow to tune sockets +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Allow to change the directory of sockets +through a true integration of SOCKET_DIR + +Allow to override the socket's group of + - /run/cynara/cynara-agent.socket + - /run/cynara/cynara-monitor-get.socket + +through the newly defined variable CYNARA_ADMIN_SOCKET_GROUP + +Change-Id: I7d58854c328e948e3d6d7fa3fc00569fd08f8aef +Signed-off-by: José Bollo <jose.bollo@iot.bzh> + +--- + systemd/CMakeLists.txt | 19 +++++++++++++++---- + systemd/cynara-admin.socket | 14 -------------- + systemd/cynara-admin.socket.in | 14 ++++++++++++++ + systemd/cynara-agent.socket | 15 --------------- + systemd/cynara-agent.socket.in | 15 +++++++++++++++ + systemd/cynara-monitor-get.socket | 15 --------------- + systemd/cynara-monitor-get.socket.in | 15 +++++++++++++++ + systemd/cynara.socket | 14 -------------- + systemd/cynara.socket.in | 14 ++++++++++++++ + 9 files changed, 73 insertions(+), 62 deletions(-) + delete mode 100644 systemd/cynara-admin.socket + create mode 100644 systemd/cynara-admin.socket.in + delete mode 100644 systemd/cynara-agent.socket + create mode 100644 systemd/cynara-agent.socket.in + delete mode 100644 systemd/cynara-monitor-get.socket + create mode 100644 systemd/cynara-monitor-get.socket.in + delete mode 100644 systemd/cynara.socket + create mode 100644 systemd/cynara.socket.in + +diff --git a/systemd/CMakeLists.txt b/systemd/CMakeLists.txt +index 20accf0..1b75c12 100644 +--- a/systemd/CMakeLists.txt ++++ b/systemd/CMakeLists.txt +@@ -16,13 +16,24 @@ + # @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com> + # + ++SET(CYNARA_ADMIN_SOCKET_GROUP ++ "security_fw" ++ CACHE STRING ++ "Group to apply on administrative sockets") ++ ++ ++CONFIGURE_FILE(cynara.socket.in cynara.socket @ONLY) ++CONFIGURE_FILE(cynara-admin.socket.in cynara-admin.socket @ONLY) ++CONFIGURE_FILE(cynara-agent.socket.in cynara-agent.socket @ONLY) ++CONFIGURE_FILE(cynara-monitor-get.socket.in cynara-monitor-get.socket @ONLY) ++ + INSTALL(FILES + ${CMAKE_SOURCE_DIR}/systemd/cynara.service + ${CMAKE_SOURCE_DIR}/systemd/cynara.target +- ${CMAKE_SOURCE_DIR}/systemd/cynara.socket +- ${CMAKE_SOURCE_DIR}/systemd/cynara-admin.socket +- ${CMAKE_SOURCE_DIR}/systemd/cynara-agent.socket +- ${CMAKE_SOURCE_DIR}/systemd/cynara-monitor-get.socket ++ ${CMAKE_BINARY_DIR}/systemd/cynara.socket ++ ${CMAKE_BINARY_DIR}/systemd/cynara-admin.socket ++ ${CMAKE_BINARY_DIR}/systemd/cynara-agent.socket ++ ${CMAKE_BINARY_DIR}/systemd/cynara-monitor-get.socket + DESTINATION + ${SYSTEMD_UNIT_DIR} + ) +diff --git a/systemd/cynara-admin.socket b/systemd/cynara-admin.socket +deleted file mode 100644 +index ed38386..0000000 +--- a/systemd/cynara-admin.socket ++++ /dev/null +@@ -1,14 +0,0 @@ +-[Socket] +-ListenStream=/run/cynara/cynara-admin.socket +-SocketMode=0600 +-SmackLabelIPIn=@ +-SmackLabelIPOut=@ +- +-Service=cynara.service +- +-[Unit] +-Wants=cynara.target +-Before=cynara.target +- +-[Install] +-WantedBy=sockets.target +diff --git a/systemd/cynara-admin.socket.in b/systemd/cynara-admin.socket.in +new file mode 