GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/patches/686676/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 686676,
    "url": "http://patchwork.ozlabs.org/api/patches/686676/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/buildroot/patch/1477423570-15694-7-git-send-email-bryce.ferguson@rockwellcollins.com/",
    "project": {
        "id": 27,
        "url": "http://patchwork.ozlabs.org/api/projects/27/?format=api",
        "name": "Buildroot development",
        "link_name": "buildroot",
        "list_id": "buildroot.buildroot.org",
        "list_email": "buildroot@buildroot.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": "",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<1477423570-15694-7-git-send-email-bryce.ferguson@rockwellcollins.com>",
    "list_archive_url": null,
    "date": "2016-10-25T19:26:09",
    "name": "[v13,7/8] qemu x86 selinux: added common selinux support files",
    "commit_ref": null,
    "pull_url": null,
    "state": "superseded",
    "archived": false,
    "hash": "80da9399cf1d4f0a3135bc9763c5b9ce89aadab2",
    "submitter": {
        "id": 70083,
        "url": "http://patchwork.ozlabs.org/api/people/70083/?format=api",
        "name": "Bryce Ferguson",
        "email": "bryce.ferguson@rockwellcollins.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/buildroot/patch/1477423570-15694-7-git-send-email-bryce.ferguson@rockwellcollins.com/mbox/",
    "series": [],
    "comments": "http://patchwork.ozlabs.org/api/patches/686676/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/686676/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<buildroot-bounces@busybox.net>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "buildroot@lists.busybox.net"
        ],
        "Delivered-To": [
            "patchwork-incoming@bilbo.ozlabs.org",
            "buildroot@osuosl.org"
        ],
        "Received": [
            "from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3t3NTp4MbYz9sD6\n\tfor <incoming@patchwork.ozlabs.org>;\n\tWed, 26 Oct 2016 06:27:58 +1100 (AEDT)",
            "from localhost (localhost [127.0.0.1])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id 9DCCC91EFC;\n\tTue, 25 Oct 2016 19:27:54 +0000 (UTC)",
            "from whitealder.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id djUOLLG30eid; Tue, 25 Oct 2016 19:27:45 +0000 (UTC)",
            "from ash.osuosl.org (ash.osuosl.org [140.211.166.34])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id 54A2292040;\n\tTue, 25 Oct 2016 19:26:49 +0000 (UTC)",
            "from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])\n\tby ash.osuosl.org (Postfix) with ESMTP id 422D41C1E97\n\tfor <buildroot@lists.busybox.net>;\n\tTue, 25 Oct 2016 19:26:36 +0000 (UTC)",
            "from localhost (localhost [127.0.0.1])\n\tby hemlock.osuosl.org (Postfix) with ESMTP id 314618AD85\n\tfor <buildroot@lists.busybox.net>;\n\tTue, 25 Oct 2016 19:26:36 +0000 (UTC)",
            "from hemlock.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id 3y5vrXGdgMT0 for <buildroot@lists.busybox.net>;\n\tTue, 25 Oct 2016 19:26:35 +0000 (UTC)",
            "from secvs02.rockwellcollins.com (secvs02.rockwellcollins.com\n\t[205.175.225.241])\n\tby hemlock.osuosl.org (Postfix) with ESMTPS id EB81C8AD5F\n\tfor <buildroot@buildroot.org>; Tue, 25 Oct 2016 19:26:34 +0000 (UTC)",