100644 +index 0000000..2364c3e +--- /dev/null ++++ b/systemd/cynara-admin.socket.in +@@ -0,0 +1,14 @@ ++[Socket] ++ListenStream=@SOCKET_DIR@/cynara-admin.socket ++SocketMode=0600 ++SmackLabelIPIn=@ ++SmackLabelIPOut=@ ++ ++Service=cynara.service ++ ++[Unit] ++Wants=cynara.target ++Before=cynara.target ++ ++[Install] ++WantedBy=sockets.target +diff --git a/systemd/cynara-agent.socket b/systemd/cynara-agent.socket +deleted file mode 100644 +index 5a677e0..0000000 +--- a/systemd/cynara-agent.socket ++++ /dev/null +@@ -1,15 +0,0 @@ +-[Socket] +-ListenStream=/run/cynara/cynara-agent.socket +-SocketGroup=security_fw +-SocketMode=0060 +-SmackLabelIPIn=* +-SmackLabelIPOut=@ +- +-Service=cynara.service +- +-[Unit] +-Wants=cynara.target +-Before=cynara.target +- +-[Install] +-WantedBy=sockets.target +diff --git a/systemd/cynara-agent.socket.in b/systemd/cynara-agent.socket.in +new file mode 100644 +index 0000000..4f86c9d +--- /dev/null ++++ b/systemd/cynara-agent.socket.in +@@ -0,0 +1,15 @@ ++[Socket] ++ListenStream=@SOCKET_DIR@/cynara-agent.socket ++SocketGroup=@CYNARA_ADMIN_SOCKET_GROUP@ ++SocketMode=0060 ++SmackLabelIPIn=* ++SmackLabelIPOut=@ ++ ++Service=cynara.service ++ ++[Unit] ++Wants=cynara.target ++Before=cynara.target ++ ++[Install] ++WantedBy=sockets.target +diff --git a/systemd/cynara-monitor-get.socket b/systemd/cynara-monitor-get.socket +deleted file mode 100644 +index a50feeb..0000000 +--- a/systemd/cynara-monitor-get.socket ++++ /dev/null +@@ -1,15 +0,0 @@ +-[Socket] +-ListenStream=/run/cynara/cynara-monitor-get.socket +-SocketGroup=security_fw +-SocketMode=0060 +-SmackLabelIPIn=@ +-SmackLabelIPOut=@ +- +-Service=cynara.service +- +-[Unit] +-Wants=cynara.target +-Before=cynara.target +- +-[Install] +-WantedBy=sockets.target +diff --git a/systemd/cynara-monitor-get.socket.in b/systemd/cynara-monitor-get.socket.in +new file mode 100644 +index 0000000..b88dbf7 +--- /dev/null ++++ b/systemd/cynara-monitor-get.socket.in +@@ -0,0 +1,15 @@ ++[Socket] ++ListenStream=@SOCKET_DIR@/cynara-monitor-get.socket ++SocketGroup=@CYNARA_ADMIN_SOCKET_GROUP@ ++SocketMode=0060 ++SmackLabelIPIn=@ ++SmackLabelIPOut=@ ++ ++Service=cynara.service ++ ++[Unit] ++Wants=cynara.target ++Before=cynara.target ++ ++[Install] ++WantedBy=sockets.target +diff --git a/systemd/cynara.socket b/systemd/cynara.socket +deleted file mode 100644 +index fad2745..0000000 +--- a/systemd/cynara.socket ++++ /dev/null +@@ -1,14 +0,0 @@ +-[Socket] +-ListenStream=/run/cynara/cynara.socket +-SocketMode=0666 +-SmackLabelIPIn=* +-SmackLabelIPOut=@ +- +-Service=cynara.service +- +-[Unit] +-Wants=cynara.target +-Before=cynara.target +- +-[Install] +-WantedBy=sockets.target +diff --git a/systemd/cynara.socket.in b/systemd/cynara.socket.in +new file mode 100644 +index 0000000..ba76549 +--- /dev/null ++++ b/systemd/cynara.socket.in +@@ -0,0 +1,14 @@ ++[Socket] ++ListenStream=@SOCKET_DIR@/cynara.socket ++SocketMode=0666 ++SmackLabelIPIn=* ++SmackLabelIPOut=@ ++ ++Service=cynara.service ++ ++[Unit] ++Wants=cynara.target ++Before=cynara.target ++ ++[Install] ++WantedBy=sockets.target |