            "from ofwgwc03.rockwellcollins.com (HELO\n\tdtulimr01.rockwellcollins.com) ([205.175.225.12])\n\tby secvs02.rockwellcollins.com with ESMTP; 25 Oct 2016 14:26:33 -0500"
        ],
        "X-Virus-Scanned": [
            "amavisd-new at osuosl.org",
            "amavisd-new at osuosl.org"
        ],
        "X-Greylist": "domain auto-whitelisted by SQLgrey-1.7.6",
        "X-Received": "from largo.rockwellcollins.com (unknown [192.168.140.76])\n\tby dtulimr01.rockwellcollins.com (Postfix) with ESMTP id 5C3B4601D8; \n\tTue, 25 Oct 2016 14:26:33 -0500 (CDT)",
        "From": "Bryce Ferguson <bryce.ferguson@rockwellcollins.com>",
        "To": "buildroot@buildroot.org",
        "Date": "Tue, 25 Oct 2016 14:26:09 -0500",
        "Message-Id": "<1477423570-15694-7-git-send-email-bryce.ferguson@rockwellcollins.com>",
        "X-Mailer": "git-send-email 1.9.1",
        "In-Reply-To": "<1477423570-15694-1-git-send-email-bryce.ferguson@rockwellcollins.com>",
        "References": "<1477423570-15694-1-git-send-email-bryce.ferguson@rockwellcollins.com>",
        "Cc": "Bryce Ferguson <bryce.ferguson@rockwellcollins.com>,\n\tNiranjan Reddy <niranjan.reddy@rockwellcollins.com>",
        "Subject": "[Buildroot] [PATCH v13 7/8] qemu x86 selinux: added common selinux\n\tsupport files",
        "X-BeenThere": "buildroot@busybox.net",
        "X-Mailman-Version": "2.1.18-1",
        "Precedence": "list",
        "List-Id": "Discussion and development of buildroot <buildroot.busybox.net>",
        "List-Unsubscribe": "<http://lists.busybox.net/mailman/options/buildroot>,\n\t<mailto:buildroot-request@busybox.net?subject=unsubscribe>",
        "List-Archive": "<http://lists.busybox.net/pipermail/buildroot/>",
        "List-Post": "<mailto:buildroot@busybox.net>",
        "List-Help": "<mailto:buildroot-request@busybox.net?subject=help>",
        "List-Subscribe": "<http://lists.busybox.net/mailman/listinfo/buildroot>,\n\t<mailto:buildroot-request@busybox.net?subject=subscribe>",
        "MIME-Version": "1.0",
        "Content-Type": "text/plain; charset=\"us-ascii\"",
        "Content-Transfer-Encoding": "7bit",
        "Errors-To": "buildroot-bounces@busybox.net",
        "Sender": "\"buildroot\" <buildroot-bounces@busybox.net>"
    },
    "content": "From: Matt Weber <matthew.weber@rockwellcollins.com>\n\nAdd a default busybox SELinux config which disables init and uses\nsysvinit. Add base skeleton with inittab and fstab tailored to selinux\nAdd base skeleton audit configuration (didn't seem to merit being\nthe package default).\n\nSigned-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>\nSigned-off-by: Niranjan Reddy <niranjan.reddy@rockwellcollins.com>\nSigned-off-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com>\n\n---\nChanges v12 -> v13:\n  - Converted busybox config to fragment config (busybox-selinux-fragment.config)\n\nChanges v11 -> v12:\n  - No changes\n\nChanges v10 -> v11:\n  - Added defconfig selinux specific file overlay and busybox config files to this patch as these are\n    introduced in this patch (Suggested by Thomas).\n\nChanges v9 -> v10:\n  - No changes\n\nChanges v8 -> v9:\n  - No changes\n\nChanges v7 -> v8:\n  - No changes\n\nChanges v6 -> v7:\n  - No changes\n\nChanges v5 -> v6:\n  - No changes\n\nChanges v4 -> v5:\n - Update the selinux busybox config to the latest version of busybox\n    (Clayton S.)\n\nChanges v1 -> v4:\n  - Did not exist\n---\n .../common_selinux/busybox-selinux-fragment.config | 32 ++++++++++++++++++++++\n board/common_selinux/post_build.sh                 | 30 ++++++++++++++++++++\n .../common_selinux/skeleton/etc/audit/auditd.conf  | 32 ++++++++++++++++++++++\n .../skeleton/etc/audit/rules.d/audit.rules         |  3 ++\n board/common_selinux/skeleton/etc/fstab            | 15 ++++++++++\n board/common_selinux/skeleton/etc/inittab          | 29 ++++++++++++++++++++\n board/common_selinux/skeleton_permissions.txt      | 26 ++++++++++++++++++\n configs/qemu_x86_selinux_defconfig                 | 10 +++++++\n 8 files changed, 177 insertions(+)\n create mode 100644 board/common_selinux/busybox-selinux-fragment.config\n create mode 100755 board/common_selinux/post_build.sh\n create mode 100644 board/common_selinux/skeleton/etc/audit/auditd.conf\n create mode 100644 board/common_selinux/skeleton/etc/audit/rules.d/audit.rules\n create mode 100755 board/common_selinux/skeleton/etc/fstab\n create mode 100755 board/common_selinux/skeleton/etc/inittab\n create mode 100755 board/common_selinux/skeleton_permissions.txt",
    "diff": "diff --git a/board/common_selinux/busybox-selinux-fragment.config b/board/common_selinux/busybox-selinux-fragment.config\nnew file mode 100644\nindex 0000000..7222fac\n--- /dev/null\n+++ b/board/common_selinux/busybox-selinux-fragment.config\n@@ -0,0 +1,32 @@\n+CONFIG_BUILD_LIBBUSYBOX=y\n+CONFIG_CHCON=y\n+CONFIG_DEFAULT_DEPMOD_FILE=\"\"\n+CONFIG_DEFAULT_MODULES_DIR=\"\"\n+CONFIG_FATATTR=y\n+CONFIG_FEATURE_BASH_IS_ASH=y\n+CONFIG_FEATURE_CHCON_LONG_OPTIONS=y\n+CONFIG_FEATURE_DEFAULT_PASSWD_ALGO=\"\"\n+CONFIG_FEATURE_FIND_INUM=y\n+CONFIG_FEATURE_HAVE_RPC=y\n+CONFIG_FEATURE_INDIVIDUAL=y\n+CONFIG_FEATURE_LAST_SMALL=y\n+CONFIG_FEATURE_MOUNT_HELPERS=y\n+CONFIG_FEATURE_MOUNT_LABEL=y\n+CONFIG_FEATURE_MOUNT_NFS=y\n+CONFIG_FEATURE_MOUNT_VERBOSE=y\n+CONFIG_FEATURE_RUNCON_LONG_OPTIONS=y\n+CONFIG_FEATURE_SWAPON_DISCARD=y\n+CONFIG_FEATURE_SYSLOGD_READ_BUFFER_SIZE=0\n+CONFIG_FEATURE_TAR_SELINUX=y\n+CONFIG_FEATURE_TOUCH_NODEREF=y\n+CONFIG_FIRST_SYSTEM_ID=0\n+CONFIG_GROUPS=y\n+CONFIG_INIT_TERMINAL_TYPE=\"\"\n+CONFIG_LAST_ID=0\n+CONFIG_LAST_SYSTEM_ID=0\n+CONFIG_PAM=y\n+CONFIG_RUNCON=y\n+CONFIG_SELINUXENABLED=y\n+CONFIG_SELINUX=y\n+CONFIG_SHUF=y\n+CONFIG_USERS=y\ndiff --git a/board/common_selinux/post_build.sh b/board/common_selinux/post_build.sh\nnew file mode 100755\nindex 0000000..3509de9\n--- /dev/null\n+++ b/board/common_selinux/post_build.sh\n@@ -0,0 +1,30 @@\n+#!/bin/bash\n+################################################################################\n+#\n+# DESCRIPTION:\n+#     This script will do any \"post-build\" steps (after all packages are built\n+#     but before image creation). Any filesystem permission issues should be\n+#     fixed in this script.\n+#\n+#     The script requires following variables to be passed into it.\n+#        $1 - the target directory (passed in by default by buildroot if\n+#             script is BR2_ROOTFS_POST_BUILD_SCRIPT)\n+#\n+################################################################################\n+\n+DEST_DIR=$1\n+\n+# For SELinux targets, the /var directory symlinks need to be removed\n+# and replaced with actual folders. The removal is done here and the\n+# recreation is done in the permissions file for the common_selinux\n+# local_skeleton\n+for link in ${DEST_DIR}/var/{cache,lock,log,run,spool,tmp} ${DEST_DIR}/var/lib/misc; do\n+\tif [ -h ${link} ]; then\n+\t\techo \"Removing symlink ${link}\"\n+\t\tunlink ${link}\n+\tfi\n+done\n+\n+# Replace the /run folder with a symlink to /var/run\n+rm -rf ${DEST_DIR}/run\n+ln -sf -t ${DEST_DIR} run var/run\ndiff --git a/board/common_selinux/skeleton/etc/audit/auditd.conf b/board/common_selinux/skeleton/etc/audit/auditd.conf\nnew file mode 100644\nindex 0000000..039b7f0\n--- /dev/null\n+++ b/board/common_selinux/skeleton/etc/audit/auditd.conf\n@@ -0,0 +1,32 @@\n+#\n+# This file controls the configuration of the audit daemon\n+#\n+\n+log_file = /var/log/audit/audit.log\n+log_format = RAW\n+log_group = root\n+priority_boost = 4\n+flush = INCREMENTAL\n+freq = 20\n+num_logs = 5\n+disp_qos = lossy\n+dispatcher = /usr/sbin/audispd\n+name_format = NONE\n+##name = mydomain\n+max_log_file = 6 \n+max_log_file_action = ROTATE\n+space_left = 75\n+space_left_action = IGNORE\n+action_mail_acct = root\n+admin_space_left = 50\n+admin_space_left_action = IGNORE\n+disk_full_action = IGNORE\n+disk_error_action = IGNORE\n+##tcp_listen_port = \n+tcp_listen_queue = 5\n+tcp_max_per_addr = 1\n+##tcp_client_ports = 1024-65535\n+tcp_client_max_idle = 0\n+enable_krb5 = no\n+krb5_principal = auditd\n+##krb5_key_file = /etc/audit/audit.key\ndiff --git a/board/common_selinux/skeleton/etc/audit/rules.d/audit.rules b/board/common_selinux/skeleton/etc/audit/rules.d/audit.rules\nnew file mode 100644\nindex 0000000..7c90606\n--- /dev/null\n+++ b/board/common_selinux/skeleton/etc/audit/rules.d/audit.rules\n@@ -0,0 +1,3 @@\n+-D\n+-b 1024\n+-e 2\ndiff --git a/board/common_selinux/skeleton/etc/fstab b/board/common_selinux/skeleton/etc/fstab\nnew file mode 100755\nindex 0000000..d772349\n--- /dev/null\n+++ b/board/common_selinux/skeleton/etc/fstab\n@@ -0,0 +1,15 @@\n+# /etc/fstab: static file system information.\n+#\n+# <file system> <mount pt>     <type>    <options>                      <dump> <pass>\n+/dev/root       /              ext3      rw,noauto                       0      1\n+proc            /proc          proc      defaults                        0      0\n+devpts          /dev/pts       devpts    defaults,gid=5,mode=620         0      0\n+tmpfs           /dev/shm       tmpfs     mode=0700,nodev,nosuid,noexec,size=1M    0      0\n+tmpfs           /tmp           tmpfs     mode=0700,nodev,nosuid,noexec,size=200M  0      0\n+tmpfs           /var/cache     tmpfs     mode=0700,nodev,nosuid,noexec,size=1M    0      0\n+tmpfs           /var/lock      tmpfs     mode=0700,nodev,nosuid,noexec,size=1M    0      0\n+tmpfs           /var/log       tmpfs     mode=0700,nodev,nosuid,noexec,size=50M   0      0\n+tmpfs           /var/run       tmpfs     mode=0700,nodev,nosuid,noexec,size=1M    0      0\n+tmpfs           /var/spool     tmpfs     mode=0700,nodev,nosuid,noexec,size=1M    0      0\n+sysfs           /sys           sysfs     defaults                 0      0\n+none            /selinux       selinuxfs noauto                   0      0\ndiff --git a/board/common_selinux/skeleton/etc/inittab b/board/common_selinux/skeleton/etc/inittab\nnew file mode 100755\nindex 0000000..05e05b2\n--- /dev/null\n+++ b/board/common_selinux/skeleton/etc/inittab\n@@ -0,0 +1,29 @@\n+# /etc/inittab\n+#\n+# This inittab is a basic inittab sample for sysvinit, which mimics\n+# Buildroot's default inittab for BusyBox.\n+id:1:initdefault:\n+\n+proc::sysinit:/bin/mount -t proc proc /proc\n+sysf::sysinit:/bin/mount -t sysfs sysfs /sys\n+dpts::sysinit:/bin/mkdir -p /dev/pts -Z `matchpathcon -n /dev/pts`\n+dshm::sysinit:/bin/mkdir -p /dev/shm -Z `matchpathcon -n /dev/shm`\n+mpts::sysinit:/bin/mkdir -p /dev/pts\n+mshm::sysinit:/bin/mkdir -p /dev/shm\n+fsck::sysinit:/sbin/fsck -ARy\n+moun::sysinit:/bin/mount -a\n+host::sysinit:/bin/hostname -F /etc/hostname\n+\n+# now run any rc scripts\n+init::bootwait:/etc/init.d/rcS\n+\n+S0::respawn:/sbin/getty -L  ttyS0 115200 vt100 # GENERIC_SERIAL\n+\n+# Stuff to do before rebooting\n+shd0:06:wait:/etc/init.d/rcK\n+shd1:06:wait:/sbin/swapoff -a\n+shd2:06:wait:/bin/umount -a -r\n+\n+# The usual halt or reboot actions\n+lt0:0:wait:/sbin/halt -dhp\n+reb0:6:wait:/sbin/reboot\ndiff --git a/board/common_selinux/skeleton_permissions.txt b/board/common_selinux/skeleton_permissions.txt\nnew file mode 100755\nindex 0000000..374adbc\n--- /dev/null\n+++ b/board/common_selinux/skeleton_permissions.txt\n@@ -0,0 +1,26 @@\n+################################################################################\n+#\n+# See <buildroot-source>/package/makedevs/README for details\n+#\n+# This device table is used to assign proper ownership and permissions\n+# on the files in the local-skeleton directory. It doesn't create any device\n+# file, as it is used in both static device configurations (where /dev/ is static)\n+# and in dynamic configurations (where devtmpfs, mdev or udev are used).\n+#\n+# <name>\t\t\t\t<type>\t<mode>\t<uid>\t<gid>\t<major>\t<minor>\t<start>\t<inc>\t<count>\n+\n+# All the necessary file permissions for /etc\n+/etc/audit/auditd.conf\t\t\tf\t644\t0\t0\t-\t-\t-\t-\t-\n+/etc/audit/rules.d/audit.rules\t\tf\t644\t0\t0\t-\t-\t-\t-\t-\n+/etc/fstab\t\t\t\tf\t644\t0\t0\t-\t-\t-\t-\t-\n+/etc/inittab\t\t\t\tf\t644\t0\t0\t-\t-\t-\t-\t-\n+\n+# Setup entries for all of the /var/* directories that need proper\n+# mount points\n+/var/cache\t\t\t\td\t755\t0\t0\t-\t-\t-\t-\t-\n+/var/lib/misc\t\t\t\td\t755\t0\t0\t-\t-\t-\t-\t-\n+/var/lock\t\t\t\td\t755\t0\t0\t-\t-\t-\t-\t-\n+/var/log\t\t\t\td\t755\t0\t0\t-\t-\t-\t-\t-\n+/var/run\t\t\t\td\t755\t0\t0\t-\t-\t-\t-\t-\n+/var/spool\t\t\t\td\t755\t0\t0\t-\t-\t-\t-\t-\n+/var/tmp\t\t\t\td\t755\t0\t0\t-\t-\t-\t-\t-\ndiff --git a/configs/qemu_x86_selinux_defconfig b/configs/qemu_x86_selinux_defconfig\nindex ebfe4ca..54e9142 100644\n--- a/configs/qemu_x86_selinux_defconfig\n+++ b/configs/qemu_x86_selinux_defconfig\n@@ -17,6 +17,16 @@ BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y\n BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE=\"board/qemu/x86/linux-4.8.config\"\n BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES=\"board/qemu/x86/linux-4.x-selinux.config\"\n \n+# Customized busybox config providing a tailored\n+# balance of applets vs full apps\n+BR2_PACKAGE_BUSYBOX_CONFIG_FRAGMENT_FILES=\"board/common_selinux/busybox-selinux-fragment.config\"\n+\n+# Pull in SELinux specific file overlay to allow login\n+# in enforcing mode.\n+BR2_ROOTFS_DEVICE_TABLE=\"system/device_table.txt board/common_selinux/skeleton_permissions.txt\"\n+BR2_ROOTFS_OVERLAY=\"board/common_selinux/skeleton\"\n+BR2_ROOTFS_POST_BUILD_SCRIPT=\"board/common_selinux/post_build.sh\"\n+\n # Ensure busybox is built as individual binaries for the\n # SELinux refpolicy to work correctly\n BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES=y\n",
    "prefixes": [
        "v13",
        "7/8"
    ]
}